···
1
-
diff --git a/3rdparty/stout/include/stout/os/posix/chown.hpp b/3rdparty/stout/include/stout/os/posix/chown.hpp
2
-
index c82e2e574..15d332107 100644
3
-
--- a/3rdparty/stout/include/stout/os/posix/chown.hpp
4
-
+++ b/3rdparty/stout/include/stout/os/posix/chown.hpp
5
-
@@ -34,7 +34,7 @@ inline Try<Nothing> chown(
6
-
// TODO(bmahler): Consider walking the file tree instead. We would need
7
-
// to be careful to not miss dotfiles.
8
-
std::string command =
9
-
- "chown -R " + stringify(uid) + ':' + stringify(gid) + " '" + path + "'";
10
-
+ "@chown@ -R " + stringify(uid) + ':' + stringify(gid) + " '" + path + "'";
12
-
int status = os::system(command);
14
-
diff --git a/3rdparty/stout/include/stout/os/posix/fork.hpp b/3rdparty/stout/include/stout/os/posix/fork.hpp
15
-
index a29967dcb..290b98b50 100644
16
-
--- a/3rdparty/stout/include/stout/os/posix/fork.hpp
17
-
+++ b/3rdparty/stout/include/stout/os/posix/fork.hpp
1
+
diff --git i/3rdparty/stout/include/stout/os/posix/fork.hpp w/3rdparty/stout/include/stout/os/posix/fork.hpp
2
+
index a29967d..290b98b 100644
3
+
--- i/3rdparty/stout/include/stout/os/posix/fork.hpp
4
+
+++ w/3rdparty/stout/include/stout/os/posix/fork.hpp
@@ -369,7 +369,7 @@ private:
// Execute the command (via '/bin/sh -c command').
···
<< "Failed to execute '" << command << "': " << os::strerror(errno);
} else if (wait.isSome()) {
27
-
diff --git a/3rdparty/stout/include/stout/posix/os.hpp b/3rdparty/stout/include/stout/posix/os.hpp
28
-
index c37e64db6..d3d87b7f0 100644
29
-
--- a/3rdparty/stout/include/stout/posix/os.hpp
30
-
+++ b/3rdparty/stout/include/stout/posix/os.hpp
31
-
@@ -375,7 +375,7 @@ inline Option<std::string> getenv(const std::string& key)
14
+
diff --git i/3rdparty/stout/include/stout/posix/os.hpp w/3rdparty/stout/include/stout/posix/os.hpp
15
+
index 8511dfd..1e7be01 100644
16
+
--- i/3rdparty/stout/include/stout/posix/os.hpp
17
+
+++ w/3rdparty/stout/include/stout/posix/os.hpp
18
+
@@ -366,7 +366,7 @@ inline Try<std::set<pid_t>> pids(Option<pid_t> group, Option<pid_t> session)
inline Try<Nothing> tar(const std::string& path, const std::string& archive)
Try<std::string> tarOut =
···
return Error("Failed to archive " + path + ": " + tarOut.error());
40
-
diff --git a/src/Makefile.am b/src/Makefile.am
41
-
index 3bcc0f2df..e5cbc57e8 100644
42
-
--- a/src/Makefile.am
43
-
+++ b/src/Makefile.am
44
-
@@ -1545,7 +1545,7 @@ if HAS_JAVA
27
+
diff --git i/src/Makefile.am w/src/Makefile.am
28
+
index 68fff14..c572f92 100644
29
+
--- i/src/Makefile.am
30
+
+++ w/src/Makefile.am
31
+
@@ -1775,7 +1775,7 @@ if HAS_JAVA
$(MESOS_JAR): $(MESOS_JAR_SOURCE) $(MESOS_JAR_GENERATED) java/mesos.pom
@echo "Building mesos-$(PACKAGE_VERSION).jar ..."
···
# Convenience library for JNI bindings.
# TODO(Charles Reiss): We really should be building the Java library
53
-
diff --git a/src/cli/mesos-scp b/src/cli/mesos-scp
54
-
index a71ab0708..1043d1b3c 100755
55
-
--- a/src/cli/mesos-scp
56
-
+++ b/src/cli/mesos-scp
40
+
diff --git i/src/cli/mesos-scp w/src/cli/mesos-scp
41
+
index a71ab07..1043d1b 100755
42
+
--- i/src/cli/mesos-scp
43
+
+++ w/src/cli/mesos-scp
@@ -19,7 +19,8 @@ if sys.version_info < (2,6,0):
···
process = subprocess.Popen(
67
-
diff --git a/src/common/command_utils.cpp b/src/common/command_utils.cpp
68
-
index 09e805140..90bf65896 100644
69
-
--- a/src/common/command_utils.cpp
70
-
+++ b/src/common/command_utils.cpp
71
-
@@ -140,7 +140,7 @@ Future<Nothing> tar(
54
+
diff --git i/src/common/command_utils.cpp w/src/common/command_utils.cpp
55
+
index c50be76..388cc53 100644
56
+
--- i/src/common/command_utils.cpp
57
+
+++ w/src/common/command_utils.cpp
58
+
@@ -142,7 +142,7 @@ Future<Nothing> tar(
argv.emplace_back(input);
···
.then([]() { return Nothing(); });
80
-
@@ -162,7 +162,7 @@ Future<Nothing> untar(
67
+
@@ -164,7 +164,7 @@ Future<Nothing> untar(
argv.emplace_back(directory.get());
···
.then([]() { return Nothing(); });
89
-
@@ -170,7 +170,7 @@ Future<Nothing> untar(
76
+
@@ -172,7 +172,7 @@ Future<Nothing> untar(
Future<string> sha512(const Path& input)
···
input // Input file to compute shasum.
