[
https://issues.apache.org/jira/browse/MESOS-6075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15515347#comment-15515347
]
Jie Yu commented on MESOS-6075:
-------------------------------
commit bcb33ee1c8fe51eb0b29d903e5f486edc38204cb
Author: Kevin Klues klue...@gmail.com
Date: Thu Sep 22 20:45:55 2016 -0700
Updated launch helper to avoid initializing libprocess.
Previously, we used 'process::subprocess()' to run all of our pre-exec
commands. However, doing so causes us to (unnecesssarily) initialize
all of libprocess (and subsequently creating a whole bunch of unused
threads, etc.) just to run a simple script.
To avoid this, we now use `os::system()` and the new `os::spawn()`
functions to give us our shell/non-shell variant of commands we want
to launch.
In the past, we used 'os::system()' alone to avoid initializing
libprocess, but this caused security issues with allowing arbitrary
shell commands to be appended to root-level pre-exec commands that
take strings as their last argument (e.g. mount --bind <src> <target>,
where target is user supplied and is set to "target_dir; rm -rf /").
We now handle this case by using `os::spawn()` instead.
Review: https://reviews.apache.org/r/52011/
> Avoid libprocess functions in `mesos-containerizer launch`.
> -----------------------------------------------------------
>
> Key: MESOS-6075
> URL: https://issues.apache.org/jira/browse/MESOS-6075
> Project: Mesos
> Issue Type: Improvement
> Components: containerization
> Affects Versions: 1.0.1
> Reporter: Jie Yu
> Assignee: Kevin Klues
> Labels: mesosphere
> Fix For: 1.1.0, 1.0.2
>
>
> Calling libprocses functions in `mesos-containerizer launch` will cause
> libprocess being initialized. That will have some performance impact as it'll
> create N threads (N == #cores).
> Given that `mesos-containerizer launch` can be blocking, we should avoid
> using libprocess methods for performance.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
