Re: Review Request 70108: Added `unconfined` flag to `SeccompInfo` message.

Mon, 04 Mar 2019 23:30:14 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70108/#review213426
-----------------------------------------------------------




include/mesos/mesos.proto
Lines 3218 (patched)
<https://reviews.apache.org/r/70108/#comment299362>

    Should we mention in protobuf that at most one of these two field should be 
set



src/slave/containerizer/mesos/isolators/linux/seccomp.cpp
Line 95 (original), 95 (patched)
<https://reviews.apache.org/r/70108/#comment299363>

    add a validation for both profile_name and unconfined isSome() failure?



src/slave/containerizer/mesos/isolators/linux/seccomp.cpp
Lines 96-97 (patched)
<https://reviews.apache.org/r/70108/#comment299366>

    seems like we have `unconfined` None and false as the same case. Could we 
document it in above .proto comments?



src/slave/containerizer/mesos/isolators/linux/seccomp.cpp
Line 104 (original), 107 (patched)
<https://reviews.apache.org/r/70108/#comment299365>

    not from this patch:
    
    return Failure("Failed to parse profile for container " + containerId + ": 
" + customProfile.error());



src/slave/containerizer/mesos/isolators/linux/seccomp.cpp
Line 109 (original), 114 (patched)
<https://reviews.apache.org/r/70108/#comment299364>

    Not from this patch, but we should print out the containerID for debugging:
    
    "Failed to prepare container " + containerId + ": Missing Seccomp profile 
name"


- Gilbert Song


On March 4, 2019, 6:03 a.m., Andrei Budnik wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70108/
> -----------------------------------------------------------
> 
> (Updated March 4, 2019, 6:03 a.m.)
> 
> 
> Review request for mesos, Gilbert Song, Jie Yu, and Qian Zhang.
> 
> 
> Bugs: MESOS-9613
>     https://issues.apache.org/jira/browse/MESOS-9613
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This patch introduces `unconfined` flag that can be used by a framework
> to explicitly disable Seccomp filtering for a particular container.
> 
> 
> Diffs
> -----
> 
>   include/mesos/mesos.proto 48f30b3f41f3440245c1912becc9c2c3d572aff9 
>   src/slave/containerizer/mesos/isolators/linux/seccomp.cpp 
> 1c94e126a0a5039e46d0e7696f4e629d41b35d50 
> 
> 
> Diff: https://reviews.apache.org/r/70108/diff/1/
> 
> 
> Testing
> -------
> 
> See the following patch in the chain.
> 
> 
> Thanks,
> 
> Andrei Budnik
> 
>

Reply via email to