98
-
@@ -206,7 +206,7 @@ Future<Nothing> gzip(const Path& input)
85
+
@@ -208,7 +208,7 @@ Future<Nothing> gzip(const Path& input)
···
.then([]() { return Nothing(); });
107
-
@@ -219,7 +219,7 @@ Future<Nothing> decompress(const Path& input)
94
+
@@ -221,7 +221,7 @@ Future<Nothing> decompress(const Path& input)
···
.then([]() { return Nothing(); });
116
-
diff --git a/src/launcher/fetcher.cpp b/src/launcher/fetcher.cpp
117
-
index 4456c2813..e22c8fc03 100644
118
-
--- a/src/launcher/fetcher.cpp
119
-
+++ b/src/launcher/fetcher.cpp
120
-
@@ -68,13 +68,13 @@ static Try<bool> extract(
103
+
diff --git i/src/launcher/fetcher.cpp w/src/launcher/fetcher.cpp
104
+
index 42980f5..3aebeed 100644
105
+
--- i/src/launcher/fetcher.cpp
106
+
+++ w/src/launcher/fetcher.cpp
107
+
@@ -80,17 +80,17 @@ static Try<bool> extract(
strings::endsWith(sourcePath, ".tar.bz2") ||
strings::endsWith(sourcePath, ".txz") ||
strings::endsWith(sourcePath, ".tar.xz")) {
124
-
- command = "tar -C '" + destinationDirectory + "' -xf";
125
-
+ command = "@tar@ -C '" + destinationDirectory + "' -xf";
111
+
- command = {"tar", "-C", destinationDirectory, "-xf", sourcePath};
112
+
+ command = {"@tar@", "-C", destinationDirectory, "-xf", sourcePath};
} else if (strings::endsWith(sourcePath, ".gz")) {
string pathWithoutExtension = sourcePath.substr(0, sourcePath.length() - 3);
string filename = Path(pathWithoutExtension).basename();
129
-
- command = "gzip -dc > '" + destinationDirectory + "/" + filename + "' <";
130
-
+ command = "@gzip@ -dc > '" + destinationDirectory + "/" + filename + "' <";
116
+
string destinationPath = path::join(destinationDirectory, filename);
118
+
- command = {"gunzip", "-d", "-c"};
119
+
+ command = {"@gunzip@", "-d", "-c"};
120
+
in = Subprocess::PATH(sourcePath);
121
+
out = Subprocess::PATH(destinationPath);
} else if (strings::endsWith(sourcePath, ".zip")) {
132
-
- command = "unzip -o -d '" + destinationDirectory + "'";
133
-
+ command = "@unzip@ -o -d '" + destinationDirectory + "'";
123
+
- command = {"unzip", "-o", "-d", destinationDirectory, sourcePath};
124
+
+ command = {"@unzip@", "-o", "-d", destinationDirectory, sourcePath};
137
-
@@ -162,7 +162,7 @@ static Try<string> copyFile(
128
+
@@ -193,7 +193,7 @@ static Try<string> copyFile(
const string& sourcePath,
const string& destinationPath)
141
-
- const string command = "cp '" + sourcePath + "' '" + destinationPath + "'";
142
-
+ const string command = "@cp@ '" + sourcePath + "' '" + destinationPath + "'";
144
-
LOG(INFO) << "Copying resource with command:" << command;
132
+
- int status = os::spawn("cp", {"cp", sourcePath, destinationPath});
133
+
+ int status = os::spawn("cp", {"@cp@", sourcePath, destinationPath});
146
-
diff --git a/src/linux/perf.cpp b/src/linux/perf.cpp
147
-
index aa31982eb..8b5331b17 100644
148
-
--- a/src/linux/perf.cpp
149
-
+++ b/src/linux/perf.cpp
150
-
@@ -127,7 +127,7 @@ private:
135
+
if (status == -1) {
136
+
return ErrnoError("Failed to copy '" + sourcePath + "'");
137
+
diff --git i/src/linux/perf.cpp w/src/linux/perf.cpp
138
+
index b301e25..356a2cf 100644
139
+
--- i/src/linux/perf.cpp
140
+
+++ w/src/linux/perf.cpp
141
+
@@ -128,7 +128,7 @@ private:
// NOTE: The supervisor childhook places perf in its own process group
// and will kill the perf process when the parent dies.
