You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by bm...@apache.org on 2017/05/30 22:37:27 UTC
[3/3] mesos git commit: Documented
LIBPROCESS_REQUIRE_PEER_ADDRESS_IP_MATCH.
Documented LIBPROCESS_REQUIRE_PEER_ADDRESS_IP_MATCH.
Review: https://reviews.apache.org/r/59150/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/0a832188
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/0a832188
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/0a832188
Branch: refs/heads/master
Commit: 0a83218855a604fc6c8663950d48cb2f3c93ef93
Parents: 8fbbebf
Author: James Peach <jp...@apache.org>
Authored: Tue May 30 15:35:28 2017 -0700
Committer: Benjamin Mahler <bm...@apache.org>
Committed: Tue May 30 15:36:55 2017 -0700
----------------------------------------------------------------------
docs/configuration.md | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/0a832188/docs/configuration.md
----------------------------------------------------------------------
diff --git a/docs/configuration.md b/docs/configuration.md
index 59e1bbe..8c3be23 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -2117,6 +2117,23 @@ quotas for container sandbox directories. Valid project IDs range from
</tr>
<tr>
<td>
+ LIBPROCESS_REQUIRE_PEER_ADDRESS_IP_MATCH
+ </td>
+ <td>
+ If set, the IP address portion of the libprocess UPID in
+ incoming messages is required to match the IP address
+ of the socket from which the message was sent. This can be a
+ security enhancement since it prevents unauthorized senders
+ impersonating other libprocess actors. This check may
+ break configurations that require setting LIBPROCESS_IP,
+ or LIBPROCESS_ADVERTISE_IP. Additionally, multi-homed
+ configurations may be affected since the address on
+ which libprocess is listening may not match the address from
+ which libprocess connects to other actors.
+ </td>
+ </tr>
+ <tr>
+ <td>
LIBPROCESS_ENABLE_PROFILER
</td>
<td>