This is an automated email from the ASF dual-hosted git repository.
gilbert pushed a change to branch 1.7.x
in repository https://gitbox.apache.org/repos/asf/mesos.git.
from 883ec85 Added MESOS-9533 to 1.7.2 CHANGELOG.
new 6d92408 Added Linux memfd support.
new af008ca Made the code more robust related to sendfile.
new febe742 Added a test to test memfd file clone.
new 1d72e03 Updated handleWhitelistFds() to avoid closing FDs with
FD_CLOEXEC bit.
new 9faa3f8 Cloned a sealed file of launcher binary.
new ac24bca Cleaned up command executor redundant command string.
new e390e57 Added `--enable-launcher-sealing` compiler flag.
new 8fb1109 Enabled launcher sealing depending on corresponding compiler
flag.
new a893c83 Fixed `ROOT_PidNamespace` test after enabling launcher
sealing.
new b7a74fb Secured mesos executor binary using memfd.
The 10 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
3rdparty/libprocess/src/posix/subprocess.hpp | 13 +-
cmake/CompilationConfigure.cmake | 4 +
configure.ac | 31 +++++
src/CMakeLists.txt | 6 +
src/Makefile.am | 11 ++
src/launcher/executor.cpp | 28 ++--
src/linux/memfd.cpp | 147 +++++++++++++++++++++
.../provisioner/utils.hpp => linux/memfd.hpp} | 20 +--
src/slave/constants.hpp | 3 +
src/slave/containerizer/mesos/containerizer.cpp | 57 +++++++-
src/slave/containerizer/mesos/containerizer.hpp | 30 ++++-
src/slave/containerizer/mesos/launch.cpp | 12 +-
src/slave/slave.cpp | 6 -
src/tests/CMakeLists.txt | 5 +
src/tests/containerizer/isolator_tests.cpp | 2 +-
...ities_test_helper.hpp => linux_memfd_tests.cpp} | 50 +++----
16 files changed, 366 insertions(+), 59 deletions(-)
create mode 100644 src/linux/memfd.cpp
copy src/{slave/containerizer/mesos/provisioner/utils.hpp => linux/memfd.hpp}
(71%)
copy src/tests/containerizer/{capabilities_test_helper.hpp =>
linux_memfd_tests.cpp} (54%)
