Whitelist inheritable file descriptors in libprocess. This commit plumbs the list of whitelisted file descriptors through the libprocess APIs.
Review: https://reviews.apache.org/r/67287/ Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/281cf5dd Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/281cf5dd Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/281cf5dd Branch: refs/heads/master Commit: 281cf5dd7239dce5103ee34b64df2b785672271f Parents: c4ce8e1 Author: Radhika Jandhyala <radhi...@microsoft.com> Authored: Wed Jun 13 15:56:20 2018 -0700 Committer: Andrew Schwartzmeyer <and...@schwartzmeyer.com> Committed: Wed Jun 13 20:45:29 2018 -0700 ---------------------------------------------------------------------- 3rdparty/libprocess/include/process/subprocess.hpp | 15 ++++++++++----- 3rdparty/libprocess/src/subprocess.cpp | 6 ++++-- 3rdparty/libprocess/src/subprocess_windows.hpp | 6 ++++-- 3 files changed, 18 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/281cf5dd/3rdparty/libprocess/include/process/subprocess.hpp ---------------------------------------------------------------------- diff --git a/3rdparty/libprocess/include/process/subprocess.hpp b/3rdparty/libprocess/include/process/subprocess.hpp index 6a12623..135bf24 100644 --- a/3rdparty/libprocess/include/process/subprocess.hpp +++ b/3rdparty/libprocess/include/process/subprocess.hpp @@ -125,7 +125,8 @@ public: const Option<lambda::function< pid_t(const lambda::function<int()>&)>>& clone, const std::vector<Subprocess::ParentHook>& parent_hooks, - const std::vector<Subprocess::ChildHook>& child_hooks); + const std::vector<Subprocess::ChildHook>& child_hooks, + const std::vector<int_fd>& whitelist_fds); IO(const lambda::function<Try<InputFileDescriptors>()>& _input, const lambda::function<Try<OutputFileDescriptors>()>& _output) @@ -305,7 +306,8 @@ private: const Option<lambda::function< pid_t(const lambda::function<int()>&)>>& clone, const std::vector<Subprocess::ParentHook>& parent_hooks, - const std::vector<Subprocess::ChildHook>& child_hooks); + const std::vector<Subprocess::ChildHook>& child_hooks, + const std::vector<int_fd>& whitelist_fds); struct Data { @@ -377,7 +379,8 @@ Try<Subprocess> subprocess( const Option<lambda::function< pid_t(const lambda::function<int()>&)>>& clone = None(), const std::vector<Subprocess::ParentHook>& parent_hooks = {}, - const std::vector<Subprocess::ChildHook>& child_hooks = {}); + const std::vector<Subprocess::ChildHook>& child_hooks = {}, + const std::vector<int_fd>& whitelist_fds = {}); /** @@ -413,7 +416,8 @@ inline Try<Subprocess> subprocess( const Option<lambda::function< pid_t(const lambda::function<int()>&)>>& clone = None(), const std::vector<Subprocess::ParentHook>& parent_hooks = {}, - const std::vector<Subprocess::ChildHook>& child_hooks = {}) + const std::vector<Subprocess::ChildHook>& child_hooks = {}, + const std::vector<int_fd>& whitelist_fds = {}) { std::vector<std::string> argv = {os::Shell::arg0, os::Shell::arg1, command}; @@ -427,7 +431,8 @@ inline Try<Subprocess> subprocess( environment, clone, parent_hooks, - child_hooks); + child_hooks, + whitelist_fds); } } // namespace process { http://git-wip-us.apache.org/repos/asf/mesos/blob/281cf5dd/3rdparty/libprocess/src/subprocess.cpp ---------------------------------------------------------------------- diff --git a/3rdparty/libprocess/src/subprocess.cpp b/3rdparty/libprocess/src/subprocess.cpp index d7a7253..0b2c02a 100644 --- a/3rdparty/libprocess/src/subprocess.cpp +++ b/3rdparty/libprocess/src/subprocess.cpp @@ -331,7 +331,8 @@ Try<Subprocess> subprocess( const Option<lambda::function< pid_t(const lambda::function<int()>&)>>& _clone, const vector<Subprocess::ParentHook>& parent_hooks, - const vector<Subprocess::ChildHook>& child_hooks) + const vector<Subprocess::ChildHook>& child_hooks, + const vector<int_fd>& whitelist_fds) { // TODO(hausdorff): We should error out on Windows here if we are passing // parameters that aren't used. @@ -430,7 +431,8 @@ Try<Subprocess> subprocess( parent_hooks, stdinfds, stdoutfds, - stderrfds); + stderrfds, + whitelist_fds); if (process_data.isError()) { // NOTE: `createChildProcess` either succeeds entirely or returns an http://git-wip-us.apache.org/repos/asf/mesos/blob/281cf5dd/3rdparty/libprocess/src/subprocess_windows.hpp ---------------------------------------------------------------------- diff --git a/3rdparty/libprocess/src/subprocess_windows.hpp b/3rdparty/libprocess/src/subprocess_windows.hpp index c7ed0ad..1bbb8af 100644 --- a/3rdparty/libprocess/src/subprocess_windows.hpp +++ b/3rdparty/libprocess/src/subprocess_windows.hpp @@ -51,7 +51,8 @@ inline Try<::internal::windows::ProcessData> createChildProcess( const std::vector<Subprocess::ParentHook>& parent_hooks, const InputFileDescriptors& stdinfds, const OutputFileDescriptors& stdoutfds, - const OutputFileDescriptors& stderrfds) + const OutputFileDescriptors& stderrfds, + const std::vector<int_fd>& whitelist_fds = {}) { const std::array<int_fd, 3> fds{ stdinfds.read, stdoutfds.write, stderrfds.write}; @@ -62,7 +63,8 @@ inline Try<::internal::windows::ProcessData> createChildProcess( argv, environment, true, // Create suspended. - fds); + fds, + whitelist_fds); // Close the child-ends of the file descriptors that are created // by this function.