This is an automated email from the ASF dual-hosted git repository.
bbannier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git
commit 900d23337c76824328340ca3d3151fb2f1c45ba7
Author: Charles-Francois Natali <cf.nat...@gmail.com>
AuthorDate: Sun Jan 24 17:15:34 2021 +0000
Added CAP_PERFMON, CAP_BPF and CAP_CHECKPOINT_RESTORE support.
Part of fix for #10203.
---
include/mesos/mesos.proto | 3 ++
include/mesos/v1/mesos.proto | 3 ++
src/linux/capabilities.cpp | 81 +++++++++++++++++++++---------------------
src/linux/capabilities.hpp | 83 +++++++++++++++++++++++---------------------
4 files changed, 91 insertions(+), 79 deletions(-)
diff --git a/include/mesos/mesos.proto b/include/mesos/mesos.proto
index a51d6fa..3cbdc5c 100644
--- a/include/mesos/mesos.proto
+++ b/include/mesos/mesos.proto
@@ -3378,6 +3378,9 @@ message CapabilityInfo {
WAKE_ALARM = 1035;
BLOCK_SUSPEND = 1036;
AUDIT_READ = 1037;
+ CAP_PERFMON = 1038;
+ CAP_BPF = 1039;
+ CAP_CHECKPOINT_RESTORE = 1040;
}
repeated Capability capabilities = 1;
diff --git a/include/mesos/v1/mesos.proto b/include/mesos/v1/mesos.proto
index ad7092e..0a3f8c0 100644
--- a/include/mesos/v1/mesos.proto
+++ b/include/mesos/v1/mesos.proto
@@ -3367,6 +3367,9 @@ message CapabilityInfo {
WAKE_ALARM = 1035;
BLOCK_SUSPEND = 1036;
AUDIT_READ = 1037;
+ CAP_PERFMON = 1038;
+ CAP_BPF = 1039;
+ CAP_CHECKPOINT_RESTORE = 1040;
}
repeated Capability capabilities = 1;
diff --git a/src/linux/capabilities.cpp b/src/linux/capabilities.cpp
index 270d34d..b161e64 100644
--- a/src/linux/capabilities.cpp
+++ b/src/linux/capabilities.cpp
@@ -456,45 +456,48 @@ CapabilityInfo convert(const std::set<Capability>&
capabilities)
ostream& operator<<(ostream& stream, const Capability& capability)
{
switch (capability) {
- case CHOWN: return stream << "CHOWN";
- case DAC_OVERRIDE: return stream << "DAC_OVERRIDE";
- case DAC_READ_SEARCH: return stream << "DAC_READ_SEARCH";
- case FOWNER: return stream << "FOWNER";
- case FSETID: return stream << "FSETID";
- case KILL: return stream << "KILL";
- case SETGID: return stream << "SETGID";
- case SETUID: return stream << "SETUID";
- case SETPCAP: return stream << "SETPCAP";
- case LINUX_IMMUTABLE: return stream << "LINUX_IMMUTABLE";
- case NET_BIND_SERVICE: return stream << "NET_BIND_SERVICE";
- case NET_BROADCAST: return stream << "NET_BROADCAST";
- case NET_ADMIN: return stream << "NET_ADMIN";
- case NET_RAW: return stream << "NET_RAW";
- case IPC_LOCK: return stream << "IPC_LOCK";
- case IPC_OWNER: return stream << "IPC_OWNER";
- case SYS_MODULE: return stream << "SYS_MODULE";
- case SYS_RAWIO: return stream << "SYS_RAWIO";
- case SYS_CHROOT: return stream << "SYS_CHROOT";
- case SYS_PTRACE: return stream << "SYS_PTRACE";
- case SYS_PACCT: return stream << "SYS_PACCT";
- case SYS_ADMIN: return stream << "SYS_ADMIN";
- case SYS_BOOT: return stream << "SYS_BOOT";
- case SYS_NICE: return stream << "SYS_NICE";
- case SYS_RESOURCE: return stream << "SYS_RESOURCE";
- case SYS_TIME: return stream << "SYS_TIME";
- case SYS_TTY_CONFIG: return stream << "SYS_TTY_CONFIG";
- case MKNOD: return stream << "MKNOD";
- case LEASE: return stream << "LEASE";
- case AUDIT_WRITE: return stream << "AUDIT_WRITE";
- case AUDIT_CONTROL: return stream << "AUDIT_CONTROL";
- case SETFCAP: return stream << "SETFCAP";
- case MAC_OVERRIDE: return stream << "MAC_OVERRIDE";
- case MAC_ADMIN: return stream << "MAC_ADMIN";
- case SYSLOG: return stream << "SYSLOG";
- case WAKE_ALARM: return stream << "WAKE_ALARM";
- case BLOCK_SUSPEND: return stream << "BLOCK_SUSPEND";
- case AUDIT_READ: return stream << "AUDIT_READ";
- case MAX_CAPABILITY: UNREACHABLE();
+ case CHOWN: return stream << "CHOWN";
+ case DAC_OVERRIDE: return stream << "DAC_OVERRIDE";
+ case DAC_READ_SEARCH: return stream << "DAC_READ_SEARCH";
