mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Peach <>
Subject Re: Review Request 70712: Added filesystem operations to the `ContainerLaunchInfo`.
Date Sat, 25 May 2019 06:44:40 GMT

This is an automatically generated e-mail. To reply, visit:

(Updated May 25, 2019, 6:44 a.m.)

Review request for mesos, Xudong Ni, Gilbert Song, Jie Yu, Jacob Janco, and Jiang Yan Xu.

Bugs: MESOS-9769

Repository: mesos


The `filesystem/linux` isolator was using pre-exec commands
to set up Linux ABI symlinks. Not only is this inefficient,
it has the undesirable security property of running programs
in a user-controlled container image.

The fix added a new `ContainerFileOperation` message to the
containerizer launch information. The containerizer executes
the requested file operation after performing the container

Diffs (updated)

  include/mesos/slave/containerizer.proto e9924489000efabebd55bf070f18149f23e4a510 
  src/common/protobuf_utils.hpp 273ae270695db33b6c9d8b32cb38f8840a815787 
  src/common/protobuf_utils.cpp 8b252cb11e17356836988dfc44a63953579a1def 
  src/slave/containerizer/mesos/isolators/cgroups/cgroups.cpp 8f94453a7354927ae918d3f2fd746cdf5ef63cb7

  src/slave/containerizer/mesos/isolators/filesystem/linux.cpp 190054c26b949aa9ba0f49377b77d9e472edb95a

  src/slave/containerizer/mesos/launch.cpp 5ddb4c7d998c17b59164825acc0627a1311b691b 




sudo make check (Fedora 30)


James Peach

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message