mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Budnik <abud...@mesosphere.com>
Subject Re: Review Request 68016: Added libseccomp to the build.
Date Thu, 27 Dec 2018 13:24:27 GMT


> On Dec. 25, 2018, 8:34 a.m., Qian Zhang wrote:
> > cmake/CompilationConfigure.cmake
> > Lines 449-452 (original), 449-452 (patched)
> > <https://reviews.apache.org/r/68016/diff/10-12/?file=2114531#file2114531line449>
> >
> >     Do we need to check the required headers/libs (like below) after this?
> >     ```
> >       if (ENABLE_SECCOMP_ISOLATOR)
> >         # Check for required headers and libraries.
> >         
> >         message(FATAL_ERROR
> >           "The seccomp isolator is not yet supported, see MESOS-9029.")
> >       endif ()
> >     ```

We check for headers/libs in `3rdpart/CMakeLists.txt` using `find_package(LIBSECCOMP REQUIRED)`,
so we don't need to check it here.


- Andrei


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68016/#review211531
-----------------------------------------------------------


On Nov. 8, 2018, 3:23 p.m., Andrei Budnik wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68016/
> -----------------------------------------------------------
> 
> (Updated Nov. 8, 2018, 3:23 p.m.)
> 
> 
> Review request for mesos, Andrew Schwartzmeyer, Gilbert Song, Jie Yu, James Peach, and
Qian Zhang.
> 
> 
> Bugs: MESOS-9032
>     https://issues.apache.org/jira/browse/MESOS-9032
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This library is needed to implement Seccomp syscall filtering in the
> Mesos containerizer. This patch introduces `seccomp-isolator` build
> flag, which is used to include or exclude sources related to Seccomp
> from the build. Since Seccomp is a Linux-specific feature, the flag
> is disabled by default. Enabling `seccomp-isolator` means either:
> 
> 1. Compiling and linking against the bundled version of libseccomp from
>    sources (default).
> 
> 2. Linking against the libseccomp installed in the OS,
>    if `--with-libseccomp` build flag is provided.
> 
> 
> Diffs
> -----
> 
>   3rdparty/CMakeLists.txt 703808d063e4bba58f647b5d48b78724003bcc4e 
>   3rdparty/Makefile.am a14216cf98f6638da06aa3dfc49e6b319fea7f87 
>   3rdparty/cmake/FindLIBSECCOMP.cmake PRE-CREATION 
>   3rdparty/cmake/Versions.cmake 69fc594ec5ba2887b20b88ec0767a5d801411411 
>   3rdparty/versions.am 99ef92087f6958d83ba415e84db5cbbb0c597573 
>   cmake/CompilationConfigure.cmake 2485a8a580dcc2ad9b026e389b6525ef3a19f98e 
>   configure.ac 6778f119570def1838e26cddf7b0192bfe6e37d4 
>   src/CMakeLists.txt bde070445b644e15d46c390d1c983caabaa1fec8 
>   src/Makefile.am 7a4904a3d67479267087fd2313a263d8218843fa 
>   src/python/native_common/ext_modules.py.in 1f2e6c131d18e3e2fbc2e865c4698c83e73b87ba

> 
> 
> Diff: https://reviews.apache.org/r/68016/diff/13/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Andrei Budnik
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message