----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/52881/#review152717 -----------------------------------------------------------
Patch looks great! Reviews applied: [52881] Passed command: export OS='ubuntu:14.04' BUILDTOOL='autotools' COMPILER='gcc' CONFIGURATION='--verbose' ENVIRONMENT='GLOG_v=1 MESOS_VERBOSE=1'; ./support/docker_build.sh - Mesos ReviewBot On Oct. 14, 2016, 2:16 p.m., Benjamin Bannier wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/52881/ > ----------------------------------------------------------- > > (Updated Oct. 14, 2016, 2:16 p.m.) > > > Review request for mesos and Jie Yu. > > > Bugs: MESOS-6386 > https://issues.apache.org/jira/browse/MESOS-6386 > > > Repository: mesos > > > Description > ------- > > The capabilities isolator test suites runs test as root where the > files executed might not reside in directories accessible even to root > after dropping all capabilities. We already ensured that the test > agent would always permit `DAC_READ_SEARCH` so that we could move this > one into the permitted set, but missed to ensure it was always present > when tasks set capabilities. This could lead to situtations where > e.g., `mesos-executor` could not be executed by the test. > > This commit adds `DAC_READ_SEARCH` to the requested set for all > situation where where drop all capabilities required for tests. > > > Diffs > ----- > > src/tests/containerizer/linux_capabilities_isolator_tests.cpp > f040c209b4b4c87cef00b0569b7da7581f4ccf03 > > Diff: https://reviews.apache.org/r/52881/diff/ > > > Testing > ------- > > * as root: `./mesos-test > --gtest_filter='*/LinuxCapabilitiesIsolatorTest.ROOT_Ping/*'` > * confirmed by inspection of the log output that all `launch` invocations > were able > to successly start the requested executables. > > > Thanks, > > Benjamin Bannier > >