-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52011/#review150126
-----------------------------------------------------------


Fix it, then Ship it!





src/slave/containerizer/mesos/launch.cpp (line 248)
<https://reviews.apache.org/r/52011/#comment217994>

    space before 'value'


- Jie Yu


On Sept. 23, 2016, 2:07 a.m., Kevin Klues wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/52011/
> -----------------------------------------------------------
> 
> (Updated Sept. 23, 2016, 2:07 a.m.)
> 
> 
> Review request for mesos, Gilbert Song and Jie Yu.
> 
> 
> Bugs: MESOS-6075
>     https://issues.apache.org/jira/browse/MESOS-6075
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Previously, we used 'process::subprocess()' to run all of our pre-exec
> commands. However, doing so causes us to (unnecesssarily) initialize
> all of libprocess (and subsequently creating a whole bunch of unused
> threads, etc.) just to run a simple script.
> 
> To avoid this, we now use `os::system()` and the new `os::spawn()`
> functions to give us our shell/non-shell variant of commands we want
> to launch.
> In the past, we used 'os::system()' alone to avoid initializing
> libprocess, but this caused security issues with allowing arbitrary
> shell commands to be appended to root-level pre-exec commands that
> take strings as their last argument (e.g. mount --bind <src> <target>,
> where target is user supplied and is set to "target_dir; rm -rf /").
> We now handle this case by using `os::spawn()` instead.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/launch.cpp 
> 48ec3707d772ec68e34acfc5adb47e25336ae8d3 
> 
> Diff: https://reviews.apache.org/r/52011/diff/
> 
> 
> Testing
> -------
> 
> $ GTEST_FILTER="" make -j check
> $ src/mesos-tests
> $ sudo src/mesos-tests
> 
> 
> Thanks,
> 
> Kevin Klues
> 
>

Reply via email to