| Age | Commit message (Collapse) | Author |
|---|
|
|
|
PiperOrigin-RevId: 274011064
|
|
|
|
PiperOrigin-RevId: 273861936
|
|
|
|
PiperOrigin-RevId: 273781641
|
|
|
|
PiperOrigin-RevId: 273781112
|
|
PiperOrigin-RevId: 273668431
|
|
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
Change-Id: I1646aaa6f07b5ec31c39c318b70f48693fe59a7c
|
|
|
|
PiperOrigin-RevId: 273630282
|
|
|
|
Options that do not change mount behavior inside the Sentry are
irrelevant and should not be used when looking for possible
incompatibilities between master and slave mounts.
PiperOrigin-RevId: 273593486
|
|
|
|
PiperOrigin-RevId: 273586605
|
|
|
|
Also change the default TTL to 64 to match Linux.
PiperOrigin-RevId: 273430341
|
|
|
|
PiperOrigin-RevId: 273421634
|
|
|
|
Adds two tests. One to make sure that $HOME is set when starting a container
via 'docker run' and one to make sure that $HOME is set for each container in a
multi-container sandbox.
Issue #701
PiperOrigin-RevId: 273395763
|
|
|
|
PiperOrigin-RevId: 273365058
|
|
|
|
PiperOrigin-RevId: 273364848
|
|
|
|
Adds minimal security policy info to SECURITY.md. This allows Github to
advertise the security policy doc for the repo.
See: https://github.blog/changelog/2019-05-23-security-policy/
See: https://help.github.com/en/articles/adding-a-security-policy-to-your-repository
PiperOrigin-RevId: 273214306
|
|
|
|
PiperOrigin-RevId: 272987037
|
|
|
|
Also ensure that all flipcall transport errors not returned by p9 (converted to
EIO by the client, or dropped on the floor by channel server goroutines) are
logged.
PiperOrigin-RevId: 272963663
|
|
|
|
In Linux (include/linux/types.h), mode_t is an unsigned short.
PiperOrigin-RevId: 272956350
|
|
|
|
The behavior for sending and receiving local broadcast (255.255.255.255)
traffic is as follows:
Outgoing
--------
* A broadcast packet sent on a socket that is bound to an interface goes out
that interface
* A broadcast packet sent on an unbound socket follows the route table to
select the outgoing interface
+ if an explicit route entry exists for 255.255.255.255/32, use that one
+ else use the default route
* Broadcast packets are looped back and delivered following the rules for
incoming packets (see next). This is the same behavior as for multicast
packets, except that it cannot be disabled via sockopt.
Incoming
--------
* Sockets wishing to receive broadcast packets must bind to either INADDR_ANY
(0.0.0.0) or INADDR_BROADCAST (255.255.255.255). No other socket receives
broadcast packets.
* Broadcast packets are multiplexed to all sockets matching it. This is the
same behavior as for multicast packets.
* A socket can bind to 255.255.255.255:<port> and then receive its own
broadcast packets sent to 255.255.255.255:<port>
In addition, this change implicitly fixes an issue with multicast reception. If
two sockets want to receive a given multicast stream and one is bound to ANY
while the other is bound to the multicast address, only one of them will
receive the traffic.
PiperOrigin-RevId: 272792377
|
|
|
|
PiperOrigin-RevId: 272760964
|
|
|
|
The input file descriptor is always a regular file, so sendfile can't lose any
data if it will not be able to write them to the output file descriptor.
Reported-by: syzbot+22d22330a35fa1c02155@syzkaller.appspotmail.com
PiperOrigin-RevId: 272730357
|
|
|
|
https://github.com/google/gvisor/commit/dd69b49ed1103bab82a6b2ac95221b89b46f3376
makes this test take longer.
PiperOrigin-RevId: 272535892
|
|
|
|
PiperOrigin-RevId: 272522508
|
|
|
|
Spoiler alert: it doesn't.
PiperOrigin-RevId: 272513529
|
|
|
|
Right now, we can find more than one process with the 1 PID in /proc.
$ for i in `seq 10`; do
> unshare -fp sleep 1000 &
> done
$ ls /proc
1 1 1 1 12 18 24 29 6 loadavg net sys version
1 1 1 1 16 20 26 32 cpuinfo meminfo self thread-self
1 1 1 1 17 21 28 36 filesystems mounts stat uptime
PiperOrigin-RevId: 272506593
|
|
|
|
|
