Re: Review Request 69994: Added a test `ROOT_EmptyCheckpointFileSlaveRecovery`.

2019-02-18 Thread Qian Zhang
/docker_volume_isolator_tests.cpp 1503290bf62d5718df0a530a660b519649e76789 Diff: https://reviews.apache.org/r/69994/diff/2/ Changes: https://reviews.apache.org/r/69994/diff/1-2/ Testing --- sudo make check This test will fail without the patch https://reviews.apache.org/r/69972 Thanks, Qian Zhang

Review Request 70001: Fixed an inaccurate comment in agent code.

2019-02-18 Thread Qian Zhang
/metadata_manager.cpp 7b8030a5573a822975a0ba1bfc72f50bcc7098ae src/slave/state.cpp 92f777560cb9c85bfa239ba7847bb14b421fe0e7 Diff: https://reviews.apache.org/r/70001/diff/1/ Testing --- Not a functional change. Thanks, Qian Zhang

Re: Review Request 69994: Added a test `ROOT_EmptyCheckpointFileSlaveRecovery`.

2019-02-18 Thread Qian Zhang
nt` in this whole file, if you think `Owned` is better, we could post a separate patch to update it in this file. - Qian --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69994/#review

Re: Review Request 69994: Added a test `ROOT_EmptyCheckpointFileSlaveRecovery`.

2019-02-15 Thread Qian Zhang
Diff: https://reviews.apache.org/r/69994/diff/1/ Testing (updated) --- sudo make check This test will fail without the patch https://reviews.apache.org/r/69972 Thanks, Qian Zhang

Re: Review Request 69972: Skipped the container which has no checkpointed volumes during recovery.

2019-02-15 Thread Qian Zhang
.apache.org/r/69972/#review212795 --- On Feb. 13, 2019, 4:26 p.m., Qian Zhang wrote: > > --- > This is an automatically generated e-mail. To reply, v

Re: Review Request 69972: Skipped the container which has no checkpointed volumes during recovery.

2019-02-15 Thread Qian Zhang
n containers and recoverable containers differently? How will we handle the recoverable containers in this case? - Qian --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/6997

Review Request 69994: Added a test `ROOT_EmptyCheckpointFileSlaveRecovery`.

2019-02-15 Thread Qian Zhang
/69994/diff/1/ Testing --- Thanks, Qian Zhang

Review Request 69972: Skipped the container which has no checkpointed volumes during recovery.

2019-02-13 Thread Qian Zhang
--- Thanks, Qian Zhang

Re: Review Request 69478: Added `task_supplementary_groups` into `ContainerLaunchInfo`.

2019-01-28 Thread Qian Zhang
/containerizer.proto 7d16463fcce3df14d256f5a4f2deb42c482d0734 Diff: https://reviews.apache.org/r/69478/diff/4/ Changes: https://reviews.apache.org/r/69478/diff/3-4/ Testing --- Thanks, Qian Zhang

Re: Review Request 69345: Made non-root containers can access PARENT type SANDBOX_PATH volume.

2019-01-28 Thread Qian Zhang
/ Testing --- Thanks, Qian Zhang

Re: Review Request 69493: Documented the `linux/seccomp` isolator.

2019-01-22 Thread Qian Zhang
44 (patched) <https://reviews.apache.org/r/69493/#comment297941> :5050 ? docs/isolators/linux-seccomp.md Lines 55 (patched) <https://reviews.apache.org/r/69493/#comment297942> I think we should mention `SeccompInfo` here. - Qian Zhang On Dec. 1, 2018, 12:33 a.m., Andrei

Re: Review Request 69420: Added Seccomp isolator tests.

2019-01-22 Thread Qian Zhang
l is allowed by the former but disallowed by the later, and launching a container to call that syscall, verify the container will fail. src/tests/containerizer/linux_seccomp_isolator_tests.cpp Lines 1168 (patched) <https://reviews.apache.org/r/69420/#comment297932> Should be `result`? - Qian

Re: Review Request 69409: Added Seccomp parser tests.

