You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@mesos.apache.org by ji...@apache.org on 2016/08/02 23:55:41 UTC

[3/8] mesos git commit: Updated docker volume isolator to return non-shell 'pre_exec_commands'.

Updated docker volume isolator to return non-shell 'pre_exec_commands'.

Review: https://reviews.apache.org/r/50535/


Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/1ea9665f
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/1ea9665f
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/1ea9665f

Branch: refs/heads/1.0.x
Commit: 1ea9665f596f1f4d0532d1ce67cca9f73e5e2c1d
Parents: f3b6370
Author: Gilbert Song <so...@gmail.com>
Authored: Mon Aug 1 13:05:53 2016 -0700
Committer: Jie Yu <yu...@gmail.com>
Committed: Tue Aug 2 16:35:12 2016 -0700

----------------------------------------------------------------------
 .../mesos/isolators/docker/volume/isolator.cpp       | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mesos/blob/1ea9665f/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp b/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp
index 70ea5ca..d10c424 100644
--- a/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp
+++ b/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp
@@ -491,9 +491,18 @@ Future<Option<ContainerLaunchInfo>> DockerVolumeIsolatorProcess::_prepare(
     LOG(INFO) << "Mounting docker volume mount point '" << source
               << "' to '" << target  << "' for container " << containerId;
 
-    const string command = "mount -n --rbind '" + source + "' '" + target + "'";
-
-    launchInfo.add_pre_exec_commands()->set_value(command);
+    // Launch mount command as a non-shell subprocess to avoid
+    // injecting arbitrary shell commands (e.g., user defined
+    // 'container_path' in volume can be postfixed with any
+    // unsafe arbitrary commands).
+    CommandInfo* command = launchInfo.add_pre_exec_commands();
+    command->set_shell(false);
+    command->set_value("mount");
+    command->add_arguments("mount");
+    command->add_arguments("-n");
+    command->add_arguments("--rbind");
+    command->add_arguments(source);
+    command->add_arguments(target);
   }
 
   return launchInfo;