This is an automatically generated e-mail. To reply, visit:

(Updated Sept. 23, 2016, 2:07 a.m.)

Review request for mesos, Gilbert Song and Jie Yu.


Updated to use the new `os::spawn()` functionality in stout.

Bugs: MESOS-6075

Repository: mesos

Description (updated)

Previously, we used 'process::subprocess()' to run all of our pre-exec
commands. However, doing so causes us to (unnecesssarily) initialize
all of libprocess (and subsequently creating a whole bunch of unused
threads, etc.) just to run a simple script.

To avoid this, we now use `os::system()` and the new `os::spawn()`
functions to give us our shell/non-shell variant of commands we want
to launch.
In the past, we used 'os::system()' alone to avoid initializing
libprocess, but this caused security issues with allowing arbitrary
shell commands to be appended to root-level pre-exec commands that
take strings as their last argument (e.g. mount --bind <src> <target>,
where target is user supplied and is set to "target_dir; rm -rf /").
We now handle this case by using `os::spawn()` instead.

Diffs (updated)


Diff: https://reviews.apache.org/r/52011/diff/


$ GTEST_FILTER="" make -j check
$ src/mesos-tests
$ sudo src/mesos-tests


Kevin Klues

Reply via email to