Try<Subprocess> _perf = subprocess(
···
159
-
@@ -319,7 +319,7 @@ bool valid(const set<string>& events)
160
-
ostringstream command;
162
-
// Log everything to stderr which is then redirected to /dev/null.
163
-
- command << "perf stat --log-fd 2";
164
-
+ command << "@perf@ stat --log-fd 2";
165
-
foreach (const string& event, events) {
166
-
command << " --event " << event;
168
-
diff --git a/src/linux/systemd.cpp b/src/linux/systemd.cpp
169
-
index 6318f48fc..394d88d47 100644
170
-
--- a/src/linux/systemd.cpp
171
-
+++ b/src/linux/systemd.cpp
150
+
diff --git i/src/linux/systemd.cpp w/src/linux/systemd.cpp
151
+
index 6318f48..394d88d 100644
152
+
--- i/src/linux/systemd.cpp
153
+
+++ w/src/linux/systemd.cpp
@@ -196,13 +196,21 @@ bool exists()
// This is static as the init system should not change while we are running.
static const bool exists = []() -> bool {
···
Try<string> daemonReload = os::shell("systemctl daemon-reload");
if (daemonReload.isError()) {
return Error("Failed to reload systemd daemon: " + daemonReload.error());
212
-
diff --git a/src/python/cli/src/mesos/cli.py b/src/python/cli/src/mesos/cli.py
213
-
index f342992e0..354abf443 100644
214
-
--- a/src/python/cli/src/mesos/cli.py
215
-
+++ b/src/python/cli/src/mesos/cli.py
194
+
diff --git i/src/python/cli/src/mesos/cli.py w/src/python/cli/src/mesos/cli.py
195
+
index 4a9b558..c08a8b9 100644
196
+
--- i/src/python/cli/src/mesos/cli.py
197
+
+++ w/src/python/cli/src/mesos/cli.py
@@ -40,7 +40,7 @@ def resolve(master):
···
225
-
diff --git a/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp b/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp
226
-
index af9f3736b..f8554d414 100644
227
-
--- a/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp
228
-
+++ b/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp
207
+
diff --git i/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp w/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp
208
+
index 5b630c1..d63ad69 100644
209
+
--- i/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp
210
+
+++ w/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp
@@ -499,7 +499,7 @@ Future<Option<ContainerLaunchInfo>> DockerVolumeIsolatorProcess::_prepare(
// unsafe arbitrary commands).
CommandInfo* command = launchInfo.add_pre_exec_commands();
···
command->add_arguments("mount");
command->add_arguments("-n");
command->add_arguments("--rbind");
238
-
diff --git a/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp b/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp
239
-
index df16b8fee..4a17475bd 100644
240
-
--- a/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp
241
-
+++ b/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp
242
-
@@ -159,9 +159,9 @@ Try<Isolator*> LinuxFilesystemIsolatorProcess::create(const Flags& flags)
220
+
diff --git i/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp w/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp
221
+
index d7fe9a8..1361a4e 100644
222
+
--- i/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp
223
+
+++ w/src/slave/containerizer/mesos/isolators/filesystem/linux.cpp
224
+
@@ -154,9 +154,9 @@ Try<Isolator*> LinuxFilesystemIsolatorProcess::create(const Flags& flags)
// here because 'create' will only be invoked during
Try<string> mount = os::shell(
···
255
-
@@ -180,8 +180,8 @@ Try<Isolator*> LinuxFilesystemIsolatorProcess::create(const Flags& flags)
237
+
@@ -175,8 +175,8 @@ Try<Isolator*> LinuxFilesystemIsolatorProcess::create(const Flags& flags)
LOG(INFO) << "Making '" << workDir.get() << "' a shared mount";
Try<string> mount = os::shell(
···
266
-
@@ -404,7 +404,7 @@ Try<vector<CommandInfo>> LinuxFilesystemIsolatorProcess::getPreExecCommands(
248
+
@@ -422,7 +422,7 @@ Try<vector<CommandInfo>> LinuxFilesystemIsolatorProcess::getPreExecCommands(
command.set_shell(false);
···
command.add_arguments("mount");
command.add_arguments("-n");
command.add_arguments("--rbind");
275
-
@@ -569,7 +569,7 @@ Try<vector<CommandInfo>> LinuxFilesystemIsolatorProcess::getPreExecCommands(
257
+
@@ -610,7 +610,7 @@ Try<vector<CommandInfo>> LinuxFilesystemIsolatorProcess::getPreExecCommands(
// TODO(jieyu): Consider the mode in the volume.
