Andrei Budnik created MESOS-9386:
------------------------------------
Summary: Implement Seccomp profile inheritance for POD containers
Key: MESOS-9386
URL: https://issues.apache.org/jira/browse/MESOS-9386
Project: Mesos
Issue Type: Task
Components: containerization
Reporter: Andrei Budnik
Assignee: Andrei Budnik
Child containers inherit the root container's Seccomp profile by default. Also,
Seccomp profile can be overridden by a Framework for a particular child
container by specifying a path to the Seccomp profile.
Mesos containerizer persists information about containers on disk via
`ContainerLaunchInfo` proto, which includes `ContainerSeccompProfile` proto.
Mesos containerizer should use this proto to load the parent's profile for a
child container. When a child inherits the parent's Seccomp profile, Mesos
agent doesn't have to re-read a Seccomp profile from the disk, which was used
for the parent container. Otherwise, we would have to check that a file content
hasn't changed since the last time the parent was launched.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