+ case FOWNER: return stream << "FOWNER";
+ case FSETID: return stream << "FSETID";
+ case KILL: return stream << "KILL";
+ case SETGID: return stream << "SETGID";
+ case SETUID: return stream << "SETUID";
+ case SETPCAP: return stream << "SETPCAP";
+ case LINUX_IMMUTABLE: return stream << "LINUX_IMMUTABLE";
+ case NET_BIND_SERVICE: return stream << "NET_BIND_SERVICE";
+ case NET_BROADCAST: return stream << "NET_BROADCAST";
+ case NET_ADMIN: return stream << "NET_ADMIN";
+ case NET_RAW: return stream << "NET_RAW";
+ case IPC_LOCK: return stream << "IPC_LOCK";
+ case IPC_OWNER: return stream << "IPC_OWNER";
+ case SYS_MODULE: return stream << "SYS_MODULE";
+ case SYS_RAWIO: return stream << "SYS_RAWIO";
+ case SYS_CHROOT: return stream << "SYS_CHROOT";
+ case SYS_PTRACE: return stream << "SYS_PTRACE";
+ case SYS_PACCT: return stream << "SYS_PACCT";
+ case SYS_ADMIN: return stream << "SYS_ADMIN";
+ case SYS_BOOT: return stream << "SYS_BOOT";
+ case SYS_NICE: return stream << "SYS_NICE";
+ case SYS_RESOURCE: return stream << "SYS_RESOURCE";
+ case SYS_TIME: return stream << "SYS_TIME";
+ case SYS_TTY_CONFIG: return stream << "SYS_TTY_CONFIG";
+ case MKNOD: return stream << "MKNOD";
+ case LEASE: return stream << "LEASE";
+ case AUDIT_WRITE: return stream << "AUDIT_WRITE";
+ case AUDIT_CONTROL: return stream << "AUDIT_CONTROL";
+ case SETFCAP: return stream << "SETFCAP";
+ case MAC_OVERRIDE: return stream << "MAC_OVERRIDE";
+ case MAC_ADMIN: return stream << "MAC_ADMIN";
+ case SYSLOG: return stream << "SYSLOG";
+ case WAKE_ALARM: return stream << "WAKE_ALARM";
+ case BLOCK_SUSPEND: return stream << "BLOCK_SUSPEND";
+ case AUDIT_READ: return stream << "AUDIT_READ";
+ case CAP_PERFMON: return stream << "CAP_PERFMON";
+ case CAP_BPF: return stream << "CAP_BPF";
+ case CAP_CHECKPOINT_RESTORE: return stream << "CAP_CHECKPOINT_RESTORE";
+ case MAX_CAPABILITY: UNREACHABLE();
}
UNREACHABLE();
diff --git a/src/linux/capabilities.hpp b/src/linux/capabilities.hpp
index 9c793a6..4f41f49 100644
--- a/src/linux/capabilities.hpp
+++ b/src/linux/capabilities.hpp
@@ -31,48 +31,51 @@ namespace internal {
namespace capabilities {
// Superset of all capabilities. This is the set currently supported
-// by linux (kernel 4.0).
+// by linux (kernel 5.9).
enum Capability : int
{
- CHOWN = 0,
- DAC_OVERRIDE = 1,
- DAC_READ_SEARCH = 2,
- FOWNER = 3,
- FSETID = 4,
- KILL = 5,
- SETGID = 6,
- SETUID = 7,
- SETPCAP = 8,
- LINUX_IMMUTABLE = 9,
- NET_BIND_SERVICE = 10,
- NET_BROADCAST = 11,
- NET_ADMIN = 12,
- NET_RAW = 13,
- IPC_LOCK = 14,
- IPC_OWNER = 15,
- SYS_MODULE = 16,
- SYS_RAWIO = 17,
- SYS_CHROOT = 18,
- SYS_PTRACE = 19,
- SYS_PACCT = 20,
- SYS_ADMIN = 21,
- SYS_BOOT = 22,
- SYS_NICE = 23,
- SYS_RESOURCE = 24,
- SYS_TIME = 25,
- SYS_TTY_CONFIG = 26,
- MKNOD = 27,
- LEASE = 28,
- AUDIT_WRITE = 29,
- AUDIT_CONTROL = 30,
- SETFCAP = 31,
- MAC_OVERRIDE = 32,
- MAC_ADMIN = 33,
- SYSLOG = 34,
- WAKE_ALARM = 35,
- BLOCK_SUSPEND = 36,
- AUDIT_READ = 37,
- MAX_CAPABILITY = 38,
+ CHOWN = 0,
+ DAC_OVERRIDE = 1,
+ DAC_READ_SEARCH = 2,
+ FOWNER = 3,
+ FSETID = 4,
+ KILL = 5,
+ SETGID = 6,
+ SETUID = 7,
+ SETPCAP = 8,
+ LINUX_IMMUTABLE = 9,
+ NET_BIND_SERVICE = 10,
+ NET_BROADCAST = 11,
+ NET_ADMIN = 12,
+ NET_RAW = 13,
+ IPC_LOCK = 14,
+ IPC_OWNER = 15,
+ SYS_MODULE = 16,
+ SYS_RAWIO = 17,
+ SYS_CHROOT = 18,
+ SYS_PTRACE = 19,
+ SYS_PACCT = 20,
+ SYS_ADMIN = 21,
+ SYS_BOOT = 22,
+ SYS_NICE = 23,
+ SYS_RESOURCE = 24,
+ SYS_TIME = 25,
+ SYS_TTY_CONFIG = 26,
+ MKNOD = 27,
+ LEASE = 28,
+ AUDIT_WRITE = 29,
+ AUDIT_CONTROL = 30,
+ SETFCAP = 31,
+ MAC_OVERRIDE = 32,
+ MAC_ADMIN = 33,
+ SYSLOG = 34,
+ WAKE_ALARM = 35,
+ BLOCK_SUSPEND = 36,
+ AUDIT_READ = 37,
+ CAP_PERFMON = 38,
+ CAP_BPF = 39,
+ CAP_CHECKPOINT_RESTORE = 40,
+ MAX_CAPABILITY = 41,
};