2019-01-22 Thread Qian Zhang
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69409/#review212215 --- Ship it! Ship It! - Qian Zhang On Nov. 20, 2018, 8:21 p.m

Re: Review Request 69409: Added Seccomp parser tests.

2019-01-22 Thread Qian Zhang
> On Dec. 28, 2018, 9:39 a.m., Qian Zhang wrote: > > src/tests/containerizer/linux_seccomp_parser_tests.cpp > > Lines 359 (patched) > > <https://reviews.apache.org/r/69409/diff/3/?file=2116544#file2116544line359> > > > > Just a question, where do we

Review Request 69805: Fixed a minor coding error in `createSandboxDirectory`.

2019-01-22 Thread Qian Zhang
--- Fixed a minor coding error in `createSandboxDirectory`. Diffs - src/slave/paths.cpp 9fd37f5456d45d520d6062577c1692a4be627c0e Diff: https://reviews.apache.org/r/69805/diff/1/ Testing --- Thanks, Qian Zhang

Re: Review Request 68022: Enabled Seccomp filter in the containerizer launcher.

2019-01-22 Thread Qian Zhang
), 1028 (patched) <https://reviews.apache.org/r/68022/#comment297873> So we call `calculateCapabilities` twice in this file, can we merge them into one? - Qian Zhang On Aug. 6, 2018, 9:39 p.m., Andrei Budnik

Re: Review Request 68018: Added `SeccompFilter` class.

2019-01-21 Thread Qian Zhang
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68018/#review212189 --- Ship it! Ship It! - Qian Zhang On Jan. 19, 2019, 4 a.m

Re: Review Request 68018: Added `SeccompFilter` class.

2019-01-16 Thread Qian Zhang
> On Jan. 14, 2019, 4:31 p.m., Qian Zhang wrote: > > src/linux/seccomp/seccomp.cpp > > Lines 137-139 (patched) > > <https://reviews.apache.org/r/68018/diff/14/?file=2117423#file2117423line137> > > > > Will this affect the task run by Mesos? E.g., a ta

Re: Review Request 68018: Added `SeccompFilter` class.

2019-01-15 Thread Qian Zhang
> On Jan. 14, 2019, 4:31 p.m., Qian Zhang wrote: > > src/linux/seccomp/seccomp.cpp > > Lines 137-139 (patched) > > <https://reviews.apache.org/r/68018/diff/14/?file=2117423#file2117423line137> > > > > Will this affect the task run by Mesos? E.g., a ta

Re: Review Request 68021: Added `linux/seccomp` isolator.

2019-01-15 Thread Qian Zhang
> On Jan. 15, 2019, 11:02 a.m., Qian Zhang wrote: > > src/slave/containerizer/mesos/isolators/linux/seccomp.cpp > > Lines 17-18 (patched) > > <https://reviews.apache.org/r/68021/diff/12/?file=2117411#file2117411line17> > > > > A newline between. &

Re: Review Request 68017: Added Seccomp-related protobuf messages.

2019-01-15 Thread Qian Zhang
e but profile_name is None. do not set seccomp filtering for container > > Gilbert Song wrote: > I would prefer option #2. > > The reason we want to avoid introducing `unconfined` now is that > framework could set both field at the same time and ideally we may need an > `enum type`

Re: Review Request 68017: Added Seccomp-related protobuf messages.

2019-01-15 Thread Qian Zhang
other types (like string value)? - Qian Zhang On Nov. 8, 2018, 11:24 p.m., Andrei Budnik wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://re

Re: Review Request 68017: Added Seccomp-related protobuf messages.

2019-01-15 Thread Qian Zhang
gt; > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/68017/ > ------- > > (Updated Nov. 8, 2018, 11:24 p.m.) > > &

Re: Review Request 68022: Enabled Seccomp filter in the containerizer launcher.

2019-01-14 Thread Qian Zhang
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68022/#review211988 --- Ship it! Ship It! - Qian Zhang On Aug. 6, 2018, 9:39 p.m

Re: Review Request 68021: Added `linux/seccomp` isolator.

