----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/75026/ -----------------------------------------------------------
Review request for mesos and Benjamin Mahler. Repository: mesos Description ------- In cgroups2, we want our EBPF file to only grant access to a device if it is in a cgroup's allow list and not in its deny list. This means that we need to change our previous logic that exits on the first match to now check both the allow and deny list of a cgroup before determining whether access may be granted. This patch implements the logic change, and removes functions that are no longer necessary for the DeviceProgram class. We now pass the entire allow and deny list to a configure function inside the DeviceProgram object, which will create a ebpf program with the updated logic and attempt to attach it to the cgroup. Diffs ----- src/linux/cgroups2.cpp 9e2ca2207a4e407fb6b07b6fbf709bbc3b397673 Diff: https://reviews.apache.org/r/75026/diff/1/ Testing ------- All Cgroups2 tests pass i.e. the generated ebpf files pass the verifiers Thanks, Jason Zhou
