[mesos] 03/03: Added logging for `linux/seccomp` isolator.

Tue, 05 Mar 2019 15:02:28 -0800 

This is an automated email from the ASF dual-hosted git repository.

gilbert pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git

commit 549068ae3666794cce9b3f19ffe4629a0acaaddd
Author: Andrei Budnik <[email protected]>
AuthorDate: Tue Mar 5 15:00:56 2019 -0800

    Added logging for `linux/seccomp` isolator.
    
    Review: https://reviews.apache.org/r/70114/
---
 src/slave/containerizer/mesos/isolators/linux/seccomp.cpp | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/slave/containerizer/mesos/isolators/linux/seccomp.cpp 
b/src/slave/containerizer/mesos/isolators/linux/seccomp.cpp
index f0c58c1..5624c24 100644
--- a/src/slave/containerizer/mesos/isolators/linux/seccomp.cpp
+++ b/src/slave/containerizer/mesos/isolators/linux/seccomp.cpp
@@ -86,6 +86,9 @@ Future<Option<ContainerLaunchInfo>> 
LinuxSeccompIsolatorProcess::prepare(
 {
   Option<ContainerSeccompProfile> profile = defaultProfile;
 
+  std::string profileName =
+    flags.seccomp_profile_name.isSome() ? flags.seccomp_profile_name.get() : 
"";
+
   // Framework can override default Seccomp profile for a particular container.
   if (containerConfig.has_container_info() &&
       containerConfig.container_info().has_linux_info() &&
@@ -104,8 +107,8 @@ Future<Option<ContainerLaunchInfo>> 
LinuxSeccompIsolatorProcess::prepare(
     }
 
     if (seccomp.has_profile_name()) {
-      const auto path =
-        path::join(flags.seccomp_config_dir.get(), seccomp.profile_name());
+      profileName = seccomp.profile_name();
+      const auto path = path::join(flags.seccomp_config_dir.get(), 
profileName);
 
       Try<ContainerSeccompProfile> customProfile =
         mesos::internal::seccomp::parseProfile(path);
@@ -116,6 +119,8 @@ Future<Option<ContainerLaunchInfo>> 
LinuxSeccompIsolatorProcess::prepare(
 
       profile = customProfile.get();
     } else if (unconfined) {
+      LOG(INFO) << "Seccomp is not applied to container " << containerId;
+
       return None();
     } else {
       return Failure("Missing Seccomp profile name");
@@ -129,6 +134,9 @@ Future<Option<ContainerLaunchInfo>> 
LinuxSeccompIsolatorProcess::prepare(
   ContainerLaunchInfo launchInfo;
   launchInfo.mutable_seccomp_profile()->CopyFrom(profile.get());
 
+  LOG(INFO) << "Using Seccomp profile '" << profileName
+            << "' for container " << containerId;
+
   return launchInfo;
 }

Reply via email to