asfgit closed pull request #312: BugFix backporting 1.5.x URL: https://github.com/apache/mesos/pull/312
This is a PR merged from a forked repository. As GitHub hides the original diff on merge, it is displayed below for the sake of provenance: As this is a foreign pull request (from a fork), the diff is supplied below (as it won't show otherwise due to GitHub magic): diff --git a/3rdparty/libprocess/include/process/subprocess.hpp b/3rdparty/libprocess/include/process/subprocess.hpp index 6a1262340c..135bf243c7 100644 --- a/3rdparty/libprocess/include/process/subprocess.hpp +++ b/3rdparty/libprocess/include/process/subprocess.hpp @@ -125,7 +125,8 @@ class Subprocess const Option<lambda::function< pid_t(const lambda::function<int()>&)>>& clone, const std::vector<Subprocess::ParentHook>& parent_hooks, - const std::vector<Subprocess::ChildHook>& child_hooks); + const std::vector<Subprocess::ChildHook>& child_hooks, + const std::vector<int_fd>& whitelist_fds); IO(const lambda::function<Try<InputFileDescriptors>()>& _input, const lambda::function<Try<OutputFileDescriptors>()>& _output) @@ -305,7 +306,8 @@ class Subprocess const Option<lambda::function< pid_t(const lambda::function<int()>&)>>& clone, const std::vector<Subprocess::ParentHook>& parent_hooks, - const std::vector<Subprocess::ChildHook>& child_hooks); + const std::vector<Subprocess::ChildHook>& child_hooks, + const std::vector<int_fd>& whitelist_fds); struct Data { @@ -377,7 +379,8 @@ Try<Subprocess> subprocess( const Option<lambda::function< pid_t(const lambda::function<int()>&)>>& clone = None(), const std::vector<Subprocess::ParentHook>& parent_hooks = {}, - const std::vector<Subprocess::ChildHook>& child_hooks = {}); + const std::vector<Subprocess::ChildHook>& child_hooks = {}, + const std::vector<int_fd>& whitelist_fds = {}); /** @@ -413,7 +416,8 @@ inline Try<Subprocess> subprocess( const Option<lambda::function< pid_t(const lambda::function<int()>&)>>& clone = None(), const std::vector<Subprocess::ParentHook>& parent_hooks = {}, - const std::vector<Subprocess::ChildHook>& child_hooks = {}) + const std::vector<Subprocess::ChildHook>& child_hooks = {}, + const std::vector<int_fd>& whitelist_fds = {}) { std::vector<std::string> argv = {os::Shell::arg0, os::Shell::arg1, command}; @@ -427,7 +431,8 @@ inline Try<Subprocess> subprocess( environment, clone, parent_hooks, - child_hooks); + child_hooks, + whitelist_fds); } } // namespace process { diff --git a/3rdparty/libprocess/src/subprocess.cpp b/3rdparty/libprocess/src/subprocess.cpp index 785e2e1083..fffb640769 100644 --- a/3rdparty/libprocess/src/subprocess.cpp +++ b/3rdparty/libprocess/src/subprocess.cpp @@ -324,7 +324,8 @@ Try<Subprocess> subprocess( const Option<lambda::function< pid_t(const lambda::function<int()>&)>>& _clone, const vector<Subprocess::ParentHook>& parent_hooks, - const vector<Subprocess::ChildHook>& child_hooks) + const vector<Subprocess::ChildHook>& child_hooks, + const vector<int_fd>& whitelist_fds) { // TODO(hausdorff): We should error out on Windows here if we are passing // parameters that aren't used. @@ -423,7 +424,8 @@ Try<Subprocess> subprocess( parent_hooks, stdinfds, stdoutfds, - stderrfds); + stderrfds, + whitelist_fds); if (process_data.isError()) { process::internal::close(stdinfds, stdoutfds, stderrfds); diff --git a/3rdparty/libprocess/src/subprocess_posix.cpp b/3rdparty/libprocess/src/subprocess_posix.cpp