2019-01-14 Thread Qian Zhang
/linux/seccomp.cpp Lines 100 (patched) <https://reviews.apache.org/r/68021/#comment297569> I do not think we need `Option` here. - Qian Zhang On Nov. 8, 2018, 11:24 p.m., Andrei Budnik wrote: > > --- > This is

Re: Review Request 68020: Added Seccomp-related flags to the agent.

2019-01-14 Thread Qian Zhang
) <https://reviews.apache.org/r/68020/#comment297561> Path or name? - Qian Zhang On Nov. 8, 2018, 11:24 p.m., Andrei Budnik wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://re

Re: Review Request 68018: Added `SeccompFilter` class.

2019-01-14 Thread Qian Zhang
> On Jan. 14, 2019, 4:31 p.m., Qian Zhang wrote: > > src/linux/seccomp/seccomp.cpp > > Lines 137-139 (patched) > > <https://reviews.apache.org/r/68018/diff/14/?file=2117423#file2117423line137> > > > > Will this affect the task run by Mesos? E.g., a ta

Re: Review Request 68019: Added a parser for the Docker Seccomp config format.

2019-01-14 Thread Qian Zhang
ews.apache.org/r/68019/#comment297518> s/Error reading/Failed to read/ And I think we do not need the word `file` in this message just like the message below. - Qian Zhang On Nov. 8, 2018, 11:24 p.m., Andrei Budnik wrote: > >

Re: Review Request 68018: Added `SeccompFilter` class.

2019-01-14 Thread Qian Zhang
> s/ContainerSeccompProfile_Architecture_Name/ContainerSeccompProfile::Architecture_Name/ src/linux/seccomp/seccomp.cpp Lines 224 (patched) <https://reviews.apache.org/r/68018/#comment297517> s/ContainerSeccompProfile_Syscall_Action_Name/ContainerSeccompProfile::Syscall::Action_Name/ - Qian Zhang On N

Re: Review Request 68016: Added libseccomp to the build.

2019-01-13 Thread Qian Zhang
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68016/#review211945 --- Ship it! Ship It! - Qian Zhang On Nov. 8, 2018, 11:23 p.m

Re: Review Request 69715: Fixed the CNI_NETNS handling in port mapper CNI plugin.

2019-01-11 Thread Qian Zhang
/port_mapper/port_mapper.cpp Lines 72-77 (original), 72 (patched) <https://reviews.apache.org/r/69715/#comment297455> I think we still need to make sure `cniNetNs` is not `None()` if `CNI_COMMAND` is `ADD`. - Qian Zhang On Jan. 11, 2019, 2:14 p.m., Jie Yu

Re: Review Request 69714: Fixed a bug in docker_containerizer_tests.cpp.

2019-01-11 Thread Qian Zhang
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69714/#review211874 --- Ship it! Ship It! - Qian Zhang On Jan. 11, 2019, 2:14 p.m

Re: Review Request 69713: Fixed a bug in health_check_tests.cpp.

2019-01-11 Thread Qian Zhang
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69713/#review211873 --- Ship it! Ship It! - Qian Zhang On Jan. 11, 2019, 1:34 p.m

Re: Review Request 69712: Added a CNI reboot test.

2019-01-11 Thread Qian Zhang
/69712/#comment297454> This comment seems not correct. - Qian Zhang On Jan. 11, 2019, 1:13 p.m., Jie Yu wrote: > > --- > This is an automatically generated e-mail. To reply, visit: >

Re: Review Request 69711: Separated runtime dirs from other dirs in MesosTest.

2019-01-11 Thread Qian Zhang
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69711/#review211870 --- Ship it! Ship It! - Qian Zhang On Jan. 11, 2019, 1:13 p.m

Re: Review Request 69710: Switched to use ContainerizerTest for CNI tests.

2019-01-11 Thread Qian Zhang
(original), 138 (patched) <https://reviews.apache.org/r/69710/#comment297450> Should we call `ContainerizerTest::SetUp()` instead? - Qian Zhang On Jan. 11, 2019, 1:13 p.m., Jie Yu wrote: > > --- > This is an automatically g

Re: Review Request 69706: Kept `CNI_NETNS` unset in detach if network namespace is gone.

