This is an automated email from the ASF dual-hosted git repository. bbannier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/mesos.git
commit 900d23337c76824328340ca3d3151fb2f1c45ba7 Author: Charles-Francois Natali <cf.nat...@gmail.com> AuthorDate: Sun Jan 24 17:15:34 2021 +0000 Added CAP_PERFMON, CAP_BPF and CAP_CHECKPOINT_RESTORE support. Part of fix for #10203. --- include/mesos/mesos.proto | 3 ++ include/mesos/v1/mesos.proto | 3 ++ src/linux/capabilities.cpp | 81 +++++++++++++++++++++--------------------- src/linux/capabilities.hpp | 83 +++++++++++++++++++++++--------------------- 4 files changed, 91 insertions(+), 79 deletions(-) diff --git a/include/mesos/mesos.proto b/include/mesos/mesos.proto index a51d6fa..3cbdc5c 100644 --- a/include/mesos/mesos.proto +++ b/include/mesos/mesos.proto @@ -3378,6 +3378,9 @@ message CapabilityInfo { WAKE_ALARM = 1035; BLOCK_SUSPEND = 1036; AUDIT_READ = 1037; + CAP_PERFMON = 1038; + CAP_BPF = 1039; + CAP_CHECKPOINT_RESTORE = 1040; } repeated Capability capabilities = 1; diff --git a/include/mesos/v1/mesos.proto b/include/mesos/v1/mesos.proto index ad7092e..0a3f8c0 100644 --- a/include/mesos/v1/mesos.proto +++ b/include/mesos/v1/mesos.proto @@ -3367,6 +3367,9 @@ message CapabilityInfo { WAKE_ALARM = 1035; BLOCK_SUSPEND = 1036; AUDIT_READ = 1037; + CAP_PERFMON = 1038; + CAP_BPF = 1039; + CAP_CHECKPOINT_RESTORE = 1040; } repeated Capability capabilities = 1; diff --git a/src/linux/capabilities.cpp b/src/linux/capabilities.cpp index 270d34d..b161e64 100644 --- a/src/linux/capabilities.cpp +++ b/src/linux/capabilities.cpp @@ -456,45 +456,48 @@ CapabilityInfo convert(const std::set<Capability>& capabilities) ostream& operator<<(ostream& stream, const Capability& capability) { switch (capability) { - case CHOWN: return stream << "CHOWN"; - case DAC_OVERRIDE: return stream << "DAC_OVERRIDE"; - case DAC_READ_SEARCH: return stream << "DAC_READ_SEARCH"; - case FOWNER: return stream << "FOWNER"; - case FSETID: return stream << "FSETID"; - case KILL: return stream << "KILL"; - case SETGID: return stream << "SETGID"; - case SETUID: return stream << "SETUID"; - case SETPCAP: return stream << "SETPCAP"; - case LINUX_IMMUTABLE: return stream << "LINUX_IMMUTABLE"; - case NET_BIND_SERVICE: return stream << "NET_BIND_SERVICE"; - case NET_BROADCAST: return stream << "NET_BROADCAST"; - case NET_ADMIN: return stream << "NET_ADMIN"; - case NET_RAW: return stream << "NET_RAW"; - case IPC_LOCK: return stream << "IPC_LOCK"; - case IPC_OWNER: return stream << "IPC_OWNER"; - case SYS_MODULE: return stream << "SYS_MODULE"; - case SYS_RAWIO: return stream << "SYS_RAWIO"; - case SYS_CHROOT: return stream << "SYS_CHROOT"; - case SYS_PTRACE: return stream << "SYS_PTRACE"; - case SYS_PACCT: return stream << "SYS_PACCT"; - case SYS_ADMIN: return stream << "SYS_ADMIN"; - case SYS_BOOT: return stream << "SYS_BOOT"; - case SYS_NICE: return stream << "SYS_NICE"; - case SYS_RESOURCE: return stream << "SYS_RESOURCE"; - case SYS_TIME: return stream << "SYS_TIME"; - case SYS_TTY_CONFIG: return stream << "SYS_TTY_CONFIG"; - case MKNOD: return stream << "MKNOD"; - case LEASE: return stream << "LEASE"; - case AUDIT_WRITE: return stream << "AUDIT_WRITE"; - case AUDIT_CONTROL: return stream << "AUDIT_CONTROL"; - case SETFCAP: return stream << "SETFCAP"; - case MAC_OVERRIDE: return stream << "MAC_OVERRIDE"; - case MAC_ADMIN: return stream << "MAC_ADMIN"; - case SYSLOG: return stream << "SYSLOG"; - case WAKE_ALARM: return stream << "WAKE_ALARM"; - case BLOCK_SUSPEND: return stream << "BLOCK_SUSPEND"; - case AUDIT_READ: return stream << "AUDIT_READ"; - case MAX_CAPABILITY: UNREACHABLE(); + case CHOWN: return stream << "CHOWN"; + case DAC_OVERRIDE: return stream << "DAC_OVERRIDE"; + case DAC_READ_SEARCH: return stream << "DAC_READ_SEARCH"; + case FOWNER: return stream << "FOWNER"; + case FSETID: return stream << "FSETID"; + case KILL: return stream << "KILL"; + case SETGID: return stream << "SETGID"; + case SETUID: return stream << "SETUID"; + case SETPCAP: return stream << "SETPCAP"; + case LINUX_IMMUTABLE: return stream << "LINUX_IMMUTABLE"; + case NET_BIND_SERVICE: return stream << "NET_BIND_SERVICE"; + case NET_BROADCAST: return stream << "NET_BROADCAST"; + case NET_ADMIN: return stream << "NET_ADMIN"; + case NET_RAW: return stream << "NET_RAW"; + case IPC_LOCK: return stream << "IPC_LOCK"; + case IPC_OWNER: return stream << "IPC_OWNER"; + case SYS_MODULE: return stream << "SYS_MODULE"; + case SYS_RAWIO: return stream << "SYS_RAWIO"; + case SYS_CHROOT: return stream << "SYS_CHROOT"; + case SYS_PTRACE: return stream << "SYS_PTRACE"; + case SYS_PACCT: return stream << "SYS_PACCT"; + case SYS_ADMIN: return stream << "SYS_ADMIN"; + case SYS_BOOT: return stream << "SYS_BOOT"; + case SYS_NICE: return stream << "SYS_NICE"; + case SYS_RESOURCE: return stream << "SYS_RESOURCE"; + case SYS_TIME: return stream << "SYS_TIME"; + case SYS_TTY_CONFIG: return stream << "SYS_TTY_CONFIG"; + case MKNOD: return stream << "MKNOD"; + case LEASE: return stream << "LEASE"; + case AUDIT_WRITE: return stream << "AUDIT_WRITE"; + case AUDIT_CONTROL: return stream << "AUDIT_CONTROL"; + case SETFCAP: return stream << "SETFCAP"; + case MAC_OVERRIDE: return stream << "MAC_OVERRIDE"; + case MAC_ADMIN: return stream << "MAC_ADMIN"; + case SYSLOG: return stream << "SYSLOG"; + case WAKE_ALARM: return stream << "WAKE_ALARM"; + case BLOCK_SUSPEND: return stream << "BLOCK_SUSPEND"; + case AUDIT_READ: return stream << "AUDIT_READ"; + case CAP_PERFMON: return stream << "CAP_PERFMON"; + case CAP_BPF: return stream << "CAP_BPF"; + case CAP_CHECKPOINT_RESTORE: return stream << "CAP_CHECKPOINT_RESTORE"; + case MAX_CAPABILITY: UNREACHABLE(); } UNREACHABLE(); diff --git a/src/linux/capabilities.hpp b/src/linux/capabilities.hpp index 9c793a6..4f41f49 100644 --- a/src/linux/capabilities.hpp +++ b/src/linux/capabilities.hpp @@ -31,48 +31,51 @@ namespace internal { namespace capabilities { // Superset of all capabilities. This is the set currently supported -// by linux (kernel 4.0). +// by linux (kernel 5.9). enum Capability : int { - CHOWN = 0, - DAC_OVERRIDE = 1, - DAC_READ_SEARCH = 2, - FOWNER = 3, - FSETID = 4, - KILL = 5, - SETGID = 6, - SETUID = 7, - SETPCAP = 8, - LINUX_IMMUTABLE = 9, - NET_BIND_SERVICE = 10, - NET_BROADCAST = 11, - NET_ADMIN = 12, - NET_RAW = 13, - IPC_LOCK = 14, - IPC_OWNER = 15, - SYS_MODULE = 16, - SYS_RAWIO = 17, - SYS_CHROOT = 18, - SYS_PTRACE = 19, - SYS_PACCT = 20, - SYS_ADMIN = 21, - SYS_BOOT = 22, - SYS_NICE = 23, - SYS_RESOURCE = 24, - SYS_TIME = 25, - SYS_TTY_CONFIG = 26, - MKNOD = 27, - LEASE = 28, - AUDIT_WRITE = 29, - AUDIT_CONTROL = 30, - SETFCAP = 31, - MAC_OVERRIDE = 32, - MAC_ADMIN = 33, - SYSLOG = 34, - WAKE_ALARM = 35, - BLOCK_SUSPEND = 36, - AUDIT_READ = 37, - MAX_CAPABILITY = 38, + CHOWN = 0, + DAC_OVERRIDE = 1, + DAC_READ_SEARCH = 2, + FOWNER = 3, + FSETID = 4, + KILL = 5, + SETGID = 6, + SETUID = 7, + SETPCAP = 8, + LINUX_IMMUTABLE = 9, + NET_BIND_SERVICE = 10, + NET_BROADCAST = 11, + NET_ADMIN = 12, + NET_RAW = 13, + IPC_LOCK = 14, + IPC_OWNER = 15, + SYS_MODULE = 16, + SYS_RAWIO = 17, + SYS_CHROOT = 18, + SYS_PTRACE = 19, + SYS_PACCT = 20, + SYS_ADMIN = 21, + SYS_BOOT = 22, + SYS_NICE = 23, + SYS_RESOURCE = 24, + SYS_TIME = 25, + SYS_TTY_CONFIG = 26, + MKNOD = 27, + LEASE = 28, + AUDIT_WRITE = 29, + AUDIT_CONTROL = 30, + SETFCAP = 31, + MAC_OVERRIDE = 32, + MAC_ADMIN = 33, + SYSLOG = 34, + WAKE_ALARM = 35, + BLOCK_SUSPEND = 36, + AUDIT_READ = 37, + CAP_PERFMON = 38, + CAP_BPF = 39, + CAP_CHECKPOINT_RESTORE = 40, + MAX_CAPABILITY = 41, };