mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Budnik <abud...@mesosphere.com>
Subject Review Request 68022: Enabled Seccomp filter in the containerizer launcher. (WIP)
Date Mon, 23 Jul 2018 13:57:13 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68022/
-----------------------------------------------------------

Review request for mesos, Gilbert Song, Jie Yu, James Peach, and Qian Zhang.


Bugs: MESOS-9106
    https://issues.apache.org/jira/browse/MESOS-9106


Repository: mesos


Description
-------

Containerizer launcher creates an instance of `SeccompFilter`, which is
used to setup Seccomp profile using `ContainerSeccompProfile` message
prepared by the `linux/seccomp` isolator. The Seccomp filter is loaded
right before calling `execve()`, so that a container will be running
with a syscall filtering enabled.


Diffs
-----

  src/slave/containerizer/mesos/launch.cpp 7193da0a094df3e441e185c62b3a0379a0bdc4a2 


Diff: https://reviews.apache.org/r/68022/diff/1/


Testing
-------


Thanks,

Andrei Budnik


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message