2019-01-11 Thread Qian Zhang
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69706/#review211868 --- Ship it! Ship It! - Qian Zhang On Jan. 11, 2019, 1:08 p.m

Re: Review Request 69705: Made agent not read the forked pid and libprocess pid after reboot.

2019-01-11 Thread Qian Zhang
ly, visit: https://reviews.apache.org/r/69705/#review211829 --- On Jan. 10, 2019, 10:52 p.m., Qian Zhang wrote: > > --- > This is an automatically generated e-mail. To rep

Review Request 69717: Added a test `SlaveRecoveryTest.RebootWithExecutorPidReused`.

2019-01-11 Thread Qian Zhang
/69717/diff/1/ Testing --- sudo make check And I verified this test will fail without the patch: https://reviews.apache.org/r/69705/ Thanks, Qian Zhang

Re: Review Request 69716: Updated `SlaveRecoveryTest.Reboot` to expect none pids.

2019-01-11 Thread Qian Zhang
which are actually obsolete after reboot. Diffs - src/tests/slave_recovery_tests.cpp 0eb47e2bdf6a46fc21b59bb85b4b89181087ccd3 Diff: https://reviews.apache.org/r/69716/diff/1/ Testing (updated) --- sudo make check Thanks, Qian Zhang

Re: Review Request 69705: Made agent not read the forked pid and libprocess pid after reboot.

2019-01-10 Thread Qian Zhang
716/ . - Qian --- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69705/#review211845 --- On Jan. 10, 2019, 10:52 p.m., Q

Review Request 69716: Updated `SlaveRecoveryTest.Reboot` to expect none pids.

2019-01-10 Thread Qian Zhang
reboot. Diffs - src/tests/slave_recovery_tests.cpp 0eb47e2bdf6a46fc21b59bb85b4b89181087ccd3 Diff: https://reviews.apache.org/r/69716/diff/1/ Testing --- Thanks, Qian Zhang

Re: Review Request 69705: Made agent not read the forked pid and libprocess pid after reboot.

2019-01-10 Thread Qian Zhang
-- On Jan. 10, 2019, 10:52 p.m., Qian Zhang wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/69705/ >

Review Request 69705: Made agent not read the forked pid and libprocess pid after reboot.

2019-01-10 Thread Qian Zhang
process if the forked pid is reused by another process after reboot. Diffs - src/slave/state.hpp 4f3d4cefb3fdef29cce3a6abe4cf5db04d45301f src/slave/state.cpp e7cf84993c74cf6da7fe22d5112e86e039780287 Diff: https://reviews.apache.org/r/69705/diff/1/ Testing --- Thanks, Qian Zhang

Re: Review Request 68016: Added libseccomp to the build.

2019-01-08 Thread Qian Zhang
che.org/r/68016/#comment297382> Ditto. - Qian Zhang On Nov. 8, 2018, 11:23 p.m., Andrei Budnik wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://re

Re: Review Request 69681: Fixed the FD leak if containerizer::_launch() failed or discarded.

2019-01-07 Thread Qian Zhang
e could merge these two lines into one. - Qian Zhang On Jan. 7, 2019, 8:22 p.m., Gilbert Song wrote: > > --- > This is an automatically generated e-mail. To rep

Re: Review Request 69676: Implemented recovery for volume gid manager.

2019-01-06 Thread Qian Zhang
/volume_gid_manager/volume_gid_manager.cpp PRE-CREATION Diff: https://reviews.apache.org/r/69676/diff/2/ Testing --- Thanks, Qian Zhang

Re: Review Request 69676: Implemented recovery for volume gid manager.

2019-01-06 Thread Qian Zhang
: https://reviews.apache.org/r/69676/diff/2/ Changes: https://reviews.apache.org/r/69676/diff/1-2/ Testing --- Thanks, Qian Zhang

Re: Review Request 69613: Added tests for volume gid manager.

2019-01-06 Thread Qian Zhang
://reviews.apache.org/r/69613/diff/1-2/ Testing --- Thanks, Qian Zhang

Re: Review Request 67997: Added a test `ROOT_UNPRIVILEGED_USER_ParentTypeDifferentUser`.

