Review Request 50270: Introduced linux capabilities support for mesos containerizer.

Benjamin Bannier Wed, 20 Jul 2016 15:18:58 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50270/
-----------------------------------------------------------


Review request for mesos and Jie Yu.


Bugs: MESOS-5303
    https://issues.apache.org/jira/browse/MESOS-5303


Repository: mesos


Description
-------

This change introduces linux capability based security for unified
containerizer. A new agent flag \`allowed_capabilities\` has been
introduced to override the default capabilities of the user or the
capabilities requested by the user.

This feature is only available on linux.

This patch is based on https://reviews.apache.org/r/46798/.


Diffs
-----

  src/common/parse.hpp 5dc795d7f54209abe64ad48360f538faac7616f0 
  src/internal/devolve.hpp 3812fd654d6cdceccf31b3f7c1a067cf2922e06f 
  src/internal/devolve.cpp a2ad4641fcadef4003e487683fc0a73aeece7647 
  src/internal/evolve.hpp 1e2d49b6a465c13dd055e54f0d4c49d22afc15c6 
  src/internal/evolve.cpp 64818ccbbc4d0fcf6744e3f9a30c17c5332acccc 
  src/launcher/executor.cpp 5a5f95f04a6ce096079b67397cb324575409f795 
  src/slave/flags.hpp e798dbf2554a85310d71697d873bca4445a6161a 
  src/slave/flags.cpp 166a6516362a23bc5012aaa2dd45edfc6446de48 

Diff: https://reviews.apache.org/r/50270/diff/


Testing
-------

`make check` and `sudo make check` (Debian jessie, gcc-4.9.2, w/o optimizations)


Thanks,

Benjamin Bannier

Review Request 50270: Introduced linux capabilities support for mesos containerizer.

Reply via email to