You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by al...@apache.org on 2017/03/24 06:14:30 UTC
[1/3] mesos git commit: Removed containerizer flag logging to prevent
leak of sensitive data.
Repository: mesos
Updated Branches:
refs/heads/1.2.x 89d141c6d -> a16fb6ce1
Removed containerizer flag logging to prevent leak of sensitive data.
Review: https://reviews.apache.org/r/57764/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/62a85516
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/62a85516
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/62a85516
Branch: refs/heads/1.2.x
Commit: 62a85516d1dba4d237b4f4aed537ec0cf2d12235
Parents: 89d141c
Author: Till Toenshoff <to...@me.com>
Authored: Fri Mar 24 06:05:05 2017 +0100
Committer: Alexander Rukletsov <al...@apache.org>
Committed: Fri Mar 24 07:12:04 2017 +0100
----------------------------------------------------------------------
src/launcher/posix/executor.cpp | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/62a85516/src/launcher/posix/executor.cpp
----------------------------------------------------------------------
diff --git a/src/launcher/posix/executor.cpp b/src/launcher/posix/executor.cpp
index 59e7c0c..7c4ef10 100644
--- a/src/launcher/posix/executor.cpp
+++ b/src/launcher/posix/executor.cpp
@@ -116,11 +116,14 @@ pid_t launchTaskPosix(
launchFlags.launch_info = JSON::protobuf(launchInfo);
+ // TODO(tillt): Consider using a flag allowing / disallowing the
+ // log output of possibly sensitive data. See MESOS-7292.
string commandString = strings::format(
- "%s %s %s",
+ "%s %s <POSSIBLY-SENSITIVE-DATA>",
path::join(launcherDir, MESOS_CONTAINERIZER),
- MesosContainerizerLaunch::NAME,
- stringify(launchFlags)).get();
+ MesosContainerizerLaunch::NAME).get();
+
+ cout << "Running '" << commandString << "'" << endl;
// Fork the child using launcher.
vector<string> argv(2);
@@ -143,8 +146,6 @@ pid_t launchTaskPosix(
ABORT("Failed to launch '" + commandString + "': " + s.error());
}
- cout << commandString << endl;
-
return s->pid();
}
[3/3] mesos git commit: Fixed environment duplication in command
executor.
Posted by al...@apache.org.
Fixed environment duplication in command executor.
Review: https://reviews.apache.org/r/57762/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/a16fb6ce
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/a16fb6ce
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/a16fb6ce
Branch: refs/heads/1.2.x
Commit: a16fb6ce1864a89d73fa3713514fb0a699b1cb59
Parents: f62f570
Author: Till Toenshoff <to...@me.com>
Authored: Fri Mar 24 06:57:42 2017 +0100
Committer: Alexander Rukletsov <al...@apache.org>
Committed: Fri Mar 24 07:12:53 2017 +0100
----------------------------------------------------------------------
src/launcher/executor.cpp | 44 ++++++++++++++++++++++++++++++++++++------
1 file changed, 38 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/a16fb6ce/src/launcher/executor.cpp
----------------------------------------------------------------------
diff --git a/src/launcher/executor.cpp b/src/launcher/executor.cpp
index d9417ce..59ce5f8 100644
--- a/src/launcher/executor.cpp
+++ b/src/launcher/executor.cpp
@@ -403,20 +403,52 @@ protected:
// TODO(josephw): Windows tasks will inherit the environment
// from the executor for now. Change this if a Windows isolator
// ever uses the `--task_environment` flag.
- Environment launchEnvironment;
+ //
+ // TODO(tillt): Consider logging in detail the original environment
+ // variable source and overwriting source.
+ //
+ // TODO(tillt): Consider implementing a generic, reusable solution
+ // for merging these environments. See MESOS-7299.
+ //
+ // Note that we can not use protobuf message merging as that could
+ // cause duplicate keys in the resulting environment.
