You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@mesos.apache.org by Jojy Varghese <jo...@mesosphere.io> on 2016/04/28 23:47:06 UTC

Review Request 46798: Introduced linux capabilities support for mesos containerizer.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46798/
-----------------------------------------------------------

Review request for mesos and Jie Yu.


Repository: mesos


Description
-------

This change introduces linux capability based security for unified
containerizer. A new agent flag `allowed_capabilities` has been
introduced to override the default capabilities of the user or the
capabilities requested by the user.

This feature is only available on linux.


Diffs
-----

  src/launcher/executor.cpp 9f1d2168bc4ddbce1bcd25ff38dc1c34714eb28b 
  src/slave/containerizer/mesos/containerizer.hpp 13399f014dcd85defbff79f3b5aa4e7e75d41fd1 
  src/slave/containerizer/mesos/containerizer.cpp 8d538954d6e1f13e833d75c2eaa37e700278ee0c 
  src/slave/containerizer/mesos/launch.cpp e22106b014c871e2184a15c2ab154a0674874e47 
  src/slave/flags.hpp 4fa3213545d4bd3525d85c3f71749f00f08dc998 
  src/slave/flags.cpp 6fde51fc61cfcad61d4085c208bd2eca2eae8f14 
  src/tests/container_logger_tests.cpp efadceafca5721bce4dbffadb35f54fd5365abb0 
  src/tests/containerizer/filesystem_isolator_tests.cpp 29d313051865761306029f331eb36684c3252ffb 
  src/tests/containerizer/mesos_containerizer_tests.cpp 09742ff21513dc2570684d384b257868dd57a9ce 

Diff: https://reviews.apache.org/r/46798/diff/


Testing
-------

make check; used mesos cli to test end to end functionality.


Thanks,

Jojy Varghese

Re: Review Request 46798: Introduced linux capabilities support for mesos containerizer.

Posted by Jojy Varghese <jo...@mesosphere.io>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46798/
-----------------------------------------------------------

(Updated April 29, 2016, 6:35 p.m.)


Review request for mesos and Jie Yu.


Repository: mesos


Description
-------

This change introduces linux capability based security for unified
containerizer. A new agent flag `allowed_capabilities` has been
introduced to override the default capabilities of the user or the
capabilities requested by the user.

This feature is only available on linux.


Diffs (updated)
-----

  src/launcher/executor.cpp 9f1d2168bc4ddbce1bcd25ff38dc1c34714eb28b 
  src/slave/containerizer/mesos/containerizer.hpp 13399f014dcd85defbff79f3b5aa4e7e75d41fd1 
  src/slave/containerizer/mesos/containerizer.cpp 8d538954d6e1f13e833d75c2eaa37e700278ee0c 
  src/slave/containerizer/mesos/launch.cpp e22106b014c871e2184a15c2ab154a0674874e47 
  src/slave/flags.hpp 4fa3213545d4bd3525d85c3f71749f00f08dc998 
  src/slave/flags.cpp 6fde51fc61cfcad61d4085c208bd2eca2eae8f14 
  src/tests/container_logger_tests.cpp efadceafca5721bce4dbffadb35f54fd5365abb0 
  src/tests/containerizer/filesystem_isolator_tests.cpp 29d313051865761306029f331eb36684c3252ffb 
  src/tests/containerizer/mesos_containerizer_tests.cpp 09742ff21513dc2570684d384b257868dd57a9ce 

Diff: https://reviews.apache.org/r/46798/diff/


Testing
-------

make check; used mesos cli to test end to end functionality.


Thanks,

Jojy Varghese