index 01e3272fcc..caba704833 100644 --- a/3rdparty/libprocess/src/subprocess_posix.cpp +++ b/3rdparty/libprocess/src/subprocess_posix.cpp @@ -28,10 +28,12 @@ #include <stout/foreach.hpp> #include <stout/option.hpp> #include <stout/os.hpp> +#include <stout/os/pipe.hpp> #include <stout/os/strerror.hpp> #include <stout/strings.hpp> #include <stout/try.hpp> +using std::array; using std::map; using std::string; using std::vector; @@ -46,25 +48,25 @@ Subprocess::IO Subprocess::PIPE() { return Subprocess::IO( []() -> Try<InputFileDescriptors> { - int pipefd[2]; - if (::pipe(pipefd) == -1) { - return ErrnoError("Failed to create pipe"); + Try<array<int, 2>> pipefd = os::pipe(); + if (pipefd.isError()) { + return Error(pipefd.error()); } InputFileDescriptors fds; - fds.read = pipefd[0]; - fds.write = pipefd[1]; + fds.read = pipefd->at(0); + fds.write = pipefd->at(1); return fds; }, []() -> Try<OutputFileDescriptors> { - int pipefd[2]; - if (::pipe(pipefd) == -1) { - return ErrnoError("Failed to create pipe"); + Try<array<int, 2>> pipefd = os::pipe(); + if (pipefd.isError()) { + return Error(pipefd.error()); } OutputFileDescriptors fds; - fds.read = pipefd[0]; - fds.write = pipefd[1]; + fds.read = pipefd->at(0); + fds.write = pipefd->at(1); return fds; }); } diff --git a/3rdparty/libprocess/src/subprocess_windows.hpp b/3rdparty/libprocess/src/subprocess_windows.hpp index 0183bb451f..fab57335ed 100644 --- a/3rdparty/libprocess/src/subprocess_windows.hpp +++ b/3rdparty/libprocess/src/subprocess_windows.hpp @@ -51,7 +51,8 @@ inline Try<::internal::windows::ProcessData> createChildProcess( const std::vector<Subprocess::ParentHook>& parent_hooks, const InputFileDescriptors stdinfds, const OutputFileDescriptors stdoutfds, - const OutputFileDescriptors stderrfds) + const OutputFileDescriptors stderrfds, + const std::vector<int_fd>& whitelist_fds = {}) { Try<::internal::windows::ProcessData> process_data = ::internal::windows::create_process( diff --git a/3rdparty/stout/include/stout/os/posix/pipe.hpp b/3rdparty/stout/include/stout/os/posix/pipe.hpp index ac76224ff8..9838d7b3ab 100644 --- a/3rdparty/stout/include/stout/os/posix/pipe.hpp +++ b/3rdparty/stout/include/stout/os/posix/pipe.hpp @@ -15,20 +15,70 @@ #include <unistd.h> +#include <sys/syscall.h> + #include <array> #include <stout/error.hpp> #include <stout/try.hpp> +#include <stout/os/posix/fcntl.hpp> + namespace os { -// Create pipes for interprocess communication. +// Create pipes for interprocess communication. The pipe file descriptors +// will be marked O_CLOEXEC (atomically if the platform supports it). To +// pass the pipe to a child process, the caller should clear the CLOEXEC +// flag after fork(2) but before exec(2). inline Try<std::array<int, 2>> pipe() { std::array<int, 2> result; + + // The pipe2() function appeared in FreeBSD 10.0. +#if defined(_FreeBSD__) && __FreeBSD_version >= 1000000 + + if (::pipe2(result.data(), O_CLOEXEC) < 0) { + return ErrnoError(); + } + +#else + + // pipe2() appeared in Linux 2.6.27 and glibc 2.9. +#if defined(__linux__) && defined(SYS_pipe2) + if (::syscall(SYS_pipe2, result.data(), O_CLOEXEC) == 0) { + return result; + } + + // Fall back if the kernel doesn't support pipe2(). + if (errno != ENOSYS) { + return ErrnoError(); + } +#endif + if (::pipe(result.data()) < 0) { return ErrnoError(); } + + Try<Nothing> cloexec = Nothing(); + + cloexec = os::cloexec(result[0]); + if (cloexec.isError()) { + Error error = Error("Failed to cloexec pipe: " + cloexec.error()); + ::close(result[0]); + ::close(result[1]); + return error; + } + + cloexec = os::cloexec(result[1]); + if (cloexec.isError()) { + Error error = Error("Failed to cloexec pipe: " + cloexec.error()); + ::close(result[0]); + ::close(result[1]); + return error; + } + +#endif + return result; } diff --git a/CHANGELOG b/CHANGELOG index ca56fce052..41c4f21d7b 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -4,6 +4,7 @@ Release Notes - Mesos - Version 1.5.2 (WIP) ** Bug * [MESOS-3790] - ZooKeeper connection should retry on `EAI_NONAME`. + * [MESOS-8128] - Make os::pipe file descriptors O_CLOEXEC. * [MESOS-8418] - mesos-agent high cpu usage because of numerous /proc/mounts reads. * [MESOS-8545] - AgentAPIStreamingTest.AttachInputToNestedContainerSession is flaky. * [MESOS-8568] - Command checks should always call `WAIT_NESTED_CONTAINER` before `REMOVE_NESTED_CONTAINER` @@ -35,6 +36,7 @@ Release Notes - Mesos - Version 1.5.2 (WIP) * [MESOS-9145] - Master has a fragile burned-in 5s authentication timeout. * [MESOS-9146] - Agent has a fragile burn-in 5s authentication timeout. * [MESOS-9147] - Agent and scheduler driver authentication retry backoff time could overflow. + * [MESOS-9151] - Container stuck at ISOLATING due to FD leak. * [MESOS-9170] - Zookeeper doesn't compile with newer gcc due to format error. * [MESOS-9196] - Removing rootfs mounts may fail with EBUSY. * [MESOS-9267] - Mesos agent crashes when CNI network is not configured but used. diff --git a/src/slave/container_loggers/lib_logrotate.cpp b/src/slave/container_loggers/lib_logrotate.cpp index bc13e6a524..8d003e2bae 100644 --- a/src/slave/container_loggers/lib_logrotate.cpp +++ b/src/slave/container_loggers/lib_logrotate.cpp @@ -43,6 +43,7 @@ #include <stout/os/environment.hpp> #include <stout/os/fcntl.hpp> #include <stout/os/killtree.hpp> +#include <stout/os/pipe.hpp> #ifdef __linux__ #include "linux/systemd.hpp" @@ -55,6 +56,7 @@ using namespace mesos; using namespace process; +using std::array; using std::map; using std::string; @@ -151,24 +153,14 @@ class LogrotateContainerLoggerProcess : // of the pipe and will be solely responsible for closing that end. // The ownership of the write-end will be passed to the caller // of this function. - int pipefd[2]; - if (::pipe(pipefd) == -1) { - return Failure(ErrnoError("Failed to create pipe").message); + Try<array<int, 2>> pipefd = os::pipe(); + if (pipefd.isError()) { + return Failure("Failed to create pipe: " + pipefd.error()); } Subprocess::IO::InputFileDescriptors outfds; - outfds.read = pipefd[0]; - outfds.write = pipefd[1]; - - // NOTE: We need to `cloexec` this FD so that it will be closed when - // the child subprocess is spawned and so that the FD will not be - // inherited by the second child for stderr. - Try<Nothing> cloexec = os::cloexec(outfds.write.get()); - if (cloexec.isError()) { - os::close(outfds.read); - os::close(outfds.write.get()); - return Failure("Failed to cloexec: " + cloexec.error()); - } + outfds.read = pipefd->at(0); + outfds.write = pipefd->at(1); // Spawn a process to handle stdout. mesos::internal::logger::rotate::Flags outFlags; @@ -207,26 +199,16 @@ class LogrotateContainerLoggerProcess : // NOTE: We manually construct a pipe here to properly express // ownership of the FDs. See the NOTE above. - if (::pipe(pipefd) == -1) { + pipefd = os::pipe(); + if (pipefd.isError()) { os::close(outfds.write.get()); - os::killtree(outProcess.get().pid(), SIGKILL); - return Failure(ErrnoError("Failed to create pipe").message); + os::killtree(outProcess->pid(), SIGKILL); + return Failure("Failed to create pipe: " + pipefd.error()); } Subprocess::IO::InputFileDescriptors errfds; - errfds.read = pipefd[0]; - errfds.write = pipefd[1]; - - // NOTE: We need to `cloexec` this FD so that it will be closed when - // the child subprocess is spawned. - cloexec = os::cloexec(errfds.write.get()); - if (cloexec.isError()) { - os::close(outfds.write.get()); - os::close(errfds.read); - os::close(errfds.write.get()); - os::killtree(outProcess.get().pid(), SIGKILL); - return Failure("Failed to cloexec: " + cloexec.error()); - } + errfds.read = pipefd->at(0); + errfds.write = pipefd->at(1); // Spawn a process to handle stderr. mesos::internal::logger::rotate::Flags errFlags; diff --git a/src/slave/containerizer/mesos/containerizer.cpp b/src/slave/containerizer/mesos/containerizer.cpp index 9f3df1fe83..ffb6e0225d 100644 --- a/src/slave/containerizer/mesos/containerizer.cpp +++ b/src/slave/containerizer/mesos/containerizer.cpp @@ -1843,6 +1843,8 @@ Future<Containerizer::LaunchResult> MesosContainerizerProcess::_launch( launchFlags.pipe_read = pipes[0]; launchFlags.pipe_write = pipes[1]; + const vector<int_fd> whitelistFds{pipes[0], pipes[1]}; + #ifndef __WINDOWS__ // Set the `runtime_directory` launcher flag so that the launch // helper knows where to checkpoint the status of the container @@ -1939,17 +1941,19 @@ Future<Containerizer::LaunchResult> MesosContainerizerProcess::_launch( containerId, argv[0], argv, - containerIO->in, - containerIO->out, - containerIO->err, + containerIO.get(), nullptr, launchEnvironment, // 'enterNamespaces' will be ignored by SubprocessLauncher. _enterNamespaces, // 'cloneNamespaces' will be ignored by SubprocessLauncher. - _cloneNamespaces); + _cloneNamespaces, + whitelistFds); if (forked.isError()) { + os::close(pipes[0]); + os::close(pipes[1]); + return Failure("Failed to fork: " + forked.error()); } @@ -1969,6 +1973,9 @@ Future<Containerizer::LaunchResult> MesosContainerizerProcess::_launch( LOG(ERROR) << "Failed to checkpoint container's forked pid to '" << pidCheckpointPath.get() << "': " << checkpointed.error(); + os::close(pipes[0]); + os::close(pipes[1]); + return Failure("Could not checkpoint container's pid"); } } @@ -1992,6 +1999,9 @@ Future<Containerizer::LaunchResult> MesosContainerizerProcess::_launch( checkpointed = slave::state::checkpoint(pidPath, stringify(pid)); if (checkpointed.isError()) { + os::close(pipes[0]); + os::close(pipes[1]); + return Failure("Failed to checkpoint the container pid to" " '" + pidPath + "': " + checkpointed.error()); } diff --git a/src/slave/containerizer/mesos/launcher.cpp b/src/slave/containerizer/mesos/launcher.cpp index ec31fa24c8..aa594ec9d9 100644 --- a/src/slave/containerizer/mesos/launcher.cpp +++ b/src/slave/containerizer/mesos/launcher.cpp @@ -85,13 +85,12 @@ Try<pid_t> SubprocessLauncher::fork( const ContainerID& containerId, const string& path, const vector<string>& argv, - const Subprocess::IO& in, - const Subprocess::IO& out, - const Subprocess::IO& err, + const mesos::slave::ContainerIO& containerIO, const flags::FlagsBase* flags, const Option<map<string, string>>& environment, const Option<int>& enterNamespaces, - const