[ https://issues.apache.org/jira/browse/MESOS-6075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15515347#comment-15515347 ]
Jie Yu commented on MESOS-6075: ------------------------------- commit bcb33ee1c8fe51eb0b29d903e5f486edc38204cb Author: Kevin Klues klue...@gmail.com Date: Thu Sep 22 20:45:55 2016 -0700 Updated launch helper to avoid initializing libprocess. Previously, we used 'process::subprocess()' to run all of our pre-exec commands. However, doing so causes us to (unnecesssarily) initialize all of libprocess (and subsequently creating a whole bunch of unused threads, etc.) just to run a simple script. To avoid this, we now use `os::system()` and the new `os::spawn()` functions to give us our shell/non-shell variant of commands we want to launch. In the past, we used 'os::system()' alone to avoid initializing libprocess, but this caused security issues with allowing arbitrary shell commands to be appended to root-level pre-exec commands that take strings as their last argument (e.g. mount --bind <src> <target>, where target is user supplied and is set to "target_dir; rm -rf /"). We now handle this case by using `os::spawn()` instead. Review: https://reviews.apache.org/r/52011/ > Avoid libprocess functions in `mesos-containerizer launch`. > ----------------------------------------------------------- > > Key: MESOS-6075 > URL: https://issues.apache.org/jira/browse/MESOS-6075 > Project: Mesos > Issue Type: Improvement > Components: containerization > Affects Versions: 1.0.1 > Reporter: Jie Yu > Assignee: Kevin Klues > Labels: mesosphere > Fix For: 1.1.0, 1.0.2 > > > Calling libprocses functions in `mesos-containerizer launch` will cause > libprocess being initialized. That will have some performance impact as it'll > create N threads (N == #cores). > Given that `mesos-containerizer launch` can be blocking, we should avoid > using libprocess methods for performance. -- This message was sent by Atlassian JIRA (v6.3.4#6332)