[
https://issues.apache.org/jira/browse/MESOS-7477?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16052676#comment-16052676
]
Jie Yu commented on MESOS-7477:
-------------------------------
commit 32e605ed8fb3669edf34caba3cf711d57d3e4f9e
Author: James Peach <[email protected]>
Date: Fri Jun 16 20:45:01 2017 -0700
Add ambient capabilities to launched tasks.
In the absence of ambient capabilities, capabilities in the
effective set do not survive across execve(2). This means
that tasks attempting to make use of the LinuxInfo capability
support also need to ensure that file capabilities are set on
the file that is ultimately executed. Supporting ambient
capabilities allows the effective capabilities to survive
execve(2), so it is now possible to launch a task with limited
privilege elevations.
Review: https://reviews.apache.org/r/59553/
commit 4ee86647a45d09528124e9ab0fa732758ac4d7ec
Author: James Peach <[email protected]>
Date: Fri Jun 16 20:44:59 2017 -0700
Add ambient capability support.
Add support for the ambient capability so that we can make
effective capabilities survive across execve(2).
Review: https://reviews.apache.org/r/59185/
> Support ambient capabilities.
> -----------------------------
>
> Key: MESOS-7477
> URL: https://issues.apache.org/jira/browse/MESOS-7477
> Project: Mesos
> Issue Type: Improvement
> Reporter: James Peach
> Assignee: James Peach
>
> Add support for ambient capabilities so that capabilities granted in the
> {{LaunchTask}} message can be made active in the task without the requirement
> for matching file-based capabilities.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
