> On Dec. 29, 2018, 1:40 a.m., Qian Zhang wrote: > > src/slave/containerizer/mesos/isolators/linux/seccomp.cpp > > Lines 89-92 (patched) > > <https://reviews.apache.org/r/68021/diff/10/?file=2110838#file2110838line89> > > > > This is kind of strange to me, I think we do not have this kind of > > semantics in Mesos before. Can we have a bool field in `LinuxInfo.Seccomp` > > to explicitly enable/disable Seccomp for a container?
I've added `bool unconfined` flag into `LinuxInfo.Seccomp`. - Andrei ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68021/#review211573 ----------------------------------------------------------- On Nov. 8, 2018, 3:24 p.m., Andrei Budnik wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/68021/ > ----------------------------------------------------------- > > (Updated Nov. 8, 2018, 3:24 p.m.) > > > Review request for mesos, Gilbert Song, Jie Yu, James Peach, and Qian Zhang. > > > Bugs: MESOS-9035 > https://issues.apache.org/jira/browse/MESOS-9035 > > > Repository: mesos > > > Description > ------- > > This patch introduces `linux/seccomp` isolator which is used for > preparing `ContainerSeccompProfile` for the Mesos containerizer > launcher. If the `ContainerConfig` message has an info about Seccomp > profile name, then this info will be used to locate a Seccomp profile. > The given Seccomp profile is parsed and the resulting > `ContainerSeccompProfile` is stored in the `ContainerLaunchInfo` > message. > > > Diffs > ----- > > src/CMakeLists.txt bde070445b644e15d46c390d1c983caabaa1fec8 > src/Makefile.am 7a4904a3d67479267087fd2313a263d8218843fa > src/slave/containerizer/mesos/containerizer.cpp > a5cf2da55c046c5c45e0c2ca3400f64de12de62b > src/slave/containerizer/mesos/isolators/linux/seccomp.hpp PRE-CREATION > src/slave/containerizer/mesos/isolators/linux/seccomp.cpp PRE-CREATION > > > Diff: https://reviews.apache.org/r/68021/diff/11/ > > > Testing > ------- > > > Thanks, > > Andrei Budnik > >
