You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Gilbert Song (JIRA)" <ji...@apache.org> on 2019/01/28 08:04:00 UTC

[jira] [Commented] (MESOS-9386) Implement Seccomp profile inheritance for POD containers

    [ https://issues.apache.org/jira/browse/MESOS-9386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16753777#comment-16753777 ] 

Gilbert Song commented on MESOS-9386:
-------------------------------------

Probably we should close this as "won't do"?

> Implement Seccomp profile inheritance for POD containers
> --------------------------------------------------------
>
>                 Key: MESOS-9386
>                 URL: https://issues.apache.org/jira/browse/MESOS-9386
>             Project: Mesos
>          Issue Type: Task
>          Components: containerization
>            Reporter: Andrei Budnik
>            Assignee: Andrei Budnik
>            Priority: Major
>              Labels: mesosphere
>
> Child containers inherit its parent container's Seccomp profile by default. Also, Seccomp profile can be overridden by a Framework for a particular child container by specifying a path to the Seccomp profile.
> Mesos containerizer persists information about containers on disk via `ContainerLaunchInfo` proto, which includes `ContainerSeccompProfile` proto. Mesos containerizer should use this proto to load the parent's profile for a child container. When a child inherits the parent's Seccomp profile, Mesos agent doesn't have to re-read a Seccomp profile from the disk, which was used for the parent container. Otherwise, we would have to check that a file content hasn't changed since the last time the parent was launched.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)