2019-01-06 Thread Qian Zhang
/containerizer/volume_sandbox_path_isolator_tests.cpp cbe677880d6a7dc44697fa5a425b8164dbb4f6e2 Diff: https://reviews.apache.org/r/67997/diff/3/ Changes: https://reviews.apache.org/r/67997/diff/2-3/ Testing --- sudo make check Thanks, Qian Zhang

Re: Review Request 69490: Implemented recovery for volume gid manager.

2019-01-06 Thread Qian Zhang
/volume_gid_manager.hpp PRE-CREATION src/slave/volume_gid_manager/volume_gid_manager.cpp PRE-CREATION Diff: https://reviews.apache.org/r/69490/diff/2/ Testing --- Thanks, Qian Zhang

Review Request 69676: Implemented recovery for volume gid manager.

2019-01-06 Thread Qian Zhang
/ Testing --- Thanks, Qian Zhang

Re: Review Request 69481: Deallocated the shared persistent volume's gid when it is removed.

2019-01-06 Thread Qian Zhang
ad3b693a716cf6103345a157bf28dd60a7b07d32 Diff: https://reviews.apache.org/r/69481/diff/3/ Changes: https://reviews.apache.org/r/69481/diff/2-3/ Testing --- Thanks, Qian Zhang

Re: Review Request 69544: Made non-root containers can access shared persistent volume.

2019-01-06 Thread Qian Zhang
--- Thanks, Qian Zhang

Re: Review Request 69478: Added `task_supplementary_groups` into `ContainerLaunchInfo`.

2019-01-06 Thread Qian Zhang
5b4dcdda0f55ea3355c78d1447c7be9ca54d9dc9 Diff: https://reviews.apache.org/r/69478/diff/3/ Changes: https://reviews.apache.org/r/69478/diff/2-3/ Testing --- Thanks, Qian Zhang

Re: Review Request 69345: Made non-root containers can access PARENT type SANDBOX_PATH volume.

2019-01-06 Thread Qian Zhang
eply, visit: https://reviews.apache.org/r/69345/#review211092 --- On Jan. 7, 2019, 8:30 a.m., Qian Zhang wrote: > > --- > This is an automatically g

Re: Review Request 69345: Made non-root containers can access PARENT type SANDBOX_PATH volume.

2019-01-06 Thread Qian Zhang
a78ca9c7911bb7928a93be6867abe62e8cd20712 Diff: https://reviews.apache.org/r/69345/diff/5/ Changes: https://reviews.apache.org/r/69345/diff/4-5/ Testing --- Thanks, Qian Zhang

Re: Review Request 69342: Added an agent flag `--volume_gid_range`.

2019-01-06 Thread Qian Zhang
--- Thanks, Qian Zhang

Re: Review Request 69541: Added volume gid manager.

2019-01-06 Thread Qian Zhang
7a4904a3d67479267087fd2313a263d8218843fa src/slave/containerizer/mesos/volume_gid_manager/volume_gid_manager.hpp PRE-CREATION src/slave/containerizer/mesos/volume_gid_manager/volume_gid_manager.cpp PRE-CREATION Diff: https://reviews.apache.org/r/69541/diff/5/ Testing --- Thanks, Qian Zhang

Review Request 69675: Added volume gid manager.

2019-01-06 Thread Qian Zhang
, Qian Zhang

Re: Review Request 69667: Sent SIGKILL to I/O switchboard server as a safeguard.

2019-01-04 Thread Qian Zhang
/switchboard.cpp c445a8f09d7671d5763281bac9881489b3cc9c39 Diff: https://reviews.apache.org/r/69667/diff/2/ Changes: https://reviews.apache.org/r/69667/diff/1-2/ Testing --- Thanks, Qian Zhang

Re: Review Request 69667: Sent SIGKILL to I/O switchboard server as a safeguard.

