[ https://issues.apache.org/jira/browse/MESOS-7671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16070903#comment-16070903 ]
Jie Yu commented on MESOS-7671: ------------------------------- commit cb601b225ab409a7f95184c8fe21e1bcc274c847 Author: James Peach <jpe...@apache.org> Date: Fri Jun 30 17:12:39 2017 -0700 Update mesos-execute capabilities options. Update mesos-execute capabilities options to match the framework capabilities fields. Rename `--capabilities` to `--effective_capabilities`, and add a new `--bounding_capabilities` option. Review: https://reviews.apache.org/r/60497/ commit a28f7726a57e0351e312a08ca260b50a9ccb3171 Author: James Peach <jpe...@apache.org> Date: Fri Jun 30 17:12:36 2017 -0700 Update documentation for framework bounding capabilities. Review: https://reviews.apache.org/r/60414/ commit 31c7ad725a2c787a861c98129b4cf803dc0ba7ac Author: James Peach <jpe...@apache.org> Date: Fri Jun 30 17:12:33 2017 -0700 Rename and deprecate the LinuxInfo capability_info field. For clarity, deprecate the LinuxInfo `capability_info`` field in favor of a new `effective_capabilities` field. Review: https://reviews.apache.org/r/60413/ commit dd2374bdb16965ec789553b0f3b47f9a55c72571 Author: James Peach <jpe...@apache.org> Date: Fri Jun 30 17:12:31 2017 -0700 Add more linux/capabilities isolator test cases. Add a case to verify that the effective framework capabilities must be within the bounding framework capabilities. Check that setting the framework capabilities to something that is insufficient to execute ping overrides the operator flags and fails. Check that setting the framework bounding capabilities to allow ping overrides the operator flags and succeeds. Check that setting the framework effective and bounding capabilities to allow ping overrides the operator flags and succeeds. Review: https://reviews.apache.org/r/60412/ commit 508f73e3b45bc6003d1ba862842aea34b0be6735 Author: James Peach <jpe...@apache.org> Date: Fri Jun 30 17:12:29 2017 -0700 Allow frameworks to specify the capabilities bounding set. Allow frameworks to specify the capabilities bounding set in the LinuxInfo message. We need to explicitly make sure that this does not exceed and bounding set specified by the operator, since that is the outer limit of allowed privilege. Review: https://reviews.apache.org/r/60411/ commit d197be3042232553c954ba3670b7eb50adeafd3a Author: James Peach <jpe...@apache.org> Date: Fri Jun 30 17:12:27 2017 -0700 Add bounding set support to linux/capabilities tests. Add a framework bounding set parameter to the `linux/capabilities` isolator tests so that we can add parameterized test cases where the framework specified a bounding capabilities set. Review: https://reviews.apache.org/r/60410/ commit 906fd43b7f7a9dfbffebab82f00129cdb8f0586a Author: James Peach <jpe...@apache.org> Date: Fri Jun 30 17:12:24 2017 -0700 Add bounding_capabilities to LinuxInfo. Add a bounding_capabilities CapabilityInfo field to the LinuxInfo to carry the framework-specified capabilities bounding set. Review: https://reviews.apache.org/r/60409/ > Let frameworks specify the task bounding capabilities. > ------------------------------------------------------ > > Key: MESOS-7671 > URL: https://issues.apache.org/jira/browse/MESOS-7671 > Project: Mesos > Issue Type: Bug > Reporter: James Peach > Assignee: James Peach > > Following on from MESOS-7476, we should allow frameworks to specify a > capabilities bounding set in the {{CapabilityInfo}} by adding a {{repeated > Capability bounding_capabilities}} field. > I'm a little torn on making more churn, but we probably should consider the > {{capabilities}} field to {{effective_capabilities}}. -- This message was sent by Atlassian JIRA (v6.4.14#64029)