----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/52011/#review150126 -----------------------------------------------------------
Fix it, then Ship it! src/slave/containerizer/mesos/launch.cpp (line 248) <https://reviews.apache.org/r/52011/#comment217994> space before 'value' - Jie Yu On Sept. 23, 2016, 2:07 a.m., Kevin Klues wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/52011/ > ----------------------------------------------------------- > > (Updated Sept. 23, 2016, 2:07 a.m.) > > > Review request for mesos, Gilbert Song and Jie Yu. > > > Bugs: MESOS-6075 > https://issues.apache.org/jira/browse/MESOS-6075 > > > Repository: mesos > > > Description > ------- > > Previously, we used 'process::subprocess()' to run all of our pre-exec > commands. However, doing so causes us to (unnecesssarily) initialize > all of libprocess (and subsequently creating a whole bunch of unused > threads, etc.) just to run a simple script. > > To avoid this, we now use `os::system()` and the new `os::spawn()` > functions to give us our shell/non-shell variant of commands we want > to launch. > In the past, we used 'os::system()' alone to avoid initializing > libprocess, but this caused security issues with allowing arbitrary > shell commands to be appended to root-level pre-exec commands that > take strings as their last argument (e.g. mount --bind <src> <target>, > where target is user supplied and is set to "target_dir; rm -rf /"). > We now handle this case by using `os::spawn()` instead. > > > Diffs > ----- > > src/slave/containerizer/mesos/launch.cpp > 48ec3707d772ec68e34acfc5adb47e25336ae8d3 > > Diff: https://reviews.apache.org/r/52011/diff/ > > > Testing > ------- > > $ GTEST_FILTER="" make -j check > $ src/mesos-tests > $ sudo src/mesos-tests > > > Thanks, > > Kevin Klues > >