2019-01-04 Thread Qian Zhang
eviews.apache.org/r/69667/#review211675 ------- On Jan. 5, 2019, 9:25 a.m., Qian Zhang wrote: > > --- > This is an automatically generated e-mail. To re

Re: Review Request 69667: Sent SIGKILL to I/O switchboard server as a safeguard.

2019-01-04 Thread Qian Zhang
Diff: https://reviews.apache.org/r/69667/diff/1/ Testing --- Thanks, Qian Zhang

Review Request 69667: Sent SIGKILL to I/O switchboard server as a safeguard.

2019-01-04 Thread Qian Zhang
: mesos Description --- Sent SIGKILL to I/O switchboard server as a safeguard. Diffs - src/slave/containerizer/mesos/io/switchboard.cpp c445a8f09d7671d5763281bac9881489b3cc9c39 Diff: https://reviews.apache.org/r/69667/diff/1/ Testing --- Thanks, Qian Zhang

Re: Review Request 69342: Added an agent flag `--volume_gid_range`.

2019-01-01 Thread Qian Zhang
://reviews.apache.org/r/69342/diff/2-3/ Testing --- Thanks, Qian Zhang

Re: Review Request 69493: Documented the `linux/seccomp` isolator.

2018-12-28 Thread Qian Zhang
tps://reviews.apache.org/r/69493/#comment296936> Can we merge these two lines into one? docs/isolators/linux-seccomp.md Lines 31 (patched) <https://reviews.apache.org/r/69493/#comment296938> s/processes/process/ - Qian Zhang On Dec. 1, 2018, 12:33 a.m., Andrei

Re: Review Request 69420: Added Seccomp isolator tests.

2018-12-28 Thread Qian Zhang
EQ(SIGKILL, wait.get()->status());`? src/tests/containerizer/linux_seccomp_isolator_tests.cpp Lines 262 (patched) <https://reviews.apache.org/r/69420/#comment296920> I think we should not do this for this test because what we want to verify is **overriding** the default profile. -

Re: Review Request 68021: Added `linux/seccomp` isolator.

2018-12-28 Thread Qian Zhang
89-92 (patched) <https://reviews.apache.org/r/68021/#comment296921> This is kind of strange to me, I think we do not have this kind of semantics in Mesos before. Can we have a bool field in `LinuxInfo.Seccomp` to explicitly enable/disable Seccomp for a container? - Qian Zhang On

Re: Review Request 69409: Added Seccomp parser tests.

2018-12-27 Thread Qian Zhang
in the patch https://reviews.apache.org/r/68019 - Qian Zhang On Nov. 20, 2018, 8:21 p.m., Andrei Budnik wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > http

Re: Review Request 68022: Enabled Seccomp filter in the containerizer launcher.

2018-12-27 Thread Qian Zhang
Filter->load()`. - Qian Zhang On Aug. 6, 2018, 9:39 p.m., Andrei Budnik wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https:/

Re: Review Request 68021: Added `linux/seccomp` isolator.

2018-12-27 Thread Qian Zhang
d to line 21. - Qian Zhang On Nov. 8, 2018, 11:24 p.m., Andrei Budnik wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://re

Re: Review Request 68020: Added Seccomp-related flags to the agent.

2018-12-27 Thread Qian Zhang
> On Dec. 27, 2018, 3:44 p.m., Qian Zhang wrote: > > src/slave/flags.hpp > > Lines 192 (patched) > > <https://reviews.apache.org/r/68020/diff/9/?file=2111366#file2111366line192> > > > > Why not make this flag as optional too? If we make this flag

Re: Review Request 69493: Documented the `linux/seccomp` isolator.

2018-12-27 Thread Qian Zhang
tps://reviews.apache.org/r/69493/#comment296865> I think we also need to update the `upgrades.md` like https://github.com/apache/mesos/blob/master/docs/upgrades.md#1-5-x-network-ports-isolator - Qian Zhang On Dec. 1, 2018, 12:33 a.m., Andrei Budnik

Re: Review Request 68020: Added Seccomp-related flags to the agent.

