6 files changed, 164 insertions, 28 deletions

diff --git a/pkg/sentry/control/BUILD b/pkg/sentry/control/BUILD
index 5052bcc0d..bf802d1b6 100644
--- a/pkg/sentry/control/BUILD
+++ b/pkg/sentry/control/BUILD
@@ -6,11 +6,12 @@ go_library(
     name = "control",
     srcs = [
         "control.go",
+        "logging.go",
         "pprof.go",
         "proc.go",
         "state.go",
     ],
-    importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/control",
+    importpath = "gvisor.dev/gvisor/pkg/sentry/control",
     visibility = [
         "//pkg/sentry:internal",
     ],
@@ -22,12 +23,13 @@ go_library(
         "//pkg/sentry/fs/host",
         "//pkg/sentry/kernel",
         "//pkg/sentry/kernel/auth",
-        "//pkg/sentry/kernel/kdefs",
         "//pkg/sentry/kernel/time",
         "//pkg/sentry/limits",
         "//pkg/sentry/state",
+        "//pkg/sentry/strace",
         "//pkg/sentry/usage",
         "//pkg/sentry/watchdog",
+        "//pkg/tcpip/link/sniffer",
         "//pkg/urpc",
     ],
 )
diff --git a/pkg/sentry/control/logging.go b/pkg/sentry/control/logging.go
new file mode 100644
index 000000000..811f24324
--- /dev/null
+++ b/pkg/sentry/control/logging.go
@@ -0,0 +1,136 @@
+// Copyright 2019 The gVisor Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package control
+
+import (
+	"fmt"
+	"sync/atomic"
+
+	"gvisor.dev/gvisor/pkg/log"
+	"gvisor.dev/gvisor/pkg/sentry/strace"
+	"gvisor.dev/gvisor/pkg/tcpip/link/sniffer"
+)
+
+// LoggingArgs are the arguments to use for changing the logging
+// level and strace list.
+type LoggingArgs struct {
+	// SetLevel is a flag used to indicate that we should update
+	// the logging level. We should be able to change the strace
+	// list without affecting the logging level and vice versa.
+	SetLevel bool
+
+	// Level is the log level that will be set if SetLevel is true.
+	Level log.Level
+
+	// SetLogPackets indicates that we should update the log packets flag.
+	SetLogPackets bool
+
+	// LogPackets is the actual value to set for LogPackets.
+	// SetLogPackets must be enabled to indicate that we're changing
+	// the value.
+	LogPackets bool
+
+	// SetStrace is a flag used to indicate that strace related
+	// arguments were passed in.
+	SetStrace bool
+
+	// EnableStrace is a flag from the CLI that specifies whether to
+	// enable strace at all. If this flag is false then a completely
+	// pristine copy of the syscall table will be swapped in. This
+	// approach is used to remain consistent with an empty strace
+	// whitelist meaning trace all system calls.
+	EnableStrace bool
+
+	// Strace is the whitelist of syscalls to trace to log. If this
+	// and StraceEventWhitelist are empty trace all system calls.
+	StraceWhitelist []string
+
+	// SetEventStrace is a flag used to indicate that event strace
+	// related arguments were passed in.
+	SetEventStrace bool
+
+	// StraceEventWhitelist is the whitelist of syscalls to trace
+	// to event log.
+	StraceEventWhitelist []string
+}
+
+// Logging provides functions related to logging.
+type Logging struct{}
+
+// Change will change the log level and strace arguments. Although
+// this functions signature requires an error it never acctually
+// return san error. It's required by the URPC interface.
+// Additionally, it may look odd that this is the only method
+// attached to an empty struct but this is also part of how
+// URPC dispatches.
+func (l *Logging) Change(args *LoggingArgs, code *int) error {
+	if args.SetLevel {
+		// Logging uses an atomic for the level so this is thread safe.
+		log.SetLevel(args.Level)
+	}
+
+	if args.SetLogPackets {
+		if args.LogPackets {
+			atomic.StoreUint32(&sniffer.LogPackets, 1)
+		} else {
+			atomic.StoreUint32(&sniffer.LogPackets, 0)
+		}
+		log.Infof("LogPackets set to: %v", atomic.LoadUint32(&sniffer.LogPackets))
+	}
+
+	if args.SetStrace {
+		if err := l.configureStrace(args); err != nil {
+			return fmt.Errorf("error configuring strace: %v", err)
+		}
+	}
+
+	if args.SetEventStrace {
+		if err := l.configureEventStrace(args); err != nil {
+			return fmt.Errorf("error configuring event strace: %v", err)
+		}
+	}
+
+	return nil
+}
+
+func (l *Logging) configureStrace(args *LoggingArgs) error {
+	if args.EnableStrace {
+		// Install the whitelist specified.
+		if len(args.StraceWhitelist) > 0 {
+			if err := strace.Enable(args.StraceWhitelist, strace.SinkTypeLog); err != nil {
+				return err
+			}
+		} else {
+			// For convenience, if strace is enabled but whitelist
+			// is empty, enable everything to log.
+			strace.EnableAll(strace.SinkTypeLog)
+		}
+	} else {
+		// Uninstall all strace functions.
+		strace.Disable(strace.SinkTypeLog)
+	}
+	return nil
+}
+
+func (l *Logging) configureEventStrace(args *LoggingArgs) error {
+	if len(args.StraceEventWhitelist) > 0 {
+		if err := strace.Enable(args.StraceEventWhitelist, strace.SinkTypeEvent); err != nil {
+			return err
+		}
+	} else {
+		strace.Disable(strace.SinkTypeEvent)
+	}
+	return nil
+}
diff --git a/pkg/sentry/control/pprof.go b/pkg/sentry/control/pprof.go
index d63916600..1f78d54a2 100644
--- a/pkg/sentry/control/pprof.go
+++ b/pkg/sentry/control/pprof.go
@@ -21,8 +21,8 @@ import (
 	"runtime/trace"
 	"sync"
 
