----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/75109/ -----------------------------------------------------------
Review request for mesos and Benjamin Mahler. Repository: mesos Description ------- Currently, the deny block matches a device access iff all accesses match on the deny block. For example, a rw access would not match the deny block even if the deny block had w access specified. We would expect that the deny block should deny all accesses if the type, major, and minor number matches, and if any of the device accesses overlap with what's specified in the deny block. Additionally, we enforce some basic validation on cgroups2::configure to ensure that we are able to generate a correct ebpf program. For the allow and deny lists passed to configure: 1. No Entry can have no accesses specified 2. No two entries on the same list can have the same type, major & minor numbers. 3. No two entries on the same list can be encompassed by the other entry. Diffs ----- src/linux/cgroups2.hpp accaebdaddc85acdd96b87161ea441c77b025099 src/linux/cgroups2.cpp cb3c425a46f33f5434f870c03dd7de5be3331ece src/tests/containerizer/cgroups2_tests.cpp c73045632f1bc102d42852b9095a4fe6e11839bb Diff: https://reviews.apache.org/r/75109/diff/1/ Testing ------- Added test case to test new deny block behavior, modified existing test cases to fit the validation requirements of configure(). Added specific tests to test configure() validation Thanks, Jason Zhou
