mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Budnik <abud...@mesosphere.com>
Subject Re: Review Request 69493: Documented the `linux/seccomp` isolator.
Date Fri, 25 Jan 2019 13:44:05 GMT


> On Jan. 25, 2019, 10 a.m., Gilbert Song wrote:
> > Mesos is not responsible for packaging, which means that Mesos does not provide
a default seccomp config. However, it may be hard for many operators to figure out a common
seccomp profile on Mesos. Could we add a recommended seccomp profile in this doc?

The main reason we might not want to provide a default seccomp config here is that it will
eventually become outdated. Given that it's a security feature, recommending an outdated profile
does not look good to me.


- Andrei


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/69493/#review212317
-----------------------------------------------------------


On Nov. 30, 2018, 4:33 p.m., Andrei Budnik wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/69493/
> -----------------------------------------------------------
> 
> (Updated Nov. 30, 2018, 4:33 p.m.)
> 
> 
> Review request for mesos, Gilbert Song, James Peach, and Qian Zhang.
> 
> 
> Bugs: MESOS-9036
>     https://issues.apache.org/jira/browse/MESOS-9036
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> See summary.
> 
> 
> Diffs
> -----
> 
>   docs/isolators/linux-seccomp.md PRE-CREATION 
>   docs/mesos-containerizer.md d15e82583fa207ba78e9fc1e83da0cf1f469ec4e 
>   docs/upgrades.md e493aefb36ea7b9631af35179938d778dc47442a 
> 
> 
> Diff: https://reviews.apache.org/r/69493/diff/6/
> 
> 
> Testing
> -------
> 
> None: not a functional change.
> 
> 
> Thanks,
> 
> Andrei Budnik
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message