mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jojy Varghese <j...@mesosphere.io>
Subject Re: Review Request 46798: Introduced linux capabilities support for mesos containerizer.
Date Tue, 17 May 2016 14:59:45 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46798/
-----------------------------------------------------------

(Updated May 17, 2016, 2:59 p.m.)


Review request for mesos and Jie Yu.


Changes
-------

rebased


Repository: mesos


Description
-------

This change introduces linux capability based security for unified
containerizer. A new agent flag \`allowed_capabilities\` has been
introduced to override the default capabilities of the user or the
capabilities requested by the user.

This feature is only available on linux.


Diffs (updated)
-----

  src/launcher/executor.cpp 7d111e668e0a139a98bdeb959997843180b40452 
  src/slave/containerizer/mesos/containerizer.hpp a1a00020668f6da8d611f26e5637afffc87d09ba

  src/slave/containerizer/mesos/containerizer.cpp 75e5a32a3e70ec60a6800e21a621673184ea0956

  src/slave/containerizer/mesos/launch.hpp c716e0396736d1f2f60ec31540f12f4f7597d081 
  src/slave/containerizer/mesos/launch.cpp e22106b014c871e2184a15c2ab154a0674874e47 
  src/slave/flags.hpp 80ba2887448e91c40ae68fc2d9f0c0bee1a49f48 
  src/slave/flags.cpp b7df8f760d0f75459f1e80e3d8e18d49a3995df8 
  src/tests/container_logger_tests.cpp efadceafca5721bce4dbffadb35f54fd5365abb0 
  src/tests/containerizer/docker_volume_isolator_tests.cpp c524f42743bf08ee54f1cbb083d0d3c85a8b70c9

  src/tests/containerizer/filesystem_isolator_tests.cpp 4293416ac8434e9eb7e80724480a54936a2fe24a

  src/tests/containerizer/mesos_containerizer_tests.cpp 09742ff21513dc2570684d384b257868dd57a9ce


Diff: https://reviews.apache.org/r/46798/diff/


Testing
-------

make check; used mesos cli to test end to end functionality.


Thanks,

Jojy Varghese


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message