----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68022/#review211543 -----------------------------------------------------------
src/slave/containerizer/mesos/launch.cpp Lines 1196-1197 (patched) <https://reviews.apache.org/r/68022/#comment296871> Hmm, this seems unfortunate, will it cause container cannot be launched? src/slave/containerizer/mesos/launch.cpp Lines 1198 (patched) <https://reviews.apache.org/r/68022/#comment296870> We can just use `seccompFilter->load()`. - Qian Zhang On Aug. 6, 2018, 9:39 p.m., Andrei Budnik wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/68022/ > ----------------------------------------------------------- > > (Updated Aug. 6, 2018, 9:39 p.m.) > > > Review request for mesos, Gilbert Song, Jie Yu, James Peach, and Qian Zhang. > > > Bugs: MESOS-9106 > https://issues.apache.org/jira/browse/MESOS-9106 > > > Repository: mesos > > > Description > ------- > > Containerizer launcher creates an instance of `SeccompFilter`, which is > used to setup Seccomp profile using `ContainerSeccompProfile` message > prepared by the `linux/seccomp` isolator. The Seccomp filter is loaded > right before calling `execve()`, so that a container will be running > with a syscall filtering enabled. > > > Diffs > ----- > > src/slave/containerizer/mesos/launch.cpp > 882bcdf89e2b0cca3d3f62e6d017849a51ceaead > > > Diff: https://reviews.apache.org/r/68022/diff/7/ > > > Testing > ------- > > > Thanks, > > Andrei Budnik > >