command.set_shell(false);
···
command.add_arguments("mount");
command.add_arguments("-n");
command.add_arguments("--rbind");
284
-
diff --git a/src/slave/containerizer/mesos/isolators/filesystem/shared.cpp b/src/slave/containerizer/mesos/isolators/filesystem/shared.cpp
285
-
index a1283e5ee..a918427bf 100644
286
-
--- a/src/slave/containerizer/mesos/isolators/filesystem/shared.cpp
287
-
+++ b/src/slave/containerizer/mesos/isolators/filesystem/shared.cpp
288
-
@@ -207,7 +207,7 @@ Future<Option<ContainerLaunchInfo>> SharedFilesystemIsolatorProcess::prepare(
266
+
diff --git i/src/slave/containerizer/mesos/isolators/filesystem/shared.cpp w/src/slave/containerizer/mesos/isolators/filesystem/shared.cpp
267
+
index 927d95b..576dc63 100644
268
+
--- i/src/slave/containerizer/mesos/isolators/filesystem/shared.cpp
269
+
+++ w/src/slave/containerizer/mesos/isolators/filesystem/shared.cpp
270
+
@@ -208,7 +208,7 @@ Future<Option<ContainerLaunchInfo>> SharedFilesystemIsolatorProcess::prepare(
launchInfo.add_pre_exec_commands()->set_value(
···
297
-
diff --git a/src/slave/containerizer/mesos/isolators/gpu/isolator.cpp b/src/slave/containerizer/mesos/isolators/gpu/isolator.cpp
298
-
index e3756c920..cfe458b59 100644
299
-
--- a/src/slave/containerizer/mesos/isolators/gpu/isolator.cpp
300
-
+++ b/src/slave/containerizer/mesos/isolators/gpu/isolator.cpp
301
-
@@ -355,7 +355,7 @@ Future<Option<ContainerLaunchInfo>> NvidiaGpuIsolatorProcess::_prepare(
279
+
diff --git i/src/slave/containerizer/mesos/isolators/gpu/isolator.cpp w/src/slave/containerizer/mesos/isolators/gpu/isolator.cpp
280
+
index 25636b5..33ec315 100644
281
+
--- i/src/slave/containerizer/mesos/isolators/gpu/isolator.cpp
282
+
+++ w/src/slave/containerizer/mesos/isolators/gpu/isolator.cpp
283
+
@@ -401,7 +401,7 @@ Future<Option<ContainerLaunchInfo>> NvidiaGpuIsolatorProcess::_prepare(
launchInfo.add_pre_exec_commands()->set_value(
···
volume.HOST_PATH() + " " + target);
310
-
diff --git a/src/slave/containerizer/mesos/isolators/gpu/volume.cpp b/src/slave/containerizer/mesos/isolators/gpu/volume.cpp
311
-
index 478752f37..ab527f0cd 100644
312
-
--- a/src/slave/containerizer/mesos/isolators/gpu/volume.cpp
313
-
+++ b/src/slave/containerizer/mesos/isolators/gpu/volume.cpp
314
-
@@ -281,7 +281,7 @@ Try<NvidiaVolume> NvidiaVolume::create()
292
+
diff --git i/src/slave/containerizer/mesos/isolators/gpu/volume.cpp w/src/slave/containerizer/mesos/isolators/gpu/volume.cpp
293
+
index 536a3c7..e2819dd 100644
294
+
--- i/src/slave/containerizer/mesos/isolators/gpu/volume.cpp
295
+
+++ w/src/slave/containerizer/mesos/isolators/gpu/volume.cpp
296
+
@@ -274,7 +274,7 @@ Try<NvidiaVolume> NvidiaVolume::create()
string path = path::join(hostPath, "bin", binary);
···
Try<string> which = os::shell(command);
323
-
@@ -295,7 +295,7 @@ Try<NvidiaVolume> NvidiaVolume::create()
305
+
@@ -288,7 +288,7 @@ Try<NvidiaVolume> NvidiaVolume::create()
: "No such file or directory"));
···
Try<string> cp = os::shell(command);
return Error("Failed to os::shell '" + command + "': " + cp.error());
332
-
@@ -367,7 +367,7 @@ Try<NvidiaVolume> NvidiaVolume::create()
314
+
@@ -360,7 +360,7 @@ Try<NvidiaVolume> NvidiaVolume::create()
Path(realpath.get()).basename());
if (!os::exists(libraryPath)) {
···
Try<string> cp = os::shell(command);
return Error("Failed to os::shell '" + command + "':"
341
-
diff --git a/src/slave/containerizer/mesos/isolators/namespaces/pid.cpp b/src/slave/containerizer/mesos/isolators/namespaces/pid.cpp
342
-
index 0d9ec57d9..a177e4476 100644
343
-
--- a/src/slave/containerizer/mesos/isolators/namespaces/pid.cpp
344
-
+++ b/src/slave/containerizer/mesos/isolators/namespaces/pid.cpp
345
-
@@ -94,7 +94,7 @@ Future<Option<ContainerLaunchInfo>> NamespacesPidIsolatorProcess::prepare(
323
+
diff --git i/src/slave/containerizer/mesos/isolators/namespaces/pid.cpp w/src/slave/containerizer/mesos/isolators/namespaces/pid.cpp
324
+
index 42bc2e1..2f9066e 100644
325
+
--- i/src/slave/containerizer/mesos/isolators/namespaces/pid.cpp
326
+
+++ w/src/slave/containerizer/mesos/isolators/namespaces/pid.cpp
327
+
@@ -131,7 +131,7 @@ Future<Option<ContainerLaunchInfo>> NamespacesPidIsolatorProcess::prepare(
// TOOD(jieyu): Consider unmount the existing /proc.