-	"gvisor.googlesource.com/gvisor/pkg/fd"
-	"gvisor.googlesource.com/gvisor/pkg/urpc"
+	"gvisor.dev/gvisor/pkg/fd"
+	"gvisor.dev/gvisor/pkg/urpc"
 )
 
 var errNoOutput = errors.New("no output writer provided")
diff --git a/pkg/sentry/control/proc.go b/pkg/sentry/control/proc.go
index f7f02a3e1..6ae60c5cb 100644
--- a/pkg/sentry/control/proc.go
+++ b/pkg/sentry/control/proc.go
@@ -23,16 +23,15 @@ import (
 	"text/tabwriter"
 	"time"
 
-	"gvisor.googlesource.com/gvisor/pkg/abi/linux"
-	"gvisor.googlesource.com/gvisor/pkg/sentry/fs"
-	"gvisor.googlesource.com/gvisor/pkg/sentry/fs/host"
-	"gvisor.googlesource.com/gvisor/pkg/sentry/kernel"
-	"gvisor.googlesource.com/gvisor/pkg/sentry/kernel/auth"
-	"gvisor.googlesource.com/gvisor/pkg/sentry/kernel/kdefs"
-	ktime "gvisor.googlesource.com/gvisor/pkg/sentry/kernel/time"
-	"gvisor.googlesource.com/gvisor/pkg/sentry/limits"
-	"gvisor.googlesource.com/gvisor/pkg/sentry/usage"
-	"gvisor.googlesource.com/gvisor/pkg/urpc"
+	"gvisor.dev/gvisor/pkg/abi/linux"
+	"gvisor.dev/gvisor/pkg/sentry/fs"
+	"gvisor.dev/gvisor/pkg/sentry/fs/host"
+	"gvisor.dev/gvisor/pkg/sentry/kernel"
+	"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
+	ktime "gvisor.dev/gvisor/pkg/sentry/kernel/time"
+	"gvisor.dev/gvisor/pkg/sentry/limits"
+	"gvisor.dev/gvisor/pkg/sentry/usage"
+	"gvisor.dev/gvisor/pkg/urpc"
 )
 
