[
https://issues.apache.org/jira/browse/MESOS-7671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16070903#comment-16070903
]
Jie Yu commented on MESOS-7671:
-------------------------------
commit cb601b225ab409a7f95184c8fe21e1bcc274c847
Author: James Peach <jpe...@apache.org>
Date: Fri Jun 30 17:12:39 2017 -0700
Update mesos-execute capabilities options.
Update mesos-execute capabilities options to match the
framework capabilities fields. Rename `--capabilities`
to `--effective_capabilities`, and add a new
`--bounding_capabilities` option.
Review: https://reviews.apache.org/r/60497/
commit a28f7726a57e0351e312a08ca260b50a9ccb3171
Author: James Peach <jpe...@apache.org>
Date: Fri Jun 30 17:12:36 2017 -0700
Update documentation for framework bounding capabilities.
Review: https://reviews.apache.org/r/60414/
commit 31c7ad725a2c787a861c98129b4cf803dc0ba7ac
Author: James Peach <jpe...@apache.org>
Date: Fri Jun 30 17:12:33 2017 -0700
Rename and deprecate the LinuxInfo capability_info field.
For clarity, deprecate the LinuxInfo `capability_info`` field in
favor of a new `effective_capabilities` field.
Review: https://reviews.apache.org/r/60413/
commit dd2374bdb16965ec789553b0f3b47f9a55c72571
Author: James Peach <jpe...@apache.org>
Date: Fri Jun 30 17:12:31 2017 -0700
Add more linux/capabilities isolator test cases.
Add a case to verify that the effective framework capabilities
must be within the bounding framework capabilities.
Check that setting the framework capabilities to something that
is insufficient to execute ping overrides the operator flags and
fails.
Check that setting the framework bounding capabilities to allow
ping overrides the operator flags and succeeds.
Check that setting the framework effective and bounding
capabilities to allow ping overrides the operator flags and
succeeds.
Review: https://reviews.apache.org/r/60412/
commit 508f73e3b45bc6003d1ba862842aea34b0be6735
Author: James Peach <jpe...@apache.org>
Date: Fri Jun 30 17:12:29 2017 -0700
Allow frameworks to specify the capabilities bounding set.
Allow frameworks to specify the capabilities bounding set in the
LinuxInfo message. We need to explicitly make sure that this does
not exceed and bounding set specified by the operator, since that
is the outer limit of allowed privilege.
Review: https://reviews.apache.org/r/60411/
commit d197be3042232553c954ba3670b7eb50adeafd3a
Author: James Peach <jpe...@apache.org>
Date: Fri Jun 30 17:12:27 2017 -0700
Add bounding set support to linux/capabilities tests.
Add a framework bounding set parameter to the `linux/capabilities`
isolator tests so that we can add parameterized test cases where
the framework specified a bounding capabilities set.
Review: https://reviews.apache.org/r/60410/
commit 906fd43b7f7a9dfbffebab82f00129cdb8f0586a
Author: James Peach <jpe...@apache.org>
Date: Fri Jun 30 17:12:24 2017 -0700
Add bounding_capabilities to LinuxInfo.
Add a bounding_capabilities CapabilityInfo field to the LinuxInfo
to carry the framework-specified capabilities bounding set.
Review: https://reviews.apache.org/r/60409/
> Let frameworks specify the task bounding capabilities.
> ------------------------------------------------------
>
> Key: MESOS-7671
> URL: https://issues.apache.org/jira/browse/MESOS-7671
> Project: Mesos
> Issue Type: Bug
> Reporter: James Peach
> Assignee: James Peach
>
> Following on from MESOS-7476, we should allow frameworks to specify a
> capabilities bounding set in the {{CapabilityInfo}} by adding a {{repeated
> Capability bounding_capabilities}} field.
> I'm a little torn on making more churn, but we probably should consider the
> {{capabilities}} field to {{effective_capabilities}}.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
