> On Sept. 10, 2016, 8:23 p.m., Jie Yu wrote: > > src/slave/containerizer/mesos/isolators/linux/capabilities.cpp, lines 47-49 > > <https://reviews.apache.org/r/50271/diff/9/?file=1495004#file1495004line47> > > > > We need to have special case for command tasks (i.e., > > containerConfig.has_task_info()). > > > > For command tasks, we need to make sure the executor is running under > > root, having all capabilities. I.e., `launchInfo.capability` should not be > > set. > > > > Instead, we need to add a new flag to command executor > > (`--capabilities`) and command executor will pass that to > > `mesos-containerizer launch` helper. > > Jie Yu wrote: > You need this patch: > https://reviews.apache.org/r/51784
Adjusted, and new dependent rr linked. - Benjamin ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/50271/#review148399 ----------------------------------------------------------- On Sept. 19, 2016, 4:21 p.m., Benjamin Bannier wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/50271/ > ----------------------------------------------------------- > > (Updated Sept. 19, 2016, 4:21 p.m.) > > > Review request for mesos, Jay Guo and Jie Yu. > > > Bugs: MESOS-5275 > https://issues.apache.org/jira/browse/MESOS-5275 > > > Repository: mesos > > > Description > ------- > > This isolator evaluates agent allowed capabilities and passes > net capabilities on to `mesos-containerizer` which enforces the > capabilities. > > Capability information is passed from the isolator via a new > capability field in `ContainerLaunchInfo`. > > > Diffs > ----- > > include/mesos/slave/containerizer.proto > 20db010ea158a813034b411111ce9cddac7d8317 > src/CMakeLists.txt 42c52b60cc850901f2eff1545cf7900f4a65ca81 > src/Makefile.am 6fb095f58cf943c5597175df695046cfa21b68fd > src/slave/containerizer/mesos/containerizer.cpp > e54169ba00f6e0cdd7043075b4cdd12d714c99e3 > src/slave/containerizer/mesos/isolators/linux/capabilities.hpp PRE-CREATION > src/slave/containerizer/mesos/isolators/linux/capabilities.cpp PRE-CREATION > src/slave/containerizer/mesos/launch.cpp > fc51e04ec1572679e6a48ff4f0fa31ef2dfd6ec3 > src/tests/containerizer/isolator_tests.cpp > 93ce75180520d382f63ce7323be844fe43c6594e > > Diff: https://reviews.apache.org/r/50271/diff/ > > > Testing > ------- > > `make check` and `sudo make check` (Debian jessie, gcc-4.9.2, w/o > optimizations) > > > Thanks, > > Benjamin Bannier > >
