mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Peach <jpe...@apache.org>
Subject Re: Review Request 59553: Add ambient capabilities to launched tasks.
Date Mon, 05 Jun 2017 16:51:39 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59553/
-----------------------------------------------------------

(Updated June 5, 2017, 4:51 p.m.)


Review request for mesos, Jie Yu and Jiang Yan Xu.


Changes
-------

Rebased.


Bugs: MESOS-7477
    https://issues.apache.org/jira/browse/MESOS-7477


Repository: mesos


Description
-------

In the absence of ambient capabilities, capabilities in the
effective set do not survive across execve(2). This means
that tasks attempting to make use of the LinuxInfo capability
support also need to ensure that file capabilities are set on
the file that is ultimately executed. Supporting ambient
capabilities allows the effective capabilities to survive
execve(2), so it is now possible to launch a task with limited
privilege elevations.


Diffs (updated)
-----

  src/slave/containerizer/mesos/launch.cpp f48d294a0a832dfe248c4a83849ee5a63cb76bce 


Diff: https://reviews.apache.org/r/59553/diff/2/

Changes: https://reviews.apache.org/r/59553/diff/1-2/


Testing
-------

make check (Fedora 25)


Thanks,

James Peach


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message