Option<int>& cloneNamespaces) + const Option<int>& cloneNamespaces, + const vector<int_fd>& whitelistFds) { if (enterNamespaces.isSome() && enterNamespaces.get() != 0) { return Error("Subprocess launcher does not support entering namespaces"); @@ -121,17 +120,29 @@ Try<pid_t> SubprocessLauncher::fork( parentHooks.emplace_back(Subprocess::ParentHook::CREATE_JOB()); #endif // __linux__ + vector<Subprocess::ChildHook> childHooks; + +#ifndef __WINDOWS__ + childHooks.push_back(Subprocess::ChildHook::SETSID()); + + // TODO(jpeach) libprocess should take care of this, see MESOS-9164. + foreach (int_fd fd, whitelistFds) { + childHooks.push_back(Subprocess::ChildHook::UNSET_CLOEXEC(fd)); + } +#endif // __WINDOWS__ + Try<Subprocess> child = subprocess( path, argv, - in, - out, - err, + containerIO.in, + containerIO.out, + containerIO.err, flags, environment, None(), parentHooks, - {Subprocess::ChildHook::SETSID()}); + childHooks, + whitelistFds); if (child.isError()) { return Error("Failed to fork a child process: " + child.error()); diff --git a/src/slave/containerizer/mesos/launcher.hpp b/src/slave/containerizer/mesos/launcher.hpp index f69d934d2e..90a50b1fd9 100644 --- a/src/slave/containerizer/mesos/launcher.hpp +++ b/src/slave/containerizer/mesos/launcher.hpp @@ -38,6 +38,7 @@ #include <stout/try.hpp> #include "slave/flags.hpp" +#include "slave/containerizer/containerizer.hpp" namespace mesos { namespace internal { @@ -64,13 +65,12 @@ class Launcher const ContainerID& containerId, const std::string& path, const std::vector<std::string>& argv, - const process::Subprocess::IO& in, - const process::Subprocess::IO& out, - const process::Subprocess::IO& err, + const mesos::slave::ContainerIO& containerIO, const flags::FlagsBase* flags, const Option<std::map<std::string, std::string>>& environment, const Option<int>& enterNamespaces, - const Option<int>& cloneNamespaces) = 0; + const Option<int>& cloneNamespaces, + const std::vector<int_fd>& whitelistFds) = 0; // Kill all processes in the containerized context. virtual process::Future<Nothing> destroy(const ContainerID& containerId) = 0; @@ -102,13 +102,12 @@ class SubprocessLauncher : public Launcher const ContainerID& containerId, const std::string& path, const std::vector<std::string>& argv, - const process::Subprocess::IO& in, - const process::Subprocess::IO& out, - const process::Subprocess::IO& err, + const mesos::slave::ContainerIO& containerIO, const flags::FlagsBase* flags, const Option<std::map<std::string, std::string>>& environment, const Option<int>& enterNamespaces, - const Option<int>& cloneNamespaces); + const Option<int>& cloneNamespaces, + const std::vector<int_fd>& whitelistFds); virtual process::Future<Nothing> destroy(const ContainerID& containerId); diff --git a/src/slave/containerizer/mesos/linux_launcher.cpp b/src/slave/containerizer/mesos/linux_launcher.cpp index c2e3198948..f245509e55 100644 --- a/src/slave/containerizer/mesos/linux_launcher.cpp +++ b/src/slave/containerizer/mesos/linux_launcher.cpp @@ -74,13 +74,12 @@ class LinuxLauncherProcess : public Process<LinuxLauncherProcess> const ContainerID& containerId, const string& path, const vector<string>& argv, - const process::Subprocess::IO& in, - const process::Subprocess::IO& out, - const process::Subprocess::IO& err, + const mesos::slave::ContainerIO& containerIO, const flags::FlagsBase* flags, const Option<map<string, string>>& environment, const