[6/7] mesos git commit: Update documentation for framework bounding capabilities.

[ji...@apache.org]

Update documentation for framework bounding capabilities.

Review: https://reviews.apache.org/r/60414/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/a28f7726
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/a28f7726
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/a28f7726

Branch: refs/heads/master
Commit: a28f7726a57e0351e312a08ca260b50a9ccb3171
Parents: 31c7ad7
Author: James Peach <jp...@apache.org>
Authored: Fri Jun 30 17:12:36 2017 -0700
Committer: Jie Yu <yu...@gmail.com>
Committed: Fri Jun 30 17:12:36 2017 -0700

----------------------------------------------------------------------
 docs/linux_capabilities.md | 33 ++++++++++++++++++---------------
 1 file changed, 18 insertions(+), 15 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/a28f7726/docs/linux_capabilities.md
----------------------------------------------------------------------
diff --git a/docs/linux_capabilities.md b/docs/linux_capabilities.md
index 30b9f0c..d45c66c 100644
--- a/docs/linux_capabilities.md
+++ b/docs/linux_capabilities.md
@@ -35,10 +35,12 @@ be explicitly dropped.  If the `--effective_capabilities` flag is not
 present, the task will be launched with the default capabilities of the
 task user but the ambient capabilities will not be set.
 
-The `--bounding_capabilities` flag specifies an upper bound on the the
-capabilities a task is allowed to acquire or be granted.  Schedulers are
-not allowed to launch tasks with capabilities outside the set specified
-by the `--bounding_capabilities` flag.
+The `--bounding_capabilities` flag specifies an upper bound on the
+the capabilities a task is allowed to acquire or be granted.
+Schedulers are not allowed to launch tasks with capabilities outside
+the set specified by the `--bounding_capabilities` flag, but may
+specify effective or bounding capabilities that are within this
+set.
 
 An empty list for `--bounding_capabilities` signifies that no capabilities
 are allowed, while an absent `--bounding_capabilities` flag signifies
@@ -57,18 +59,19 @@ sudo mesos-agent --master=<master ip> --ip=<agent ip>
 
 ## Task setup
 
-In order for a Mesos task to acquire effective capabilities it should
-declare the required capabilities in the `LinuxInfo` element of its
-`ContainerInfo`.
+In order for a Mesos task to acquire specific effective capabilities
+or limit its bounding capabilities it should declare the required
+capabilities in the `LinuxInfo` element of its `ContainerInfo`.
 
 A Mesos task can only request capabilities which are allowed according
 to the `--bounding_capabilities` flag of the agent; a task requesting
 other capabilities will be rejected. When the `--bounding_capabilities`
-flag is not present, all capability request will be granted.
-
-If the optional `capability_info` field is not set, the value of the
-`--effective_capabilities` flag will be used to populate the task
-capabilities. If an empty list of capabilities is given, the Mesos task
-will drop all capabilities.  Note that the task will be unable to acquire
-capabilities not specified in the final `capability_info` even if the
-`--bounding_capabilities` flag would otherwise allow them.
+flag is not present, all capability requests will be granted.
+
+If the optional `effective_capabilities` field is not set, the value
+of the `--effective_capabilities` flag will be used to populate the
+task capabilities. If the optional `bounding_capabilities` field
+is not set, the value of the `--bounding_capabilities` flag will
+be used to populate the task capabilities. In both case, if an empty
+list of capabilities is given, the Mesos task will drop all
+capabilities in the corresponding set.