mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Radhika Jandhyala via Review Board <nore...@reviews.apache.org>
Subject Re: Review Request 67288: White list fds that child processes can inherit in mesos containerizer.
Date Fri, 25 May 2018 17:33:44 GMT


> On May 24, 2018, 10:32 p.m., Andrew Schwartzmeyer wrote:
> > src/slave/containerizer/mesos/containerizer.cpp
> > Lines 1878 (patched)
> > <https://reviews.apache.org/r/67288/diff/1/?file=2028384#file2028384line1878>
> >
> >     Oh, also, we only need to send `pipes[0]`; as the child process only needs the
`read` pipe. If I understand this correctly, this control pipe is for the parent to signal
the child; that is, that child waits in a `read` on the read end of the pipe, for the parent
to `write` to the write end.
> >     
> >     So `std::vector<int_fd> whitelist_fds{pipes[0]};`

In launch.cpp, it currently closes pipes[1]. Since we are sending both pipes via the environment
to the child, we should whitelist both, I think
 Try<Nothing> close = os::close(pipe[1]);
    if (close.isError()) {
      cerr << "Failed to close pipe[1]: " << close.error() << endl;
      exitWithStatus(EXIT_FAILURE);
    }


- Radhika


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67288/#review203824
-----------------------------------------------------------


On May 24, 2018, 10:47 p.m., Radhika Jandhyala wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67288/
> -----------------------------------------------------------
> 
> (Updated May 24, 2018, 10:47 p.m.)
> 
> 
> Review request for mesos, Akash Gupta, Andrew Schwartzmeyer, Eric Mumau, Jie Yu, Li Li,
and Radhika Jandhyala.
> 
> 
> Bugs: MESOS-8926
>     https://issues.apache.org/jira/browse/MESOS-8926
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> White list fds that child processes can inherit in mesos containerizer.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/containerizer.cpp eac1d16f2388385fec04ff8f013ce0ebf4e97f0f

>   src/slave/containerizer/mesos/launcher.hpp f69d934d2e1a129e10df8c7f5c78723e832adc7d

>   src/slave/containerizer/mesos/launcher.cpp 2fe47d368cb82a46328e1f636baa836272db244c

>   src/slave/containerizer/mesos/linux_launcher.hpp 0ea9b875ae46cadea483bc8dd8bf4907fd324dc9

>   src/slave/containerizer/mesos/linux_launcher.cpp 80e444501e429c1e1ae354abcd51f86430316ada

> 
> 
> Diff: https://reviews.apache.org/r/67288/diff/2/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Radhika Jandhyala
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message