[ https://issues.apache.org/jira/browse/MESOS-9386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16753777#comment-16753777 ]
Gilbert Song commented on MESOS-9386: ------------------------------------- Probably we should close this as "won't do"? > Implement Seccomp profile inheritance for POD containers > -------------------------------------------------------- > > Key: MESOS-9386 > URL: https://issues.apache.org/jira/browse/MESOS-9386 > Project: Mesos > Issue Type: Task > Components: containerization > Reporter: Andrei Budnik > Assignee: Andrei Budnik > Priority: Major > Labels: mesosphere > > Child containers inherit its parent container's Seccomp profile by default. > Also, Seccomp profile can be overridden by a Framework for a particular child > container by specifying a path to the Seccomp profile. > Mesos containerizer persists information about containers on disk via > `ContainerLaunchInfo` proto, which includes `ContainerSeccompProfile` proto. > Mesos containerizer should use this proto to load the parent's profile for a > child container. When a child inherits the parent's Seccomp profile, Mesos > agent doesn't have to re-read a Seccomp profile from the disk, which was used > for the parent container. Otherwise, we would have to check that a file > content hasn't changed since the last time the parent was launched. -- This message was sent by Atlassian JIRA (v7.6.3#76005)