[
https://issues.apache.org/jira/browse/MESOS-9693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16810961#comment-16810961
]
Vinod Kone commented on MESOS-9693:
-----------------------------------
In addition to the points raised above, there is also an upgrade compatibility
issue with implementing this.
If a framework's task doesn't work when seccomp is enabled (e.g., a kubelet
task that needs to run as unconfined so that it can launch k8s pods that are
seccomp confined by docker seccomp profile), then the framework needs to be
first upgraded to use seccomp unconfined option. Now if this framework was
running already on non-seccomp enabled cluster, the upgraded framework needs to
still keep running even with seccomp disabled. After framework upgrade, mesos
agent can be upgraded to enable seccomp and this won't affect the framework. So
Mesos cannot reject such a task but just ignore it.
[~gilbert] [~abudnik] Should we close this as "Won't do"?
> Add master validation for SeccompInfo.
> --------------------------------------
>
> Key: MESOS-9693
> URL: https://issues.apache.org/jira/browse/MESOS-9693
> Project: Mesos
> Issue Type: Task
> Reporter: Gilbert Song
> Assignee: Andrei Budnik
> Priority: Major
>
> 1. if seccomp is not enabled, we should return failure if any fw specify
> seccompInfo and return appropriate status update.
> 2. at most one field of profile_name and unconfined should be set. better to
> validate in master
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
