haosdent commented on MESOS-5070:

Hi, [~benjaminhindman] Thanks for your comment! 

(1) This implementation will never enter a pid namespace properly and there's 
no check that someone isn't passing in a pid namespace ... bug?

I saw we didn't support enter pid namesapce in {{setns}} before. And I think 
{{mnt}} and {{net}} should be enough for health check although enter to all 
namespaces would be better. 

(2) This should not live in src/health-check/health_checker.cpp

Yes, alexr told me we should add {{Subprocess::ChildHook::SETNS}} like 
[Subprocess::ChildHook::SUPERVISOR | 
 cc [~alexr] Please correct me if I understand wrong. 

> Introduce more flexible subprocess interface for child options.
> ---------------------------------------------------------------
>                 Key: MESOS-5070
>                 URL: https://issues.apache.org/jira/browse/MESOS-5070
>             Project: Mesos
>          Issue Type: Improvement
>            Reporter: Joerg Schad
>            Assignee: Joerg Schad
>              Labels: tech-debt
> We introduced a number of parameters to the subprocess interface with 
> MESOS-5049.
> Adding all options explicitly to the subprocess interface makes it 
> inflexible. 
> We should investigate a flexible options, which still prevents arbitrary code 
> to be executed.

This message was sent by Atlassian JIRA

Reply via email to