aurora-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Cohen <jco...@apache.org>
Subject Re: Review Request 49218: Add support for Mesos Fetcher
Date Sat, 25 Jun 2016 00:57:34 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/49218/#review139426
-----------------------------------------------------------



I'm not super familiar with the Mesos resource fetcher, but I'm assuming Mesos does not apply
any access control on the uris grabbed by the fetcher (based on the fact that we already use
this to grab the thermos executor from whatever path is configured via the scheduler command
line)?

Am I missing something, or is this potentially a privilege escalation to just blindly allow
user tasks to grab arbitrary URIs into their sandbox? Is there any way to control this? I
think at the very least we should wire this functionality off by default via a command line
flag, rejecting any tasks that request uris in this fashion if it's not explicitly enabled.


src/main/java/org/apache/aurora/scheduler/storage/db/TaskConfigMapper.java (line 150)
<https://reviews.apache.org/r/49218/#comment204657>

    Fix this copy/paste.



src/main/resources/org/apache/aurora/scheduler/storage/db/TaskConfigMapper.xml (line 196)
<https://reviews.apache.org/r/49218/#comment204658>

    This should be `u_id` not `m_id`.



src/main/resources/org/apache/aurora/scheduler/storage/db/TaskConfigMapper.xml (lines 408
- 411)
<https://reviews.apache.org/r/49218/#comment204659>

    Indent 2


- Joshua Cohen


On June 24, 2016, 11:01 p.m., Renan DelValle wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/49218/
> -----------------------------------------------------------
> 
> (Updated June 24, 2016, 11:01 p.m.)
> 
> 
> Review request for Aurora.
> 
> 
> Repository: aurora
> 
> 
> Description
> -------
> 
> Adding a URIs field to TaskConfig inside the ThriftAPI so that users are able to specify
resources they wish to download into the sandbox per job.
> 
> 
> Diffs
> -----
> 
>   api/src/main/thrift/org/apache/aurora/gen/api.thrift 3e6daf444453dd563dd7a2d494cc95e9a0aba0b6

>   src/main/java/org/apache/aurora/scheduler/base/TaskTestUtil.java 4089b79da8079243703eead884e80bcf736f8b29

>   src/main/java/org/apache/aurora/scheduler/mesos/MesosTaskFactory.java 3b01801d929dd61ee989495bf38af8f03e9f5ad4

>   src/main/java/org/apache/aurora/scheduler/storage/db/TaskConfigManager.java c76164292cf62d2181374c09f8bf6d8d3358e982

>   src/main/java/org/apache/aurora/scheduler/storage/db/TaskConfigMapper.java 571201094c1e576e496495a01cb83f6c57decfa8

>   src/main/java/org/apache/aurora/scheduler/storage/db/migration/V007_CreateURIsTable.java
PRE-CREATION 
>   src/main/java/org/apache/aurora/scheduler/storage/db/views/DbTaskConfig.java a90cb00e240df25dce6d55728859768e22d741a6

>   src/main/resources/org/apache/aurora/scheduler/storage/db/TaskConfigMapper.xml 2c8af8b88e41b3b381cac831fd43b1057e4df0aa

>   src/main/resources/org/apache/aurora/scheduler/storage/db/schema.sql 5069bedc08bb7111d0e0f101c8a2c81495b97bc9

>   src/test/java/org/apache/aurora/scheduler/mesos/MesosTaskFactoryImplTest.java 58785bfa37ff214f26e9f94d836e6df40e411c3b

>   src/test/java/org/apache/aurora/scheduler/thrift/Fixtures.java a883b0e33bfec1d14e6fe4ee8ed2200d93acaeec

> 
> Diff: https://reviews.apache.org/r/49218/diff/
> 
> 
> Testing
> -------
> 
> ./gradlew build -Pq
> ./build-support/jenkins/build.sh
> bash src/test/sh/org/apache/aurora/e2e/test_end_to_end.sh
> 
> 
> Thanks,
> 
> Renan DelValle
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message