launchInfo.add_pre_exec_commands()->set_value(
···
354
-
diff --git a/src/slave/containerizer/mesos/isolators/network/cni/cni.cpp b/src/slave/containerizer/mesos/isolators/network/cni/cni.cpp
355
-
index c87e6715a..6601cd1b3 100644
356
-
--- a/src/slave/containerizer/mesos/isolators/network/cni/cni.cpp
357
-
+++ b/src/slave/containerizer/mesos/isolators/network/cni/cni.cpp
358
-
@@ -262,9 +262,9 @@ Try<Isolator*> NetworkCniIsolatorProcess::create(const Flags& flags)
336
+
diff --git i/src/slave/containerizer/mesos/isolators/network/cni/cni.cpp w/src/slave/containerizer/mesos/isolators/network/cni/cni.cpp
337
+
index fc68f04..267b040 100644
338
+
--- i/src/slave/containerizer/mesos/isolators/network/cni/cni.cpp
339
+
+++ w/src/slave/containerizer/mesos/isolators/network/cni/cni.cpp
340
+
@@ -205,9 +205,9 @@ Try<Isolator*> NetworkCniIsolatorProcess::create(const Flags& flags)
// here because 'create' will only be invoked during
Try<string> mount = os::shell(
···
371
-
@@ -284,8 +284,8 @@ Try<Isolator*> NetworkCniIsolatorProcess::create(const Flags& flags)
353
+
@@ -227,8 +227,8 @@ Try<Isolator*> NetworkCniIsolatorProcess::create(const Flags& flags)
LOG(INFO) << "Making '" << rootDir.get() << "' a shared mount";
Try<string> mount = os::shell(
···
382
-
diff --git a/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp b/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
383
-
index b470f0c82..6110a43ee 100644
384
-
--- a/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
385
-
+++ b/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
386
-
@@ -303,7 +303,7 @@ Try<Nothing> PortMapper::addPortMapping(
364
+
diff --git i/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp w/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
365
+
index 43cf3e4..94bad8b 100644
366
+
--- i/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
367
+
+++ w/src/slave/containerizer/mesos/isolators/network/cni/plugins/port_mapper/port_mapper.cpp
368
+
@@ -301,7 +301,7 @@ Try<Nothing> PortMapper::addPortMapping(
# Check if the `chain` exists in the iptable. If it does not
# exist go ahead and install the chain in the iptables NAT
···
# NOTE: When we create the chain, there is a possibility of a
# race due to which a container launch can fail. This can
395
-
@@ -317,25 +317,25 @@ Try<Nothing> PortMapper::addPortMapping(
377
+
@@ -315,25 +315,25 @@ Try<Nothing> PortMapper::addPortMapping(
# since it can happen only when the chain is created the first
# time and two commands for creation of the chain are executed
···
425
-
@@ -362,7 +362,7 @@ Try<Nothing> PortMapper::delPortMapping()
407
+
@@ -360,7 +360,7 @@ Try<Nothing> PortMapper::delPortMapping()
# The iptables command searches for the DNAT rules with tag
# "container_id: <CNI_CONTAINERID>", and if it exists goes ahead
···
getIptablesRuleTag()).get();
434
-
diff --git a/src/slave/containerizer/mesos/isolators/network/port_mapping.cpp b/src/slave/containerizer/mesos/isolators/network/port_mapping.cpp
435
-
index 20fb6ab35..46c160977 100644
436
-
--- a/src/slave/containerizer/mesos/isolators/network/port_mapping.cpp
437
-
+++ b/src/slave/containerizer/mesos/isolators/network/port_mapping.cpp
438
-
@@ -1393,19 +1393,19 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags)
416
+
diff --git i/src/slave/containerizer/mesos/isolators/network/port_mapping.cpp w/src/slave/containerizer/mesos/isolators/network/port_mapping.cpp
417
+
index 57d4ccd..68c9577 100644
418
+
--- i/src/slave/containerizer/mesos/isolators/network/port_mapping.cpp
419
+
+++ w/src/slave/containerizer/mesos/isolators/network/port_mapping.cpp
420
+
@@ -1394,19 +1394,19 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags)
// Check the availability of a few Linux commands that we will use.
// We use the blocking os::shell here because 'create' will only be
// invoked during initialization.
···
if (checkCommandIp.isError()) {
return Error("Check command 'ip' failed: " + checkCommandIp.error());
461
-
@@ -1925,9 +1925,9 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags)
443
+
@@ -1940,9 +1940,9 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags)
// visible. It's OK to use the blocking os::shell here because
// 'create' will only be invoked during initialization.
