mesos git commit: Removed containerizer flag logging to prevent leak of sensitive data.

Tue, 18 Apr 2017 07:45:23 -0700 

Repository: mesos
Updated Branches:
  refs/heads/1.1.x 45753a28c -> 46ea4cf74


Removed containerizer flag logging to prevent leak of sensitive data.

* backported for 1.1.x *

Review: https://reviews.apache.org/r/58503/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/46ea4cf7
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/46ea4cf7
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/46ea4cf7

Branch: refs/heads/1.1.x
Commit: 46ea4cf7451c31fecd186495794be9232a4f0a07
Parents: 45753a2
Author: Till Toenshoff <[email protected]>
Authored: Tue Apr 18 16:44:21 2017 +0200
Committer: Till Toenshoff <[email protected]>
Committed: Tue Apr 18 16:44:21 2017 +0200

----------------------------------------------------------------------
 src/launcher/posix/executor.cpp | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/46ea4cf7/src/launcher/posix/executor.cpp
----------------------------------------------------------------------
diff --git a/src/launcher/posix/executor.cpp b/src/launcher/posix/executor.cpp
index da0081c..6b5b956 100644
--- a/src/launcher/posix/executor.cpp
+++ b/src/launcher/posix/executor.cpp
@@ -115,11 +115,14 @@ pid_t launchTaskPosix(
   launchFlags.capabilities = capabilities;
 #endif // __linux__
 
+  // TODO(tillt): Consider using a flag allowing / disallowing the
+  // log output of possibly sensitive data. See MESOS-7292.
   string commandString = strings::format(
-      "%s %s %s",
+      "%s %s <POSSIBLY-SENSITIVE-DATA>",
       path::join(launcherDir, MESOS_CONTAINERIZER),
-      MesosContainerizerLaunch::NAME,
-      stringify(launchFlags)).get();
+      MesosContainerizerLaunch::NAME).get();
+
+  cout << "Running '" << commandString << "'" << endl;
 
   // Fork the child using launcher.
   vector<string> argv(2);
@@ -142,8 +145,6 @@ pid_t launchTaskPosix(
     ABORT("Failed to launch '" + commandString + "': " + s.error());
   }
 
-  cout << commandString << endl;
-
   return s->pid();
 }

Reply via email to