+ hashmap<string, Environment::Variable> environment;
foreachpair (const string& name, const string& value, os::environment()) {
- Environment::Variable* variable = launchEnvironment.add_variables();
- variable->set_name(name);
- variable->set_value(value);
+ Environment::Variable variable;
+ variable.set_name(name);
+ variable.set_type(Environment::Variable::VALUE);
+ variable.set_value(value);
+ environment[name] = variable;
}
if (taskEnvironment.isSome()) {
- launchEnvironment.MergeFrom(taskEnvironment.get());
+ foreach (const Environment::Variable& variable,
+ taskEnvironment->variables()) {
+ const string& name = variable.name();
+ if (environment.contains(name) &&
+ environment[name].value() != variable.value()) {
+ cout << "Overwriting environment variable '" << name << "'" << endl;
+ }
+ environment[name] = variable;
+ }
}
if (command.has_environment()) {
- launchEnvironment.MergeFrom(command.environment());
+ foreach (const Environment::Variable& variable,
+ command.environment().variables()) {
+ const string& name = variable.name();
+ if (environment.contains(name) &&
+ environment[name].value() != variable.value()) {
+ cout << "Overwriting environment variable '" << name << "'" << endl;
+ }
+ environment[name] = variable;
+ }
+ }
+
+ Environment launchEnvironment;
+ foreachvalue (const Environment::Variable& variable, environment) {
+ launchEnvironment.add_variables()->CopyFrom(variable);
}
cout << "Starting task " << unacknowledgedTask->task_id() << endl;
[2/3] mesos git commit: Fixed environment overwrite warning to not
leak possibly sensitive data.
Posted by al...@apache.org.
Fixed environment overwrite warning to not leak possibly sensitive data.
Review: https://reviews.apache.org/r/57763/
Project: http://git-wip-us.apache.org/repos/asf/mesos/repo
Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/f62f5706
Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/f62f5706
Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/f62f5706
Branch: refs/heads/1.2.x
Commit: f62f57060bb9e1eb25737f98f071f37e88d52b67
Parents: 62a8551
Author: Till Toenshoff <to...@me.com>
Authored: Fri Mar 24 06:55:46 2017 +0100
Committer: Alexander Rukletsov <al...@apache.org>
Committed: Fri Mar 24 07:12:45 2017 +0100
----------------------------------------------------------------------
src/slave/containerizer/mesos/launch.cpp | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mesos/blob/f62f5706/src/slave/containerizer/mesos/launch.cpp
----------------------------------------------------------------------
diff --git a/src/slave/containerizer/mesos/launch.cpp b/src/slave/containerizer/mesos/launch.cpp
index 4dd81b4..2b712a8 100644
--- a/src/slave/containerizer/mesos/launch.cpp
+++ b/src/slave/containerizer/mesos/launch.cpp
@@ -651,6 +651,10 @@ int MesosContainerizerLaunch::execute()
// specified, inherit the environment of the current process.
Option<os::raw::Envp> envp;
if (launchInfo.has_environment()) {
+ // TODO(tillt): `Environment::Variable` is not a string anymore,
+ // consider cleaning this up with the complete rollout of `Secrets`.
+ // This entire merging should be handled by the solution introduced
+ // by MESOS-7299.
hashmap<string, string> environment;
foreach (const Environment::Variable& variable,
@@ -658,10 +662,10 @@ int MesosContainerizerLaunch::execute()
const string& name = variable.name();
const string& value = variable.value();
- if (environment.contains(name)) {
- cout << "Overwriting environment variable '" << name
- << "', original: '" << environment[name]
- << "', new: '" << value << "'" << endl;
+ // TODO(tillt): Once we have a solution for MESOS-7292, allow
+ // logging of values.
+ if (environment.contains(name) && environment[name] != value) {
+ cout << "Overwriting environment variable '" << name << "'" << endl;
}
environment[name] = value;