mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jie Yu <yujie....@gmail.com>
Subject Re: Review Request 50200: Made the agent fetch files as the task user.
Date Wed, 20 Jul 2016 22:38:16 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50200/#review143022
-----------------------------------------------------------


Fix it, then Ship it!





src/launcher/fetcher.cpp (lines 513 - 514)
<https://reviews.apache.org/r/50200/#comment208697>

    ```
    CHECK_SOME(os::su(...))
      << ...
    ```
    
    BTW, no idea why we use CHECK_SOME here. Looks to me that we should check the error and
`return EXIT_FAILURE` here. Can you follow up with a patch to fix all occurance of CHECK_SOME
here?



src/tests/fetcher_tests.cpp (lines 131 - 133)
<https://reviews.apache.org/r/50200/#comment208698>

    No need for temp var here:
    ```
    AWAIT_FAILED(fether.fetch(
        containerId,
        commandInfo,
        os::getcwd(),
        None(),
        slaveId,
        flags);
    ```


- Jie Yu


On July 20, 2016, 8:01 p.m., Greg Mann wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/50200/
> -----------------------------------------------------------
> 
> (Updated July 20, 2016, 8:01 p.m.)
> 
> 
> Review request for mesos, Gilbert Song, Jie Yu, and Joerg Schad.
> 
> 
> Bugs: mesos-5845
>     https://issues.apache.org/jira/browse/mesos-5845
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> To ensure that a task cannot fetch root-protected
> files from the local filesystem when running as a
> non-root user, this patch changes the fetcher to
> fetch files as the task user.
> 
> 
> Diffs
> -----
> 
>   src/launcher/fetcher.cpp 0539b0182bd4a7178f103dddd1ab4fee8fc79eda 
>   src/tests/fetcher_tests.cpp d38ce6e750dc828ef5af4a27fac76327cc4cb56c 
> 
> Diff: https://reviews.apache.org/r/50200/diff/
> 
> 
> Testing
> -------
> 
> A new test was added to the fetcher tests: `FetcherTest.ROOT_RootProtectedFileURI`.
> 
> `sudo make check` was used to test on both OSX and CentOS 7.
> 
> Note that two of the fetcher tests fail for me when run as root on OSX. I saw the following
on my OSX 10.10.5 system:
> ```
> [  FAILED  ] FetcherCacheTest.LocalUncachedExtract
> [  FAILED  ] FetcherCacheHttpTest.HttpMixed
> ```
> 
> These failures are already tracked here: https://issues.apache.org/jira/browse/MESOS-4890
> 
> 
> Thanks,
> 
> Greg Mann
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message