This is an automated email from the ASF dual-hosted git repository. gilbert pushed a commit to branch 1.4.x in repository https://gitbox.apache.org/repos/asf/mesos.git
commit 6663c0607b9ab5834732579266f016c2aa1b2ab8 Author: Andrei Budnik <[email protected]> AuthorDate: Mon Feb 11 12:51:28 2019 -0800 Enabled launcher sealing depending on corresponding compiler flag. This patch enables containerizer launcher sealing when `--enable-launcher-sealing` compiler flag is enabled. By default, this compiler flag is disabled, hence launcher sealing is disabled. Review: https://reviews.apache.org/r/69950/ (cherry picked from commit d1bff48a677771f77dbcbdd55acfaeae2afa6b9a) --- src/launcher/executor.cpp | 8 ++++---- src/slave/containerizer/mesos/containerizer.cpp | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/launcher/executor.cpp b/src/launcher/executor.cpp index 1984486..7924653 100644 --- a/src/launcher/executor.cpp +++ b/src/launcher/executor.cpp @@ -76,9 +76,9 @@ #include "internal/devolve.hpp" #include "internal/evolve.hpp" -#ifdef __linux__ +#ifdef ENABLE_LAUNCHER_SEALING #include "linux/memfd.hpp" -#endif // __linux__ +#endif // ENABLE_LAUNCHER_SEALING #include "logging/logging.hpp" @@ -474,7 +474,7 @@ protected: // Determine the mesos containerizer binary depends on whether we // need to clone and seal it on linux. string initPath = path::join(launcherDir, MESOS_CONTAINERIZER); -#ifdef __linux__ +#ifdef ENABLE_LAUNCHER_SEALING // Clone the launcher binary in memory for security concerns. Try<int_fd> memFd = memfd::cloneSealedFile(initPath); if (memFd.isError()) { @@ -484,7 +484,7 @@ protected: } initPath = "/proc/self/fd/" + stringify(memFd.get()); -#endif // __linux__ +#endif // ENABLE_LAUNCHER_SEALING // Fork the child using launcher. vector<string> argv(2); diff --git a/src/slave/containerizer/mesos/containerizer.cpp b/src/slave/containerizer/mesos/containerizer.cpp index 1dda19d..57fd9ee 100644 --- a/src/slave/containerizer/mesos/containerizer.cpp +++ b/src/slave/containerizer/mesos/containerizer.cpp @@ -48,9 +48,9 @@ #include "hook/manager.hpp" -#ifdef __linux__ +#ifdef ENABLE_LAUNCHER_SEALING #include "linux/memfd.hpp" -#endif // __linux__ +#endif // ENABLE_LAUNCHER_SEALING #include "module/manager.hpp" @@ -478,7 +478,7 @@ Try<MesosContainerizer*> MesosContainerizer::create( Option<int_fd> initMemFd; -#ifdef __linux__ +#ifdef ENABLE_LAUNCHER_SEALING // Clone the launcher binary in memory for security concerns. Try<int_fd> memFd = memfd::cloneSealedFile( path::join(flags.launcher_dir, MESOS_CONTAINERIZER)); @@ -491,7 +491,7 @@ Try<MesosContainerizer*> MesosContainerizer::create( } initMemFd = memFd.get(); -#endif // __linux__ +#endif // ENABLE_LAUNCHER_SEALING return new MesosContainerizer(Owned<MesosContainerizerProcess>( new MesosContainerizerProcess(
