mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Peach <jpe...@apache.org>
Subject Review Request 59185: Add ambient capability support.
Date Thu, 11 May 2017 16:44:50 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59185/
-----------------------------------------------------------

Review request for mesos, Benjamin Bannier and Jie Yu.


Bugs: MESOS-7476
    https://issues.apache.org/jira/browse/MESOS-7476


Repository: mesos


Description
-------

In the absence of ambient capabilities, capabilities in the
effective set do not survive across execve(2). This means
that tasks attempting to make use of the LinuxInfo capability
support also need to ensure that file capabilities are set on
the file that is ultimately executed. Supporting ambient
capabilities allows the effective capabilities to survive
execve(2), so it is now possible to launch a task with limited
privilege elevations.


Diffs
-----

  src/linux/capabilities.hpp 5fa3799948f8ac4bcaeaa89f91d7d090e426c5a6 
  src/linux/capabilities.cpp 7aa8c352def644468e8c9041a2fe4319f313b09b 
  src/slave/containerizer/mesos/launch.cpp 2835beff9dbfa7f2a1cac306a58e2b1d66c14342 
  src/tests/containerizer/capabilities_tests.cpp 15a85cab87c28402eeb2bfbc751c8c77bf4c14f5



Diff: https://reviews.apache.org/r/59185/diff/1/


Testing
-------

make check (Fedora 25)


Thanks,

James Peach


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message