mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Klues <>
Subject Review Request 52011: Updated launch helper to avoid initializing libprocess.
Date Sun, 18 Sep 2016 18:14:59 GMT

This is an automatically generated e-mail. To reply, visit:

Review request for mesos, Gilbert Song and Jie Yu.

Bugs: MESOS-6075

Repository: mesos


Previously, we used 'process::subprocess()' to run all of our pre-exec
commands. However, doing so causes us to (unnecesssarily) initialize
all of libprocess (and subsequently creating a whole bunch of unused
threads, etc.) just to run a simple script.

To avoid this, we now use fork/exec exec directly avoid calling
'process:subprocess()'. In the past, we used 'os::system()' here
to avoid initializing libprocess, but this caused security issues with
allowing arbitrary shell commands to be appended to root-level
pre-exec commands that take strings as their last argument (e.g. mount
--bind <src> <target>, where target is user supplied and is set to
"target_dir; rm -rf /"). We now handle this case by invoking `execvp`
directly (which ensures that exactly one command is invoked and that
all of the strings passed to it are treated as direct arguments to
that one command).

In the fututre, we should consider refactoring
'libprocess::subprocess()' to pull the base functionality into stout
to avoid initializing libprocess for simple use cases like this one.


  src/slave/containerizer/mesos/launch.cpp fc51e04ec1572679e6a48ff4f0fa31ef2dfd6ec3 



$ GTEST_FILTER="" make -j check
$ src/mesos-tests
$ sudo src/mesos-tests


Kevin Klues

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message