> On Aug. 11, 2016, 10:06 p.m., Jie Yu wrote: > > src/linux/capabilities.cpp, line 298 > > <https://reviews.apache.org/r/50266/diff/6/?file=1470369#file1470369line298> > > > > This sounds important because ProcessCapabilities allows getting > > bounding set. Can you follow up with a patch to address this TODO? > > > > Take a look at the implementation here: > > > > https://github.com/syndtr/gocapability/blob/master/capability/capability_linux.go#L382-L417
I added https://reviews.apache.org/r/51043/ to implement this. - Benjamin ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/50266/#review145515 ----------------------------------------------------------- On Aug. 10, 2016, 9:14 p.m., Benjamin Bannier wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/50266/ > ----------------------------------------------------------- > > (Updated Aug. 10, 2016, 9:14 p.m.) > > > Review request for mesos and Jie Yu. > > > Bugs: MESOS-5051 > https://issues.apache.org/jira/browse/MESOS-5051 > > > Repository: mesos > > > Description > ------- > > This change introduces basic API for linux capabilities. This is not a > comprehensive API but is strictly limited to the need for securing Mesos > containers using linux capabilities. > > This patch is based on the work in https://reviews.apache.org/r/46370/. > > > Diffs > ----- > > src/CMakeLists.txt 1286ee08fe2d60867326a1f2585f054c20b52208 > src/Makefile.am 1a9b083493612cf610b80ac5a1c11c29d6302933 > src/linux/capabilities.hpp PRE-CREATION > src/linux/capabilities.cpp PRE-CREATION > > Diff: https://reviews.apache.org/r/50266/diff/ > > > Testing > ------- > > `make check` and `sudo make check` (Debian jessie, gcc-4.9.2, w/o > optimizations) > > > Thanks, > > Benjamin Bannier > >
