Re: Review Request 67288: White list fds that child processes can inherit in mesos containerizer.

Fri, 25 May 2018 10:34:50 -0700 


> On May 24, 2018, 10:32 p.m., Andrew Schwartzmeyer wrote:
> > src/slave/containerizer/mesos/containerizer.cpp
> > Lines 1878 (patched)
> > <https://reviews.apache.org/r/67288/diff/1/?file=2028384#file2028384line1878>
> >
> >     Oh, also, we only need to send `pipes[0]`; as the child process only 
> > needs the `read` pipe. If I understand this correctly, this control pipe is 
> > for the parent to signal the child; that is, that child waits in a `read` 
> > on the read end of the pipe, for the parent to `write` to the write end.
> >     
> >     So `std::vector<int_fd> whitelist_fds{pipes[0]};`

In launch.cpp, it currently closes pipes[1]. Since we are sending both pipes 
via the environment to the child, we should whitelist both, I think
 Try<Nothing> close = os::close(pipe[1]);
    if (close.isError()) {
      cerr << "Failed to close pipe[1]: " << close.error() << endl;
      exitWithStatus(EXIT_FAILURE);
    }


- Radhika


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67288/#review203824
-----------------------------------------------------------


On May 24, 2018, 10:47 p.m., Radhika Jandhyala wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67288/
> -----------------------------------------------------------
> 
> (Updated May 24, 2018, 10:47 p.m.)
> 
> 
> Review request for mesos, Akash Gupta, Andrew Schwartzmeyer, Eric Mumau, Jie 
> Yu, Li Li, and Radhika Jandhyala.
> 
> 
> Bugs: MESOS-8926
>     https://issues.apache.org/jira/browse/MESOS-8926
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> White list fds that child processes can inherit in mesos containerizer.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/containerizer.cpp 
> eac1d16f2388385fec04ff8f013ce0ebf4e97f0f 
>   src/slave/containerizer/mesos/launcher.hpp 
> f69d934d2e1a129e10df8c7f5c78723e832adc7d 
>   src/slave/containerizer/mesos/launcher.cpp 
> 2fe47d368cb82a46328e1f636baa836272db244c 
>   src/slave/containerizer/mesos/linux_launcher.hpp 
> 0ea9b875ae46cadea483bc8dd8bf4907fd324dc9 
>   src/slave/containerizer/mesos/linux_launcher.cpp 
> 80e444501e429c1e1ae354abcd51f86430316ada 
> 
> 
> Diff: https://reviews.apache.org/r/67288/diff/2/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Radhika Jandhyala
> 
>

Reply via email to