[
https://issues.apache.org/jira/browse/MESOS-5070?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15510671#comment-15510671
]
haosdent commented on MESOS-5070:
---------------------------------
Hi, [~benjaminhindman] Thanks for your comment!
{quote}
(1) This implementation will never enter a pid namespace properly and there's
no check that someone isn't passing in a pid namespace ... bug?
{quote}
I saw we didn't support enter pid namesapce in {{setns}} before. And I think
{{mnt}} and {{net}} should be enough for health check although enter to all
namespaces would be better.
{quote}
(2) This should not live in src/health-check/health_checker.cpp
{quote}
Yes, alexr told me we should add {{Subprocess::ChildHook::SETNS}} like
[Subprocess::ChildHook::SUPERVISOR |
https://github.com/apache/mesos/blob/master/3rdparty/libprocess/src/subprocess.cpp#L98]
cc [~alexr] Please correct me if I understand wrong.
> Introduce more flexible subprocess interface for child options.
> ---------------------------------------------------------------
>
> Key: MESOS-5070
> URL: https://issues.apache.org/jira/browse/MESOS-5070
> Project: Mesos
> Issue Type: Improvement
> Reporter: Joerg Schad
> Assignee: Joerg Schad
> Labels: tech-debt
>
> We introduced a number of parameters to the subprocess interface with
> MESOS-5049.
> Adding all options explicitly to the subprocess interface makes it
> inflexible.
> We should investigate a flexible options, which still prevents arbitrary code
> to be executed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
