mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Klues <>
Subject Re: Review Request 52011: Updated launch helper to avoid initializing libprocess.
Date Fri, 23 Sep 2016 02:07:17 GMT

This is an automatically generated e-mail. To reply, visit:

(Updated Sept. 23, 2016, 2:07 a.m.)

Review request for mesos, Gilbert Song and Jie Yu.


Updated to use the new `os::spawn()` functionality in stout.

Bugs: MESOS-6075

Repository: mesos

Description (updated)

Previously, we used 'process::subprocess()' to run all of our pre-exec
commands. However, doing so causes us to (unnecesssarily) initialize
all of libprocess (and subsequently creating a whole bunch of unused
threads, etc.) just to run a simple script.

To avoid this, we now use `os::system()` and the new `os::spawn()`
functions to give us our shell/non-shell variant of commands we want
to launch.
In the past, we used 'os::system()' alone to avoid initializing
libprocess, but this caused security issues with allowing arbitrary
shell commands to be appended to root-level pre-exec commands that
take strings as their last argument (e.g. mount --bind <src> <target>,
where target is user supplied and is set to "target_dir; rm -rf /").
We now handle this case by using `os::spawn()` instead.

Diffs (updated)

  src/slave/containerizer/mesos/launch.cpp 48ec3707d772ec68e34acfc5adb47e25336ae8d3 



$ GTEST_FILTER="" make -j check
$ src/mesos-tests
$ sudo src/mesos-tests


Kevin Klues

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message