Try<string> mount = os::shell(
···
474
-
@@ -1944,8 +1944,8 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags)
456
+
@@ -1959,8 +1959,8 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags)
// shared mount yet (possibly due to slave crash while preparing
// the work directory mount). It's safe to re-do the following.
Try<string> mount = os::shell(
···
485
-
@@ -1964,8 +1964,8 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags)
467
+
@@ -1979,8 +1979,8 @@ Try<Isolator*> PortMappingIsolatorProcess::create(const Flags& flags)
// so that they are in different peer groups.
if (entry.shared() == bindMountEntry->shared()) {
Try<string> mount = os::shell(
···
496
-
@@ -3911,6 +3911,8 @@ Try<Nothing> PortMappingIsolatorProcess::removeHostIPFilters(
478
+
@@ -3927,6 +3927,8 @@ Try<Nothing> PortMappingIsolatorProcess::removeHostIPFilters(
// TODO(jieyu): Use the Subcommand abstraction to remove most of the
// logic here. Completely remove this function once we can assume a
// newer kernel where 'setns' works for mount namespaces.
···
string PortMappingIsolatorProcess::scripts(Info* info)
505
-
@@ -3921,7 +3923,7 @@ string PortMappingIsolatorProcess::scripts(Info* info)
487
+
@@ -3937,7 +3939,7 @@ string PortMappingIsolatorProcess::scripts(Info* info)
// Mark the mount point PORT_MAPPING_BIND_MOUNT_ROOT() as slave
// mount so that changes in the container will not be propagated to
···
// Disable IPv6 when IPv6 module is loaded as IPv6 packets won't be
514
-
@@ -3929,7 +3931,7 @@ string PortMappingIsolatorProcess::scripts(Info* info)
496
+
@@ -3945,7 +3947,7 @@ string PortMappingIsolatorProcess::scripts(Info* info)
<< " echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6\n";
// Configure lo and eth0.
···
<< " mtu " << hostEth0MTU << " up\n";
// NOTE: This is mostly a kernel issue: in veth_xmit() the kernel
523
-
@@ -3938,12 +3940,12 @@ string PortMappingIsolatorProcess::scripts(Info* info)
505
+
@@ -3954,12 +3956,12 @@ string PortMappingIsolatorProcess::scripts(Info* info)
// when we receive a packet with a bad checksum. Disabling rx
// checksum offloading ensures the TCP layer will checksum and drop
···
// Restrict the ephemeral ports that can be used by the container.
script << "echo " << info->ephemeralPorts.lower() << " "
540
-
@@ -3972,19 +3974,19 @@ string PortMappingIsolatorProcess::scripts(Info* info)
522
+
@@ -3988,19 +3990,19 @@ string PortMappingIsolatorProcess::scripts(Info* info)
// Set up filters on lo and eth0.
···
<< " prio " << Priority(IP_FILTER_PRIORITY, NORMAL).get() << " u32"
564
-
@@ -3995,7 +3997,7 @@ string PortMappingIsolatorProcess::scripts(Info* info)
546
+
@@ -4011,7 +4013,7 @@ string PortMappingIsolatorProcess::scripts(Info* info)
foreach (const PortRange& range,
getPortRanges(info->nonEphemeralPorts + info->ephemeralPorts)) {
// Local traffic inside a container will not be redirected to eth0.
···
<< " prio " << Priority(IP_FILTER_PRIORITY, HIGH).get() << " u32"
573
-
@@ -4004,7 +4006,7 @@ string PortMappingIsolatorProcess::scripts(Info* info)
555
+
@@ -4020,7 +4022,7 @@ string PortMappingIsolatorProcess::scripts(Info* info)
// Traffic going to host loopback IP and ports assigned to this
// container will be redirected to lo.
···
<< " prio " << Priority(IP_FILTER_PRIORITY, NORMAL).get() << " u32"
582
-
@@ -4016,14 +4018,14 @@ string PortMappingIsolatorProcess::scripts(Info* info)
564
+
@@ -4032,14 +4034,14 @@ string PortMappingIsolatorProcess::scripts(Info* info)
// Do not forward the ICMP packet if the destination IP is self.
···
<< " prio " << Priority(ICMP_FILTER_PRIORITY, NORMAL).get() << " u32"
599
-
@@ -4032,9 +4034,9 @@ string PortMappingIsolatorProcess::scripts(Info* info)
600
-
<< net::IPNetwork::LOOPBACK_V4().address() << "\n";
581
+
@@ -4048,9 +4050,9 @@ string PortMappingIsolatorProcess::scripts(Info* info)
582
+
<< net::IP::Network::LOOPBACK_V4().address() << "\n";
// Display the filters created on eth0 and lo.
