Re: Review Request 50270: Introduced linux capabilities support for mesos containerizer.

Benjamin Bannier Thu, 11 Aug 2016 05:49:36 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50270/
-----------------------------------------------------------


(Updated Aug. 11, 2016, 2:48 p.m.)


Review request for mesos and Jie Yu.


Changes
-------

Rebased onto recent master.


Bugs: MESOS-5303
    https://issues.apache.org/jira/browse/MESOS-5303


Repository: mesos


Description
-------

This change introduces linux capability based security for unified
containerizer. A new agent flag \`allowed_capabilities\` has been
introduced to override the default capabilities of the user or the
capabilities requested by the user.

This feature is only available on linux.

This patch is based on https://reviews.apache.org/r/46798/.


Diffs (updated)
-----

  src/common/parse.hpp 5dc795d7f54209abe64ad48360f538faac7616f0 
  src/launcher/executor.cpp 7967684e42c97326770bd83a41c2d4b1338a511f 
  src/slave/flags.hpp ef2394cae5cb72ae627aaef443ac06a50bcfb16f 
  src/slave/flags.cpp c07d6e5e062b75c9dd867e3dced9e2cc8b69872d 

Diff: https://reviews.apache.org/r/50270/diff/


Testing
-------

`make check` and `sudo make check` (Debian jessie, gcc-4.9.2, w/o optimizations)


Thanks,

Benjamin Bannier

Re: Review Request 50270: Introduced linux capabilities support for mesos containerizer.

Reply via email to