Option<int>& enterNamespaces, - const Option<int>& cloneNamespaces); + const Option<int>& cloneNamespaces, + const vector<int_fd>& whitelistFds); virtual process::Future<Nothing> destroy(const ContainerID& containerId); @@ -215,13 +214,12 @@ Try<pid_t> LinuxLauncher::fork( const ContainerID& containerId, const string& path, const vector<string>& argv, - const process::Subprocess::IO& in, - const process::Subprocess::IO& out, - const process::Subprocess::IO& err, + const mesos::slave::ContainerIO& containerIO, const flags::FlagsBase* flags, const Option<map<string, string>>& environment, const Option<int>& enterNamespaces, - const Option<int>& cloneNamespaces) + const Option<int>& cloneNamespaces, + const vector<int_fd>& whitelistFds) { return dispatch( process.get(), @@ -229,13 +227,12 @@ Try<pid_t> LinuxLauncher::fork( containerId, path, argv, - in, - out, - err, + containerIO, flags, environment, enterNamespaces, - cloneNamespaces).get(); + cloneNamespaces, + whitelistFds).get(); } @@ -392,13 +389,12 @@ Try<pid_t> LinuxLauncherProcess::fork( const ContainerID& containerId, const string& path, const vector<string>& argv, - const process::Subprocess::IO& in, - const process::Subprocess::IO& out, - const process::Subprocess::IO& err, + const mesos::slave::ContainerIO& containerIO, const flags::FlagsBase* flags, const Option<map<string, string>>& environment, const Option<int>& enterNamespaces, - const Option<int>& cloneNamespaces) + const Option<int>& cloneNamespaces, + const vector<int_fd>& whitelistFds) { // Make sure this container (nested or not) is unique. if (containers.contains(containerId)) { @@ -467,12 +463,21 @@ Try<pid_t> LinuxLauncherProcess::fork( child); })); + vector<Subprocess::ChildHook> childHooks; + + childHooks.push_back(Subprocess::ChildHook::SETSID()); + + // TODO(jpeach) libprocess should take care of this, see MESOS-9164. + foreach (int_fd fd, whitelistFds) { + childHooks.push_back(Subprocess::ChildHook::UNSET_CLOEXEC(fd)); + } + Try<Subprocess> child = subprocess( path, argv, - in, - out, - err, + containerIO.in, + containerIO.out, + containerIO.err, flags, environment, [target, enterFlags, cloneFlags](const lambda::function<int()>& child) { @@ -493,7 +498,7 @@ Try<pid_t> LinuxLauncherProcess::fork( } }, parentHooks, - {Subprocess::ChildHook::SETSID()}); + childHooks); if (child.isError()) { return Error("Failed to clone child process: " + child.error()); diff --git a/src/slave/containerizer/mesos/linux_launcher.hpp b/src/slave/containerizer/mesos/linux_launcher.hpp index 0ea9b875ae..712c9f8b80 100644 --- a/src/slave/containerizer/mesos/linux_launcher.hpp +++ b/src/slave/containerizer/mesos/linux_launcher.hpp @@ -52,13 +52,12 @@ class LinuxLauncher : public Launcher const ContainerID& containerId, const std::string& path, const std::vector<std::string>& argv, - const process::Subprocess::IO& in, - const process::Subprocess::IO& out, - const process::Subprocess::IO& err, + const mesos::slave::ContainerIO& containerIO, const flags::FlagsBase* flags, const Option<std::map<std::string, std::string>>& environment, const Option<int>& enterNamespaces, - const Option<int>& cloneNamespaces); + const Option<int>& cloneNamespaces, + const std::vector<int_fd>& whitelistFds); virtual process::Future<Nothing> destroy(const ContainerID& containerId); diff --git a/src/tests/containerizer/launcher.cpp b/src/tests/containerizer/launcher.cpp