- script << "tc filter show dev " << eth0
···
<< " parent " << ingress::HANDLE << "\n";
// If throughput limit for container egress traffic exists, use HTB
611
-
@@ -4046,9 +4048,9 @@ string PortMappingIsolatorProcess::scripts(Info* info)
593
+
@@ -4062,9 +4064,9 @@ string PortMappingIsolatorProcess::scripts(Info* info)
// throughput. TBF requires other parameters such as 'burst' that
// HTB already has default values for.
if (egressRateLimitPerContainer.isSome()) {
···
<< CONTAINER_TX_HTB_HANDLE << " classid "
<< CONTAINER_TX_HTB_CLASS_ID << " htb rate "
<< egressRateLimitPerContainer.get().bytes() * 8 << "bit\n";
623
-
@@ -4059,12 +4061,12 @@ string PortMappingIsolatorProcess::scripts(Info* info)
605
+
@@ -4075,12 +4077,12 @@ string PortMappingIsolatorProcess::scripts(Info* info)
// fq_codel, which has a larger buffer and better control on
// TODO(cwang): Verity that fq_codel qdisc is available.
···
639
-
diff --git a/src/slave/containerizer/mesos/isolators/posix/disk.cpp b/src/slave/containerizer/mesos/isolators/posix/disk.cpp
640
-
index db0583386..542586370 100644
641
-
--- a/src/slave/containerizer/mesos/isolators/posix/disk.cpp
642
-
+++ b/src/slave/containerizer/mesos/isolators/posix/disk.cpp
643
-
@@ -540,7 +540,7 @@ private:
621
+
diff --git i/src/slave/containerizer/mesos/isolators/posix/disk.cpp w/src/slave/containerizer/mesos/isolators/posix/disk.cpp
622
+
index eb23025..db268ea 100644
623
+
--- i/src/slave/containerizer/mesos/isolators/posix/disk.cpp
624
+
+++ w/src/slave/containerizer/mesos/isolators/posix/disk.cpp
625
+
@@ -572,7 +572,7 @@ private:
// NOTE: The supervisor childhook will watch the parent process and kill
// the 'du' process in case that the parent die.
Try<Subprocess> s = subprocess(
650
-
Subprocess::PATH("/dev/null"),
632
+
Subprocess::PATH(os::DEV_NULL),
652
-
diff --git a/src/slave/containerizer/mesos/isolators/volume/image.cpp b/src/slave/containerizer/mesos/isolators/volume/image.cpp
653
-
index 210e67ad0..60b3a15e4 100644
654
-
--- a/src/slave/containerizer/mesos/isolators/volume/image.cpp
655
-
+++ b/src/slave/containerizer/mesos/isolators/volume/image.cpp
656
-
@@ -214,7 +214,7 @@ Future<Option<ContainerLaunchInfo>> VolumeImageIsolatorProcess::_prepare(
634
+
diff --git i/src/slave/containerizer/mesos/isolators/volume/image.cpp w/src/slave/containerizer/mesos/isolators/volume/image.cpp
635
+
index 35966aa..b62fc86 100644
636
+
--- i/src/slave/containerizer/mesos/isolators/volume/image.cpp
637
+
+++ w/src/slave/containerizer/mesos/isolators/volume/image.cpp
638
+
@@ -231,7 +231,7 @@ Future<Option<ContainerLaunchInfo>> VolumeImageIsolatorProcess::_prepare(
CommandInfo* command = launchInfo.add_pre_exec_commands();
command->set_shell(false);
···
command->add_arguments("mount");
command->add_arguments("-n");
command->add_arguments("--rbind");
665
-
diff --git a/src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp b/src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp
666
-
index 7b976d292..474dcd486 100644
667
-
--- a/src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp
668
-
+++ b/src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp
669
-
@@ -240,7 +240,7 @@ Future<Option<ContainerLaunchInfo>> VolumeSandboxPathIsolatorProcess::prepare(
647
+
diff --git i/src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp w/src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp
648
+
index b321b86..8ed3e78 100644
649
+
--- i/src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp
650
+
+++ w/src/slave/containerizer/mesos/isolators/volume/sandbox_path.cpp
651
+
@@ -265,7 +265,7 @@ Future<Option<ContainerLaunchInfo>> VolumeSandboxPathIsolatorProcess::prepare(
CommandInfo* command = launchInfo.add_pre_exec_commands();
command->set_shell(false);
···
command->add_arguments("mount");
command->add_arguments("-n");
command->add_arguments("--rbind");
678
-