 // Proc includes task-related functions.
@@ -123,9 +122,8 @@ func ExecAsync(proc *Proc, args *ExecArgs) (*kernel.ThreadGroup, kernel.ThreadID
 // TTYFileOperations that wraps the TTY is also returned.
 func (proc *Proc) execAsync(args *ExecArgs) (*kernel.ThreadGroup, kernel.ThreadID, *host.TTYFileOperations, error) {
 	// Import file descriptors.
-	l := limits.NewLimitSet()
-	fdm := proc.Kernel.NewFDMap()
-	defer fdm.DecRef()
+	fdTable := proc.Kernel.NewFDTable()
+	defer fdTable.DecRef()
 
 	// No matter what happens, we should close all files in the FilePayload
 	// before returning. Any files that are imported will be duped.
@@ -149,9 +147,9 @@ func (proc *Proc) execAsync(args *ExecArgs) (*kernel.ThreadGroup, kernel.ThreadI
 		WorkingDirectory:        args.WorkingDirectory,
 		Root:                    args.Root,
 		Credentials:             creds,
-		FDMap:                   fdm,
+		FDTable:                 fdTable,
 		Umask:                   0022,
-		Limits:                  l,
+		Limits:                  limits.NewLimitSet(),
 		MaxSymlinkTraversals:    linux.MaxSymlinkTraversals,
 		UTSNamespace:            proc.Kernel.RootUTSNamespace(),
 		IPCNamespace:            proc.Kernel.RootIPCNamespace(),
@@ -212,7 +210,7 @@ func (proc *Proc) execAsync(args *ExecArgs) (*kernel.ThreadGroup, kernel.ThreadI
 		}
 
 		// Add the file to the FD map.
-		if err := fdm.NewFDAt(kdefs.FD(appFD), appFile, kernel.FDFlags{}, l); err != nil {
+		if err := fdTable.NewFDAt(ctx, int32(appFD), appFile, kernel.FDFlags{}); err != nil {
 			return nil, 0, nil, err
 		}
 	}
diff --git a/pkg/sentry/control/proc_test.go b/pkg/sentry/control/proc_test.go
index b7895d03c..d8ada2694 100644
--- a/pkg/sentry/control/proc_test.go
+++ b/pkg/sentry/control/proc_test.go
@@ -17,9 +17,9 @@ package control
 import (
 	"testing"
 
-	"gvisor.googlesource.com/gvisor/pkg/log"
-	ktime "gvisor.googlesource.com/gvisor/pkg/sentry/kernel/time"
-	"gvisor.googlesource.com/gvisor/pkg/sentry/usage"
+	"gvisor.dev/gvisor/pkg/log"
+	ktime "gvisor.dev/gvisor/pkg/sentry/kernel/time"
+	"gvisor.dev/gvisor/pkg/sentry/usage"
 )
 
 func init() {
diff --git a/pkg/sentry/control/state.go b/pkg/sentry/control/state.go
index 11efcaba1..41feeffe3 100644
--- a/pkg/sentry/control/state.go
+++ b/pkg/sentry/control/state.go
@@ -17,11 +17,11 @@ package control
 import (
 	"errors"
 
-	"gvisor.googlesource.com/gvisor/pkg/log"
-	"gvisor.googlesource.com/gvisor/pkg/sentry/kernel"
-	"gvisor.googlesource.com/gvisor/pkg/sentry/state"
-	"gvisor.googlesource.com/gvisor/pkg/sentry/watchdog"
-	"gvisor.googlesource.com/gvisor/pkg/urpc"
+	"gvisor.dev/gvisor/pkg/log"
+	"gvisor.dev/gvisor/pkg/sentry/kernel"
+	"gvisor.dev/gvisor/pkg/sentry/state"
+	"gvisor.dev/gvisor/pkg/sentry/watchdog"
+	"gvisor.dev/gvisor/pkg/urpc"
 )
 
 // ErrInvalidFiles is returned when the urpc call to Save does not include an