2018-12-26 Thread Qian Zhang
`the path of the default Seccomp profile` to `the name of the default Seccomp profile`. - Qian Zhang On Nov. 8, 2018, 11:24 p.m., Andrei Budnik wrote: > > --- > This is an automatically generated e-mail. To reply, visit

Re: Review Request 68020: Added Seccomp-related flags to the agent.

2018-12-26 Thread Qian Zhang
/68020/#comment296866> Why not make this flag as optional too? - Qian Zhang On Nov. 8, 2018, 11:24 p.m., Andrei Budnik wrote: > > --- > This is an automatically generated e-mail. To reply, visit: >

Re: Review Request 68019: Added a parser for the Docker Seccomp config format.

2018-12-26 Thread Qian Zhang
he other two places below this code. src/linux/seccomp/seccomp_parser.cpp Lines 504 (patched) <https://reviews.apache.org/r/68019/#comment296857> Just a question, this will not affect agent process since we do not call `seccompFilter.get()->load()`, right? - Qian Zhang On N

Re: Review Request 68018: Added `SeccompFilter` class.

2018-12-25 Thread Qian Zhang
s 199 (patched) <https://reviews.apache.org/r/68018/#comment296853> Kill this newline. - Qian Zhang On Nov. 8, 2018, 11:24 p.m., Andrei Budnik wrote: > >

Re: Review Request 68016: Added libseccomp to the build.

2018-12-25 Thread Qian Zhang
y need to do this when seccomp isolator is enabled? And do we need to move this to line 70 `# 3RDPARTY OPTIONS.`? - Qian Zhang On Nov. 8, 2018, 11:23 p.m., Andrei Budnik wrote: > > --- > This is an automatically generated e

Re: Review Request 68017: Added Seccomp-related protobuf messages.

2018-12-21 Thread Qian Zhang
7 (patched) <https://reviews.apache.org/r/68017/#comment296694> Can you please add a comment for this message? include/mesos/slave/containerizer.proto Lines 258 (patched) <https://reviews.apache.org/r/68017/#comment296695> Should it be `repeated CapabilityInfo.Capability cap

Re: Review Request 68016: Added libseccomp to the build.

2018-12-20 Thread Qian Zhang
> On Dec. 20, 2018, 5:39 p.m., Qian Zhang wrote: > > configure.ac > > Lines 1607-1608 (patched) > > <https://reviews.apache.org/r/68016/diff/10/?file=2114532#file2114532line1607> > > > > What is the difference between `use a preinstalled libseccomp`

Re: Review Request 69544: Made non-root containers can access shared persistent volume.

2018-12-20 Thread Qian Zhang
/69544/diff/3-4/ Testing --- Thanks, Qian Zhang

Re: Review Request 69542: Made non-root containers can access SANDBOX_PATH volume of PARENT type.

2018-12-20 Thread Qian Zhang
reply, visit: https://reviews.apache.org/r/69542/#review211193 --- On Dec. 21, 2018, 10:59 a.m., Qian Zhang wrote: > > --- > This is an automatically

Re: Review Request 69542: Made non-root containers can access SANDBOX_PATH volume of PARENT type.

2018-12-20 Thread Qian Zhang
, Qian Zhang

Re: Review Request 69541: Added volume gid manager.

2018-12-20 Thread Qian Zhang
/5/ Changes: https://reviews.apache.org/r/69541/diff/4-5/ Testing --- Thanks, Qian Zhang

Re: Review Request 68163: Added a test `UNPRIVILEGED_USER_SharedPersistentVolume`.

2018-12-20 Thread Qian Zhang
-------- On Dec. 11, 2018, 2:51 p.m., Qian Zhang wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/68163/ > -

Review Request 69614: Reverted "Added `libacl` into a few Dockerfiles.".

2018-12-20 Thread Qian Zhang
e25dd70789322a843fa5e1a8733d9ab4d4fb327c support/packaging/centos/mesos.spec 8e719ab4196df340d75a6e9562c48c07342b7ec8 Diff: https://reviews.apache.org/r/69614/diff/1/ Testing --- Thanks, Qian Zhang

Review Request 69613: Added tests for volume gid manager.

