You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@mesos.apache.org by bm...@apache.org on 2017/05/30 22:37:27 UTC

[3/3] mesos git commit: Documented LIBPROCESS_REQUIRE_PEER_ADDRESS_IP_MATCH.

Documented LIBPROCESS_REQUIRE_PEER_ADDRESS_IP_MATCH.

Review: https://reviews.apache.org/r/59150/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/0a832188
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/0a832188
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/0a832188

Branch: refs/heads/master
Commit: 0a83218855a604fc6c8663950d48cb2f3c93ef93
Parents: 8fbbebf
Author: James Peach <jp...@apache.org>
Authored: Tue May 30 15:35:28 2017 -0700
Committer: Benjamin Mahler <bm...@apache.org>
Committed: Tue May 30 15:36:55 2017 -0700

----------------------------------------------------------------------
 docs/configuration.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/0a832188/docs/configuration.md
----------------------------------------------------------------------
diff --git a/docs/configuration.md b/docs/configuration.md
index 59e1bbe..8c3be23 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -2117,6 +2117,23 @@ quotas for container sandbox directories. Valid project IDs range from
   </tr>
   <tr>
     <td>
+      LIBPROCESS_REQUIRE_PEER_ADDRESS_IP_MATCH
+    </td>
+    <td>
+      If set, the IP address portion of the libprocess UPID in
+      incoming messages is required to match the IP address
+      of the socket from which the message was sent. This can be a
+      security enhancement since it prevents unauthorized senders
+      impersonating other libprocess actors. This check may
+      break configurations that require setting LIBPROCESS_IP,
+      or LIBPROCESS_ADVERTISE_IP. Additionally, multi-homed
+      configurations may be affected since the address on
+      which libprocess is listening may not match the address from
+      which libprocess connects to other actors.
+    </td>
+  </tr>
+  <tr>
+    <td>
       LIBPROCESS_ENABLE_PROFILER
     </td>
     <td>