Re: Review Request 69493: Documented the `linux/seccomp` isolator.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69493/#review212372 --- Ship it! Ship It! - Gilbert Song On Nov. 30, 2018, 8:33 a.m., Andrei Budnik wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/69493/ > --- > > (Updated Nov. 30, 2018, 8:33 a.m.) > > > Review request for mesos, Gilbert Song, James Peach, and Qian Zhang. > > > Bugs: MESOS-9036 > https://issues.apache.org/jira/browse/MESOS-9036 > > > Repository: mesos > > > Description > --- > > See summary. > > > Diffs > - > > docs/isolators/linux-seccomp.md PRE-CREATION > docs/mesos-containerizer.md d15e82583fa207ba78e9fc1e83da0cf1f469ec4e > docs/upgrades.md e493aefb36ea7b9631af35179938d778dc47442a > > > Diff: https://reviews.apache.org/r/69493/diff/6/ > > > Testing > --- > > None: not a functional change. > > > Thanks, > > Andrei Budnik > >
Re: Review Request 68022: Enabled Seccomp filter in the containerizer launcher.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68022/#review212371 --- Ship it! Ship It! - Gilbert Song On Aug. 6, 2018, 6:39 a.m., Andrei Budnik wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/68022/ > --- > > (Updated Aug. 6, 2018, 6:39 a.m.) > > > Review request for mesos, Gilbert Song, Jie Yu, James Peach, and Qian Zhang. > > > Bugs: MESOS-9106 > https://issues.apache.org/jira/browse/MESOS-9106 > > > Repository: mesos > > > Description > --- > > Containerizer launcher creates an instance of `SeccompFilter`, which is > used to setup Seccomp profile using `ContainerSeccompProfile` message > prepared by the `linux/seccomp` isolator. > > > Diffs > - > > src/slave/containerizer/mesos/launch.cpp > 2f1c9e7a8748c9d7eab25bc8567ca68308e680f9 > > > Diff: https://reviews.apache.org/r/68022/diff/10/ > > > Testing > --- > > > Thanks, > > Andrei Budnik > >
Re: Review Request 68021: Added `linux/seccomp` isolator.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68021/#review212370 --- Ship it! Ship It! - Gilbert Song On Nov. 8, 2018, 7:24 a.m., Andrei Budnik wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/68021/ > --- > > (Updated Nov. 8, 2018, 7:24 a.m.) > > > Review request for mesos, Gilbert Song, Jie Yu, James Peach, and Qian Zhang. > > > Bugs: MESOS-9035 > https://issues.apache.org/jira/browse/MESOS-9035 > > > Repository: mesos > > > Description > --- > > This patch introduces `linux/seccomp` isolator which is used for > preparing `ContainerSeccompProfile` for the Mesos containerizer > launcher. If the `ContainerConfig` message has an info about Seccomp > profile name, then this info will be used to locate a Seccomp profile. > The given Seccomp profile is parsed and the resulting > `ContainerSeccompProfile` is stored in the `ContainerLaunchInfo` > message. > > > Diffs > - > > src/CMakeLists.txt a574d449dc26b820cbef7ff0b5e94b42b6fe86cf > src/Makefile.am cd785255fcdf1302a8f9fa358039e5d1f200e132 > src/slave/containerizer/mesos/containerizer.cpp > 5016f2e9f0651abcb0a5f364e8eace458f2edeae > src/slave/containerizer/mesos/isolators/linux/seccomp.hpp PRE-CREATION > src/slave/containerizer/mesos/isolators/linux/seccomp.cpp PRE-CREATION > > > Diff: https://reviews.apache.org/r/68021/diff/16/ > > > Testing > --- > > > Thanks, > > Andrei Budnik > >
Re: Review Request 68019: Added a parser for the Docker Seccomp config format.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68019/#review212369 --- Ship it! Ship It! - Gilbert Song On Nov. 8, 2018, 7:24 a.m., Andrei Budnik wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/68019/ > --- > > (Updated Nov. 8, 2018, 7:24 a.m.) > > > Review request for mesos, Gilbert Song, Jie Yu, James Peach, and Qian Zhang. > > > Bugs: MESOS-9105 > https://issues.apache.org/jira/browse/MESOS-9105 > > > Repository: mesos > > > Description > --- > > Docker Seccomp config is a JSON file containing Seccomp filtering > rules. This patch introduces a parser for Docker Seccomp config format. > This parser accepts a JSON-string, parses and validates it, then > returns a prepared `ContainerSeccompProfile` message. > > > Diffs > - > > src/CMakeLists.txt a574d449dc26b820cbef7ff0b5e94b42b6fe86cf > src/Makefile.am cd785255fcdf1302a8f9fa358039e5d1f200e132 > src/linux/seccomp/seccomp_parser.hpp PRE-CREATION > src/linux/seccomp/seccomp_parser.cpp PRE-CREATION > > > Diff: https://reviews.apache.org/r/68019/diff/15/ > > > Testing > --- > > > Thanks, > > Andrei Budnik > >
Re: Review Request 68016: Added libseccomp to the build.
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68016/#review212368 --- Ship it! Ship It! - Gilbert Song On Nov. 8, 2018, 7:23 a.m., Andrei Budnik wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/68016/ > --- > > (Updated Nov. 8, 2018, 7:23 a.m.) > > > Review request for mesos, Andrew Schwartzmeyer, Gilbert Song, Jie Yu, James > Peach, and Qian Zhang. > > > Bugs: MESOS-9032 > https://issues.apache.org/jira/browse/MESOS-9032 > > > Repository: mesos > > > Description > --- > > This library is needed to implement Seccomp syscall filtering in the > Mesos containerizer. This patch introduces `seccomp-isolator` build > flag, which is used to include or exclude sources related to Seccomp > from the build. Since Seccomp is a Linux-specific feature, the flag > is disabled by default. Enabling `seccomp-isolator` means either: > > 1. Compiling and linking against the bundled version of libseccomp from >sources (default). > > 2. Linking against the libseccomp installed in the OS, >if `--with-libseccomp` build flag is provided. > > > Diffs > - > > 3rdparty/CMakeLists.txt b74772e7e9c309acdb5b1d70b4c093dbaf9b3c0e > 3rdparty/Makefile.am 99270f048573900cf41d0c62cfe3488b83d71820 > 3rdparty/cmake/FindLIBSECCOMP.cmake PRE-CREATION > 3rdparty/cmake/Versions.cmake 69fc594ec5ba2887b20b88ec0767a5d801411411 > 3rdparty/versions.am 99ef92087f6958d83ba415e84db5cbbb0c597573 > cmake/CompilationConfigure.cmake 2485a8a580dcc2ad9b026e389b6525ef3a19f98e > configure.ac 6778f119570def1838e26cddf7b0192bfe6e37d4 > src/CMakeLists.txt a574d449dc26b820cbef7ff0b5e94b42b6fe86cf > src/Makefile.am cd785255fcdf1302a8f9fa358039e5d1f200e132 > src/python/native_common/ext_modules.py.in > 1f2e6c131d18e3e2fbc2e865c4698c83e73b87ba > > > Diff: https://reviews.apache.org/r/68016/diff/16/ > > > Testing > --- > > > Thanks, > > Andrei Budnik > >