Re: Review Request 50270: Introduced linux capabilities support for mesos containerizer.

Benjamin Bannier Wed, 10 Aug 2016 10:04:16 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50270/
-----------------------------------------------------------


(Updated Aug. 10, 2016, 7:03 p.m.)


Review request for mesos and Jie Yu.


Changes
-------

Rebased.


Bugs: MESOS-5303
    https://issues.apache.org/jira/browse/MESOS-5303


Repository: mesos


Description
-------

This change introduces linux capability based security for unified
containerizer. A new agent flag \`allowed_capabilities\` has been
introduced to override the default capabilities of the user or the
capabilities requested by the user.

This feature is only available on linux.

This patch is based on https://reviews.apache.org/r/46798/.


Diffs (updated)
-----

  src/common/parse.hpp 5dc795d7f54209abe64ad48360f538faac7616f0 
  src/internal/devolve.hpp 3812fd654d6cdceccf31b3f7c1a067cf2922e06f 
  src/internal/devolve.cpp a2ad4641fcadef4003e487683fc0a73aeece7647 
  src/internal/evolve.hpp 1e2d49b6a465c13dd055e54f0d4c49d22afc15c6 
  src/internal/evolve.cpp 64818ccbbc4d0fcf6744e3f9a30c17c5332acccc 
  src/launcher/executor.cpp 9333dc0832cd04305e307ce750195c0fbc860ab2 
  src/slave/flags.hpp 58fba4a22d988ac6612fc3af8a9346f0b8f8bb51 
  src/slave/flags.cpp b8ecc98721c52dcd59a0cc1333421d4f024fbe96 

Diff: https://reviews.apache.org/r/50270/diff/


Testing
-------

`make check` and `sudo make check` (Debian jessie, gcc-4.9.2, w/o optimizations)


Thanks,

Benjamin Bannier

Re: Review Request 50270: Introduced linux capabilities support for mesos containerizer.

Reply via email to