----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69615/#review211517 -----------------------------------------------------------
src/slave/containerizer/mesos/launch.cpp Lines 142 (patched) <https://reviews.apache.org/r/69615/#comment296758> Is this redudent empty line comparing to the rest of style? src/tests/containerizer/mesos_containerizer_tests.cpp Lines 304 (patched) <https://reviews.apache.org/r/69615/#comment296759> Is this redudent empty line comparing to the rest of style? src/tests/containerizer/mesos_containerizer_tests.cpp Lines 423 (patched) <https://reviews.apache.org/r/69615/#comment296760> Is this redudent empty line comparing to the rest of style? src/tests/containerizer/mesos_containerizer_tests.cpp Lines 425 (patched) <https://reviews.apache.org/r/69615/#comment296757> Shall we have two empty lines before the next test? - Xudong Ni On Dec. 21, 2018, 5:20 a.m., James Peach wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/69615/ > ----------------------------------------------------------- > > (Updated Dec. 21, 2018, 5:20 a.m.) > > > Review request for mesos, Xudong Ni, Gilbert Song, Jie Yu, and Jiang Yan Xu. > > > Bugs: MESOS-9349 > https://issues.apache.org/jira/browse/MESOS-9349 > > > Repository: mesos > > > Description > ------- > > Use `prctl(PR_SET_DUMPABLE)` to disable the ability to attach to > the containerizer process(es) on Linux systems. This prevents > unprivileged containerized processes from reading information > about the containerizer process(es) from `/proc`. This gives an > additional layer of protection against leaking information to > untrusted container processes. > > > Diffs > ----- > > docs/configuration/agent.md 7a8df6852dc2af174a6c5a552dca88fa1b1c29f3 > src/launcher/executor.cpp f962e800f23d5582b1bc04a263253893492a5054 > src/slave/containerizer/mesos/containerizer.cpp > a5cf2da55c046c5c45e0c2ca3400f64de12de62b > src/slave/containerizer/mesos/launch.hpp > 0a6394d56321948ad760ac69c05456319a254842 > src/slave/containerizer/mesos/launch.cpp > 2f1c9e7a8748c9d7eab25bc8567ca68308e680f9 > src/slave/flags.hpp 29d8b7985ffde57da02b5fe0d3a524e98acc27c8 > src/slave/flags.cpp ccaf65029ec2d0e78041fc3992a0bf5ca0798686 > src/slave/slave.cpp ad3b693a716cf6103345a157bf28dd60a7b07d32 > src/tests/containerizer/mesos_containerizer_tests.cpp > 449928c10b897061642af8ad267f8b70695940e6 > src/tests/slave_tests.cpp 4aed5d68e9a408821880ffaede482937be1999f4 > > > Diff: https://reviews.apache.org/r/69615/diff/1/ > > > Testing > ------- > > make check (Fedora 29) > > > Thanks, > > James Peach > >