You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@mesos.apache.org by Andrei Budnik <ab...@mesosphere.com> on 2019/01/03 13:41:01 UTC
Re: Review Request 68021: Added `linux/seccomp` isolator.
> On Dec. 29, 2018, 1:40 a.m., Qian Zhang wrote:
> > src/slave/containerizer/mesos/isolators/linux/seccomp.cpp
> > Lines 89-92 (patched)
> > <https://reviews.apache.org/r/68021/diff/10/?file=2110838#file2110838line89>
> >
> > This is kind of strange to me, I think we do not have this kind of semantics in Mesos before. Can we have a bool field in `LinuxInfo.Seccomp` to explicitly enable/disable Seccomp for a container?
I've added `bool unconfined` flag into `LinuxInfo.Seccomp`.
- Andrei
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68021/#review211573
-----------------------------------------------------------
On Nov. 8, 2018, 3:24 p.m., Andrei Budnik wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68021/
> -----------------------------------------------------------
>
> (Updated Nov. 8, 2018, 3:24 p.m.)
>
>
> Review request for mesos, Gilbert Song, Jie Yu, James Peach, and Qian Zhang.
>
>
> Bugs: MESOS-9035
> https://issues.apache.org/jira/browse/MESOS-9035
>
>
> Repository: mesos
>
>
> Description
> -------
>
> This patch introduces `linux/seccomp` isolator which is used for
> preparing `ContainerSeccompProfile` for the Mesos containerizer
> launcher. If the `ContainerConfig` message has an info about Seccomp
> profile name, then this info will be used to locate a Seccomp profile.
> The given Seccomp profile is parsed and the resulting
> `ContainerSeccompProfile` is stored in the `ContainerLaunchInfo`
> message.
>
>
> Diffs
> -----
>
> src/CMakeLists.txt bde070445b644e15d46c390d1c983caabaa1fec8
> src/Makefile.am 7a4904a3d67479267087fd2313a263d8218843fa
> src/slave/containerizer/mesos/containerizer.cpp a5cf2da55c046c5c45e0c2ca3400f64de12de62b
> src/slave/containerizer/mesos/isolators/linux/seccomp.hpp PRE-CREATION
> src/slave/containerizer/mesos/isolators/linux/seccomp.cpp PRE-CREATION
>
>
> Diff: https://reviews.apache.org/r/68021/diff/11/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Andrei Budnik
>
>