You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by ab...@apache.org on 2019/04/05 14:31:20 UTC
[mesos] branch master updated: Clarified a comment for
`SeccompInfo` in mesos.proto.
This is an automated email from the ASF dual-hosted git repository.
abudnik pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git
The following commit(s) were added to refs/heads/master by this push:
new 5ca5625 Clarified a comment for `SeccompInfo` in mesos.proto.
5ca5625 is described below
commit 5ca56257e9377c36c595cc83ce2eeb98a166945e
Author: Andrei Budnik <ab...@mesosphere.com>
AuthorDate: Fri Apr 5 16:14:04 2019 +0200
Clarified a comment for `SeccompInfo` in mesos.proto.
Review: https://reviews.apache.org/r/70407
---
include/mesos/mesos.proto | 5 ++++-
include/mesos/v1/mesos.proto | 5 ++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/include/mesos/mesos.proto b/include/mesos/mesos.proto
index 7aa7d5b..dc6a87f 100644
--- a/include/mesos/mesos.proto
+++ b/include/mesos/mesos.proto
@@ -3228,7 +3228,9 @@ message SeccompInfo {
// If not set or set to `false`, the container is launched with
// the profile specified in the `profile_name` field.
//
- // NOTE: `profile_name` should not be specified if `unconfined` set to `true`.
+ // NOTE: `profile_name` must not be specified if `unconfined` set to `true`.
+ // `profile_name` must be specified if `unconfined` is not set or
+ // is set to `false`.
optional bool unconfined = 2;
}
@@ -3258,6 +3260,7 @@ message LinuxInfo {
optional bool share_pid_namespace = 4;
// Represents Seccomp configuration, which is used for syscall filtering.
+ // This field is used to override the agent's default Seccomp configuration.
optional SeccompInfo seccomp = 5;
}
diff --git a/include/mesos/v1/mesos.proto b/include/mesos/v1/mesos.proto
index d66f29c..3507909 100644
--- a/include/mesos/v1/mesos.proto
+++ b/include/mesos/v1/mesos.proto
@@ -3221,7 +3221,9 @@ message SeccompInfo {
// If not set or set to `false`, the container is launched with
// the profile specified in the `profile_name` field.
//
- // NOTE: `profile_name` should not be specified if `unconfined` set to `true`.
+ // NOTE: `profile_name` must not be specified if `unconfined` set to `true`.
+ // `profile_name` must be specified if `unconfined` is not set or
+ // is set to `false`.
optional bool unconfined = 2;
}
@@ -3251,6 +3253,7 @@ message LinuxInfo {
optional bool share_pid_namespace = 4;
// Represents Seccomp configuration, which is used for syscall filtering.
+ // This field is used to override the agent's default Seccomp configuration.
optional SeccompInfo seccomp = 5;
}