----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58337/#review171721 ----------------------------------------------------------- Patch looks great! Reviews applied: [58337] Passed command: export OS='ubuntu:14.04' BUILDTOOL='autotools' COMPILER='gcc' CONFIGURATION='--verbose' ENVIRONMENT='GLOG_v=1 MESOS_VERBOSE=1'; ./support/docker-build.sh - Mesos Reviewbot On April 12, 2017, 4:17 a.m., Zhongbo Tian wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58337/ > ----------------------------------------------------------- > > (Updated April 12, 2017, 4:17 a.m.) > > > Review request for mesos and haosdent huang. > > > Bugs: MESOS-6791 > https://issues.apache.org/jira/browse/MESOS-6791 > > > Repository: mesos > > > Description > ------- > > Add allowed devices whitelist for cgroups/devices isolator. > > > Diffs > ----- > > src/slave/containerizer/mesos/isolators/cgroups/subsystems/devices.hpp ca2727142a9f257168f3cae0958f7b4665b63cf6 > src/slave/containerizer/mesos/isolators/cgroups/subsystems/devices.cpp 9b5cf83093796b0c0cc5057b612f80bc8b8ba72f > src/slave/flags.hpp 171f67e44518e858049d002fcf037715021da265 > src/slave/flags.cpp 9365da2c8462a4375a99a86210b9d6ec628510fe > > > Diff: https://reviews.apache.org/r/58337/diff/3/ > > > Testing > ------- > > For simple test: > > - Launch without additional devices: > 1. Start agent with `sudo mesos-agent --master=127.0.0.1:5050 --work_dir=/tmp/mesos --isolation=cgroups/devices` > 2. try open `/dev/rtc0` and failed with permission denied. `sudo mesos-execute --master=127.0.0.1:5050 --name=test --command="head -c 0 /dev/rtc0"` > > > - Launch with additional devices: > 1. Start agent with `sudo mesos-agent --master=127.0.0.1:5050 --work_dir=/tmp/mesos --isolation=cgroups/devices --cgroups_allowed_devices='{"devices":[{"path":"/dev/rtc0", "mknod_access":true, "read_access":true, "write_access":true}]}'` > 2. open `/dev/rtc0` successfully. `sudo mesos-execute --master=127.0.0.1:5050 --name=test --command="head -c 0 /dev/rtc0"` > > > Thanks, > > Zhongbo Tian > >