Re: Review Request 58337: Add allowed devices whitelist for cgroups/devices isolator.

Tue, 11 Apr 2017 02:50:08 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58337/#review171544
-----------------------------------------------------------




src/slave/containerizer/mesos/isolators/cgroups/subsystems/devices.cpp
Lines 96-98 (patched)
<https://reviews.apache.org/r/58337/#comment244488>

    I think parse these from flags would be better.



src/slave/flags.cpp
Lines 456 (patched)
<https://reviews.apache.org/r/58337/#comment244489>

    I suggest to make it support JSON fomrat value, refer to what we do in 
`add(&Flags::allowed_capabilities`.


- haosdent huang


On April 11, 2017, 9:40 a.m., Zhongbo Tian wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58337/
> -----------------------------------------------------------
> 
> (Updated April 11, 2017, 9:40 a.m.)
> 
> 
> Review request for mesos and haosdent huang.
> 
> 
> Bugs: MESOS-6791
>     https://issues.apache.org/jira/browse/MESOS-6791
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Add allowed devices whitelist for cgroups/devices isolator.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/isolators/cgroups/subsystems/devices.hpp 
> ca2727142a9f257168f3cae0958f7b4665b63cf6 
>   src/slave/containerizer/mesos/isolators/cgroups/subsystems/devices.cpp 
> 9b5cf83093796b0c0cc5057b612f80bc8b8ba72f 
>   src/slave/flags.hpp 171f67e44518e858049d002fcf037715021da265 
>   src/slave/flags.cpp 9365da2c8462a4375a99a86210b9d6ec628510fe 
> 
> 
> Diff: https://reviews.apache.org/r/58337/diff/1/
> 
> 
> Testing
> -------
> 
> For simple test:
> 
> 1. Launch without additional devices:
>   1. Start agent with `sudo mesos-agent --master=127.0.0.1:5050 
> --work_dir=/tmp/mesos --isolation=cgroups/devices`
>   2. try open `/dev/rtc0` and failed with permission denied. `sudo 
> mesos-execute --master=127.0.0.1:5050 --name=test --command="head -c 0 
> /dev/rtc0"`
> 2. Launch with additional devices:
>   1. Start agent with `sudo mesos-agent --master=127.0.0.1:5050 
> --work_dir=/tmp/mesos --isolation=cgroups/devices 
> --cgroups_allowed_devices=/dev/rtc0`
>   2. open `/dev/rtc0` successfully. `sudo mesos-execute 
> --master=127.0.0.1:5050 --name=test --command="head -c 0 /dev/rtc0"`
> 
> 
> Thanks,
> 
> Zhongbo Tian
> 
>

Reply via email to