2018-12-20 Thread Qian Zhang
c588183e9d2b1cc733fdf3df70f37d47a5fdd7c0 src/tests/containerizer/volume_gid_manager_tests.cpp PRE-CREATION Diff: https://reviews.apache.org/r/69613/diff/1/ Testing --- Thanks, Qian Zhang

Re: Review Request 69547: Added a test `ROOT_UNPRIVILEGED_USER_TaskSandboxSharedPersistentVolume`.

2018-12-20 Thread Qian Zhang
86c3a98ec9e3c5d9d8f2a88218dec1e56d0ebc4c Diff: https://reviews.apache.org/r/69547/diff/3/ Changes: https://reviews.apache.org/r/69547/diff/2-3/ Testing --- sudo make check Thanks, Qian Zhang

Re: Review Request 68016: Added libseccomp to the build.

2018-12-20 Thread Qian Zhang
uot;xyes"`? configure.ac Lines 1617 (patched) <https://reviews.apache.org/r/68016/#comment296598> I see in line 1599 you check the header `linux/seccomp.h`, so what's difference between `linux/seccomp.h` and `seccomp.h`?

Re: Review Request 69541: Added volume gid manager.

2018-12-19 Thread Qian Zhang
/69541/diff/4/ Changes: https://reviews.apache.org/r/69541/diff/3-4/ Testing --- Thanks, Qian Zhang

Re: Review Request 69543: Implemented recovery for volume gid manager.

2018-12-19 Thread Qian Zhang
://reviews.apache.org/r/69543/diff/2-3/ Testing --- Thanks, Qian Zhang

Re: Review Request 69592: Updated upgrades.md.

2018-12-18 Thread Qian Zhang
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69592/#review211427 --- Ship it! Ship It! - Qian Zhang On Dec. 19, 2018, 3:22 p.m

Re: Review Request 69590: Moves CNI root directory to a persistent location.

2018-12-18 Thread Qian Zhang
t296520> s/persist/persists/ And no need the leading space. - Qian Zhang On Dec. 19, 2018, 12:52 p.m., Deepak Goel wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > http

Re: Review Request 69590: Moves CNI root directory to a persistent location.

2018-12-18 Thread Qian Zhang
ttps://reviews.apache.org/r/69590/#comment296503> Should the default value be `false` for backward compatibility? - Qian Zhang On Dec. 19, 2018, 10:03 a.m., Deepak Goel wrote: > > --- > This is an automatically generated e-mail.

Re: Review Request 67844: Bundled libseccomp v2.3.3 into 3rdparty libraries.

2018-12-18 Thread Qian Zhang
--- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67844/#review211394 --- Ship it! Ship It! - Qian Zhang On Aug. 6, 2018, 9:37 p.m

Review Request 69579: Added a test `ROOT_UNPRIVILEGED_USER_TaskSandboxLocalPersistentVolume`.

2018-12-18 Thread Qian Zhang
Diff: https://reviews.apache.org/r/69579/diff/1/ Testing --- Thanks, Qian Zhang

Re: Review Request 69544: Made non-root containers can access shared persistent volume.

2018-12-18 Thread Qian Zhang
/69544/diff/2-3/ Testing --- Thanks, Qian Zhang

Re: Review Request 69543: Implemented recovery for volume gid manager.

2018-12-18 Thread Qian Zhang
id_manager.hpp > PRE-CREATION > src/slave/containerizer/mesos/volume_gid_manager/volume_gid_manager.cpp > PRE-CREATION > > > Diff: https://reviews.apache.org/r/69543/diff/2/ > > > Testing > --- > > > Thanks, > > Qian Zhang > >

Re: Review Request 69541: Added volume gid manager.

2018-12-18 Thread Qian Zhang
/r/69541/diff/3/ Changes: https://reviews.apache.org/r/69541/diff/2-3/ Testing --- Thanks, Qian Zhang

Re: Review Request 69543: Implemented recovery for volume gid manager.

2018-12-18 Thread Qian Zhang
://reviews.apache.org/r/69543/diff/1-2/ Testing --- Thanks, Qian Zhang

  1   2   3   4   5   6   7   8   9   10   >