index a92d9890f0..51ae4f90fd 100644 --- a/src/tests/containerizer/launcher.cpp +++ b/src/tests/containerizer/launcher.cpp @@ -30,7 +30,7 @@ ACTION_P(InvokeRecover, launcher) ACTION_P(InvokeFork, launcher) { return launcher->real->fork( - arg0, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9); + arg0, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8); } @@ -51,9 +51,9 @@ TestLauncher::TestLauncher(const process::Owned<slave::Launcher>& _real) EXPECT_CALL(*this, recover(_)) .WillRepeatedly(DoDefault()); - ON_CALL(*this, fork(_, _, _, _, _, _, _, _, _, _)) + ON_CALL(*this, fork(_, _, _, _, _, _, _, _, _)) .WillByDefault(InvokeFork(this)); - EXPECT_CALL(*this, fork(_, _, _, _, _, _, _, _, _, _)) + EXPECT_CALL(*this, fork(_, _, _, _, _, _, _, _, _)) .WillRepeatedly(DoDefault()); ON_CALL(*this, destroy(_)) diff --git a/src/tests/containerizer/launcher.hpp b/src/tests/containerizer/launcher.hpp index a8e436f164..6057286ae0 100644 --- a/src/tests/containerizer/launcher.hpp +++ b/src/tests/containerizer/launcher.hpp @@ -56,19 +56,18 @@ class TestLauncher : public slave::Launcher process::Future<hashset<ContainerID>>( const std::list<mesos::slave::ContainerState>& states)); - MOCK_METHOD10( + MOCK_METHOD9( fork, Try<pid_t>( const ContainerID& containerId, const std::string& path, const std::vector<std::string>& argv, - const process::Subprocess::IO& in, - const process::Subprocess::IO& out, - const process::Subprocess::IO& err, + const mesos::slave::ContainerIO& containerIO, const flags::FlagsBase* flags, const Option<std::map<std::string, std::string>>& env, const Option<int>& enterNamespaces, - const Option<int>& cloneNamespaces)); + const Option<int>& cloneNamespaces, + const std::vector<int_fd>& whitelistFds)); MOCK_METHOD1( destroy, diff --git a/src/tests/containerizer/mesos_containerizer_tests.cpp b/src/tests/containerizer/mesos_containerizer_tests.cpp index 0729464a7a..d26b27692d 100644 --- a/src/tests/containerizer/mesos_containerizer_tests.cpp +++ b/src/tests/containerizer/mesos_containerizer_tests.cpp @@ -1335,13 +1335,12 @@ TEST_F(MesosLauncherStatusTest, ExecutorPIDTest) containerId, path::join(flags.launcher_dir, MESOS_CONTAINERIZER), vector<string>(), - Subprocess::FD(STDIN_FILENO), - Subprocess::FD(STDOUT_FILENO), - Subprocess::FD(STDERR_FILENO), + mesos::slave::ContainerIO(), nullptr, None(), None(), - None()); + None(), + vector<int_fd>()); ASSERT_SOME(forked); diff --git a/src/tests/containerizer/port_mapping_tests.cpp b/src/tests/containerizer/port_mapping_tests.cpp index 575ba4624d..553f53043a 100644 --- a/src/tests/containerizer/port_mapping_tests.cpp +++ b/src/tests/containerizer/port_mapping_tests.cpp @@ -35,8 +35,9 @@ #include <stout/stopwatch.hpp> #include <stout/os/constants.hpp> -#include <stout/os/stat.hpp> #include <stout/os/exists.hpp> +#include <stout/os/int_fd.hpp> +#include <stout/os/stat.hpp> #include "linux/fs.hpp" #include "linux/ns.hpp" @@ -346,13 +347,12 @@ class PortMappingIsolatorTest : public TemporaryDirectoryTest containerId, path::join(flags.launcher_dir, MESOS_CONTAINERIZER), argv, - Subprocess::FD(STDIN_FILENO), - Subprocess::FD(STDOUT_FILENO), - Subprocess::FD(STDERR_FILENO), + mesos::slave::ContainerIO(), &launchFlags, None(), None(), - CLONE_NEWNET | CLONE_NEWNS); + CLONE_NEWNET | CLONE_NEWNS, + vector<int_fd>()); return pid; } ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services