mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Peach <jpe...@apache.org>
Subject Review Request 70712: Added filesystem operations to the `ContainerLaunchInfo`.
Date Fri, 24 May 2019 06:46:13 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70712/
-----------------------------------------------------------

Review request for mesos, Xudong Ni, Gilbert Song, Jie Yu, and Jiang Yan Xu.


Bugs: MESOS-9769
    https://issues.apache.org/jira/browse/MESOS-9769


Repository: mesos


Description
-------

The `filesystem/linux` isolator was using pre-exec commands
to set up Linux ABI symlinks. Not only is this inefficient,
it has the undesirable security property of running programs
in a user-controlled container image.

The fix added a new `ContainerFileOperation` message to the
containerizer launch information. The containerizer executes
the requested file operation after performing the container
mounts.


Diffs
-----

  include/mesos/slave/containerizer.proto e9924489000efabebd55bf070f18149f23e4a510 
  src/common/protobuf_utils.hpp 273ae270695db33b6c9d8b32cb38f8840a815787 
  src/common/protobuf_utils.cpp 8b252cb11e17356836988dfc44a63953579a1def 
  src/slave/containerizer/mesos/isolators/cgroups/cgroups.cpp 8f94453a7354927ae918d3f2fd746cdf5ef63cb7

  src/slave/containerizer/mesos/isolators/filesystem/linux.cpp 190054c26b949aa9ba0f49377b77d9e472edb95a

  src/slave/containerizer/mesos/launch.cpp 5ddb4c7d998c17b59164825acc0627a1311b691b 


Diff: https://reviews.apache.org/r/70712/diff/1/


Testing
-------

sudo make check (Fedora 30)


Thanks,

James Peach


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message