Re: Review Request 50270: Introduced linux capabilities support for mesos containerizer.

Benjamin Bannier Fri, 09 Sep 2016 17:48:07 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50270/
-----------------------------------------------------------


(Updated Sept. 10, 2016, 12:47 a.m.)


Review request for mesos, Jay Guo and Jie Yu.


Bugs: MESOS-5275
    https://issues.apache.org/jira/browse/MESOS-5275


Repository: mesos


Description
-------

This change introduces linux capability based security for unified
containerizer. A new agent flag \`allowed_capabilities\` has been
introduced to override the default capabilities of the user or the
capabilities requested by the user.

This feature is only available on linux.


Diffs
-----

  src/slave/containerizer/mesos/launch.hpp 
0e86da9c7bd9c7fbedd7102d66b902d1c10e5e0b 
  src/slave/containerizer/mesos/launch.cpp 
13b65d82e029650e150eb2bc3647d95af167bd72 
  src/slave/flags.hpp 1a006663e7cc58ee548b3dda686cfbac0c240baa 
  src/slave/flags.cpp 0f2be1700f41b74da4ea1ce699a81ec33cf92a9a 

Diff: https://reviews.apache.org/r/50270/diff/


Testing
-------

`make check` and `sudo make check` (Debian jessie, gcc-4.9.2, w/o optimizations)


Thanks,

Benjamin Bannier

Re: Review Request 50270: Introduced linux capabilities support for mesos containerizer.

Reply via email to