Re: Review Request 58603: Allowed whitelist additional devices in cgroups devices subsystem.

haosdent huang Tue, 25 Apr 2017 19:28:40 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58603/#review173017
-----------------------------------------------------------





include/mesos/mesos.proto
Lines 2714 (patched)
<https://reviews.apache.org/r/58603/#comment246092>

    Describes information abount a device.



include/mesos/mesos.proto
Lines 2722 (patched)
<https://reviews.apache.org/r/58603/#comment246093>

    Describes a device whitelist entry that expose from host to container.



src/common/type_utils.cpp
Lines 471 (patched)
<https://reviews.apache.org/r/58603/#comment246091>

    Nit: Remove this blank line.



src/slave/containerizer/mesos/isolators/cgroups/subsystems/devices.cpp
Lines 79 (patched)
<https://reviews.apache.org/r/58603/#comment246096>

    Nit: Is it possible to avoid use `auto` here?



src/slave/containerizer/mesos/isolators/cgroups/subsystems/devices.cpp
Lines 80 (patched)
<https://reviews.apache.org/r/58603/#comment246095>

    Nit: `std::string` -> `string`



src/slave/containerizer/mesos/isolators/cgroups/subsystems/devices.cpp
Lines 87-88 (patched)
<https://reviews.apache.org/r/58603/#comment246094>

    Nit: we prefer to put `+` at the end.


- haosdent huang


On April 25, 2017, 5:40 a.m., Zhongbo Tian wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58603/
> -----------------------------------------------------------
> 
> (Updated April 25, 2017, 5:40 a.m.)
> 
> 
> Review request for mesos, haosdent huang and Jie Yu.
> 
> 
> Bugs: MESOS-6791
>     https://issues.apache.org/jira/browse/MESOS-6791
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Allowed whitelist additional devices in cgroups devices subsystem.
> 
> 
> Diffs
> -----
> 
>   docs/configuration.md 159f946216299fc52171e0a58c7eb7c888c1eec8 
>   include/mesos/mesos.proto eaa2d2ac697cfc4f5aa56db0fb37363339608f43 
>   include/mesos/type_utils.hpp 5f771aaf2f4e76ac06bfd8f77b0b744ed2854b27 
>   include/mesos/v1/mesos.proto 1a32a7bdc991c77b35a988bf8a34cee936c97608 
>   src/common/parse.hpp e90738a91161e26a48a6e381765e631492294641 
>   src/common/type_utils.cpp dc0dd71f52581e2067fed279677bda8c82aa7298 
>   src/slave/containerizer/mesos/isolators/cgroups/subsystems/devices.hpp 
> ca2727142a9f257168f3cae0958f7b4665b63cf6 
>   src/slave/containerizer/mesos/isolators/cgroups/subsystems/devices.cpp 
> 9b5cf83093796b0c0cc5057b612f80bc8b8ba72f 
>   src/slave/flags.hpp c7a4604ed994e15c1db6accfaded2e882f1aec94 
>   src/slave/flags.cpp c50e43c0e0ba633f6b905b0d78668c0a0eebb173 
> 
> 
> Diff: https://reviews.apache.org/r/58603/diff/3/
> 
> 
> Testing
> -------
> 
> For test:
> 
> - Launch without additional devices:
>   1. Start agent with `sudo mesos-agent --master=127.0.0.1:5050 
> --work_dir=/tmp/mesos --isolation=cgroups/devices`
>   2. try open `/dev/rtc0` and failed with permission denied. `sudo 
> mesos-execute --master=127.0.0.1:5050 --name=test --command="head -c 0 
> /dev/rtc0"`
>     
> - Launch with additional devices:
>   1. Start agent with `sudo mesos-agent --master=127.0.0.1:5050 
> --work_dir=/tmp/mesos --isolation=cgroups/devices  
> --allowed_devices='{"allowed_devices":[{"device":{"path":"/dev/rtc0"}, 
> "access":{"mknod":true, "read":true, "write":true}}]}'`
>   2. open `/dev/rtc0` successfully. `sudo mesos-execute 
> --master=127.0.0.1:5050 --name=test --command="head -c 0 /dev/rtc0"`
> 
> 
> Thanks,
> 
> Zhongbo Tian
> 
>

Re: Review Request 58603: Allowed whitelist additional devices in cgroups devices subsystem.

Reply via email to