diff --git a/src/slave/containerizer/mesos/provisioner/backends/copy.cpp b/src/slave/containerizer/mesos/provisioner/backends/copy.cpp
679
-
index 9c5354e5f..a73a9692e 100644
680
-
--- a/src/slave/containerizer/mesos/provisioner/backends/copy.cpp
681
-
+++ b/src/slave/containerizer/mesos/provisioner/backends/copy.cpp
682
-
@@ -147,7 +147,7 @@ Future<Nothing> CopyBackendProcess::_provision(
660
+
diff --git i/src/slave/containerizer/mesos/provisioner/backends/copy.cpp w/src/slave/containerizer/mesos/provisioner/backends/copy.cpp
661
+
index 69faa03..01a3ed6 100644
662
+
--- i/src/slave/containerizer/mesos/provisioner/backends/copy.cpp
663
+
+++ w/src/slave/containerizer/mesos/provisioner/backends/copy.cpp
664
+
@@ -266,7 +266,7 @@ Future<Nothing> CopyBackendProcess::_provision(
#endif // __APPLE__ || __FreeBSD__
Try<Subprocess> s = subprocess(
689
-
Subprocess::PATH("/dev/null"),
690
-
Subprocess::PATH("/dev/null"),
691
-
@@ -180,7 +180,7 @@ Future<bool> CopyBackendProcess::destroy(const string& rootfs)
671
+
Subprocess::PATH(os::DEV_NULL),
672
+
Subprocess::PATH(os::DEV_NULL),
673
+
@@ -313,7 +313,7 @@ Future<bool> CopyBackendProcess::destroy(const string& rootfs)
vector<string> argv{"rm", "-rf", rootfs};
Try<Subprocess> s = subprocess(
698
-
Subprocess::PATH("/dev/null"),
680
+
Subprocess::PATH(os::DEV_NULL),
Subprocess::FD(STDOUT_FILENO),
700
-
diff --git a/src/uri/fetchers/copy.cpp b/src/uri/fetchers/copy.cpp
701
-
index 2cfef5ab0..8a62f7699 100644
702
-
--- a/src/uri/fetchers/copy.cpp
703
-
+++ b/src/uri/fetchers/copy.cpp
704
-
@@ -97,7 +97,7 @@ Future<Nothing> CopyFetcherPlugin::fetch(
705
-
const vector<string> argv = {"cp", "-a", uri.path(), directory};
682
+
diff --git i/src/uri/fetchers/copy.cpp w/src/uri/fetchers/copy.cpp
683
+
index 17f69be..831b08a 100644
684
+
--- i/src/uri/fetchers/copy.cpp
685
+
+++ w/src/uri/fetchers/copy.cpp
686
+
@@ -97,8 +97,8 @@ Future<Nothing> CopyFetcherPlugin::fetch(
687
+
VLOG(1) << "Copying '" << uri.path() << "' to '" << directory << "'";
707
-
Try<Subprocess> s = subprocess(
711
-
Subprocess::PATH("/dev/null"),
712
-
Subprocess::PIPE(),
713
-
diff --git a/src/uri/fetchers/curl.cpp b/src/uri/fetchers/curl.cpp
714
-
index 7b746d619..12bbb04df 100644
715
-
--- a/src/uri/fetchers/curl.cpp
716
-
+++ b/src/uri/fetchers/curl.cpp
717
-
@@ -107,7 +107,7 @@ Future<Nothing> CurlFetcherPlugin::fetch(
689
+
#ifndef __WINDOWS__
690
+
- const char* copyCommand = "cp";
691
+
- const vector<string> argv = {"cp", "-a", uri.path(), directory};
692
+
+ const char* copyCommand = "@cp@";
693
+
+ const vector<string> argv = {"@cp@", "-a", uri.path(), directory};
694
+
#else // __WINDOWS__
695
+
const char* copyCommand = os::Shell::name;
696
+
const vector<string> argv =
697
+
diff --git i/src/uri/fetchers/curl.cpp w/src/uri/fetchers/curl.cpp
698
+
index f34daf2..6a50341 100644
699
+
--- i/src/uri/fetchers/curl.cpp
700
+
+++ w/src/uri/fetchers/curl.cpp
701
+
@@ -109,7 +109,7 @@ Future<Nothing> CurlFetcherPlugin::fetch(
Try<Subprocess> s = subprocess(
724
-
Subprocess::PATH("/dev/null"),
708
+
Subprocess::PATH(os::DEV_NULL),
726
-
diff --git a/src/uri/fetchers/docker.cpp b/src/uri/fetchers/docker.cpp
727
-
index 3f38dddfb..fd991ee74 100644
728
-
--- a/src/uri/fetchers/docker.cpp
729
-
+++ b/src/uri/fetchers/docker.cpp
710
+
diff --git i/src/uri/fetchers/docker.cpp w/src/uri/fetchers/docker.cpp
711
+
index 91db13b..82a7fc4 100644
712
+
--- i/src/uri/fetchers/docker.cpp
713
+
+++ w/src/uri/fetchers/docker.cpp
@@ -114,7 +114,7 @@ static Future<http::Response> curl(
// TODO(jieyu): Kill the process if discard is called.
···
737
-
Subprocess::PATH("/dev/null"),
721
+
Subprocess::PATH(os::DEV_NULL),
739
-
@@ -213,7 +213,7 @@ static Future<int> download(
723
+
@@ -229,7 +229,7 @@ static Future<int> download(
// TODO(jieyu): Kill the process if discard is called.
Try<Subprocess> s = subprocess(
746
-
Subprocess::PATH("/dev/null"),
730
+
Subprocess::PATH(os::DEV_NULL),
pyrox.dev