-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52011/
-----------------------------------------------------------

(Updated Sept. 23, 2016, 2:07 a.m.)


Review request for mesos, Gilbert Song and Jie Yu.


Changes
-------

Updated to use the new `os::spawn()` functionality in stout.


Bugs: MESOS-6075
    https://issues.apache.org/jira/browse/MESOS-6075


Repository: mesos


Description (updated)
-------

Previously, we used 'process::subprocess()' to run all of our pre-exec
commands. However, doing so causes us to (unnecesssarily) initialize
all of libprocess (and subsequently creating a whole bunch of unused
threads, etc.) just to run a simple script.

To avoid this, we now use `os::system()` and the new `os::spawn()`
functions to give us our shell/non-shell variant of commands we want
to launch.
In the past, we used 'os::system()' alone to avoid initializing
libprocess, but this caused security issues with allowing arbitrary
shell commands to be appended to root-level pre-exec commands that
take strings as their last argument (e.g. mount --bind <src> <target>,
where target is user supplied and is set to "target_dir; rm -rf /").
We now handle this case by using `os::spawn()` instead.


Diffs (updated)
-----

  src/slave/containerizer/mesos/launch.cpp 
48ec3707d772ec68e34acfc5adb47e25336ae8d3 

Diff: https://reviews.apache.org/r/52011/diff/


Testing
-------

$ GTEST_FILTER="" make -j check
$ src/mesos-tests
$ sudo src/mesos-tests


Thanks,

Kevin Klues

Reply via email to