You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@mesos.apache.org by James Peach <jp...@apache.org> on 2017/05/24 23:45:50 UTC
Review Request 59550: Check bounding capabilities at isolator
creation time.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59550/
-----------------------------------------------------------
Review request for mesos, Jie Yu and Jiang Yan Xu.
Bugs: MESOS-7476
https://issues.apache.org/jira/browse/MESOS-7476
Repository: mesos
Description
-------
When we create the `linux/capabilities` isolator, enforce the rule that
the bounding capabilities are a superset of the allowed capabilities
when both are specified.
Diffs
-----
src/slave/containerizer/mesos/isolators/linux/capabilities.cpp 60d22aa877c1ab62a08222e5efe8800e337684da
src/tests/containerizer/linux_capabilities_isolator_tests.cpp 40376a03fdb8f931f8d3f83b1c3fa6207e02c1d1
Diff: https://reviews.apache.org/r/59550/diff/1/
Testing
-------
make check (Fedora 25)
Thanks,
James Peach
Re: Review Request 59550: Check bounding capabilities at isolator
creation time.
Posted by James Peach <jp...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59550/
-----------------------------------------------------------
(Updated June 5, 2017, 4:25 p.m.)
Review request for mesos, Jie Yu and Jiang Yan Xu.
Changes
-------
Rebased.
Bugs: MESOS-7476
https://issues.apache.org/jira/browse/MESOS-7476
Repository: mesos
Description
-------
When we create the `linux/capabilities` isolator, enforce the rule that
the bounding capabilities are a superset of the allowed capabilities
when both are specified.
Diffs (updated)
-----
src/slave/containerizer/mesos/isolators/linux/capabilities.cpp 60d22aa877c1ab62a08222e5efe8800e337684da
src/tests/containerizer/linux_capabilities_isolator_tests.cpp 40376a03fdb8f931f8d3f83b1c3fa6207e02c1d1
Diff: https://reviews.apache.org/r/59550/diff/2/
Changes: https://reviews.apache.org/r/59550/diff/1-2/
Testing
-------
make check (Fedora 25)
Thanks,
James Peach
Re: Review Request 59550: Check bounding capabilities at isolator
creation time.
Posted by Jie Yu <yu...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59550/#review176472
-----------------------------------------------------------
Ship it!
Ship It!
- Jie Yu
On May 24, 2017, 11:45 p.m., James Peach wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/59550/
> -----------------------------------------------------------
>
> (Updated May 24, 2017, 11:45 p.m.)
>
>
> Review request for mesos, Jie Yu and Jiang Yan Xu.
>
>
> Bugs: MESOS-7476
> https://issues.apache.org/jira/browse/MESOS-7476
>
>
> Repository: mesos
>
>
> Description
> -------
>
> When we create the `linux/capabilities` isolator, enforce the rule that
> the bounding capabilities are a superset of the allowed capabilities
> when both are specified.
>
>
> Diffs
> -----
>
> src/slave/containerizer/mesos/isolators/linux/capabilities.cpp 60d22aa877c1ab62a08222e5efe8800e337684da
> src/tests/containerizer/linux_capabilities_isolator_tests.cpp 40376a03fdb8f931f8d3f83b1c3fa6207e02c1d1
>
>
> Diff: https://reviews.apache.org/r/59550/diff/1/
>
>
> Testing
> -------
>
> make check (Fedora 25)
>
>
> Thanks,
>
> James Peach
>
>