Review Request 70712: Added filesystem operations to the `ContainerLaunchInfo`.

James Peach Thu, 23 May 2019 23:47:03 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70712/
-----------------------------------------------------------


Review request for mesos, Xudong Ni, Gilbert Song, Jie Yu, and Jiang Yan Xu.


Bugs: MESOS-9769
    https://issues.apache.org/jira/browse/MESOS-9769


Repository: mesos


Description
-------

The `filesystem/linux` isolator was using pre-exec commands
to set up Linux ABI symlinks. Not only is this inefficient,
it has the undesirable security property of running programs
in a user-controlled container image.

The fix added a new `ContainerFileOperation` message to the
containerizer launch information. The containerizer executes
the requested file operation after performing the container
mounts.


Diffs
-----

  include/mesos/slave/containerizer.proto 
e9924489000efabebd55bf070f18149f23e4a510 
  src/common/protobuf_utils.hpp 273ae270695db33b6c9d8b32cb38f8840a815787 
  src/common/protobuf_utils.cpp 8b252cb11e17356836988dfc44a63953579a1def 
  src/slave/containerizer/mesos/isolators/cgroups/cgroups.cpp 
8f94453a7354927ae918d3f2fd746cdf5ef63cb7 
  src/slave/containerizer/mesos/isolators/filesystem/linux.cpp 
190054c26b949aa9ba0f49377b77d9e472edb95a 
  src/slave/containerizer/mesos/launch.cpp 
5ddb4c7d998c17b59164825acc0627a1311b691b 


Diff: https://reviews.apache.org/r/70712/diff/1/


Testing
-------

sudo make check (Fedora 30)


Thanks,

James Peach

Review Request 70712: Added filesystem operations to the `ContainerLaunchInfo`.

Reply via email to