summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2019-10-01Merge release-20190806.1-215-g29a1ba5 (automated)gVisor bot
2019-09-30splice: compare inode numbers only if both ends are pipesAndrei Vagin
It isn't allowed to splice data from and into the same pipe. But right now this check is broken, because we don't check that both ends are pipes. PiperOrigin-RevId: 272107022
2019-10-01Merge release-20190806.1-214-g20841b9 (automated)gVisor bot
2019-09-30Update FIXME bug with GitHub issue.Adin Scannell
PiperOrigin-RevId: 272101930
2019-09-30Merge release-20190806.1-213-gbcbb3ef (automated)gVisor bot
2019-09-30Add a Stringer implementation to PacketDispatchModeBhasker Hariharan
PiperOrigin-RevId: 272083936
2019-09-30Merge release-20190806.1-212-gc06cca6 (automated)gVisor bot
2019-09-30De-flake SetForegroundProcessGroupDifferentSession.Kevin Krakauer
PiperOrigin-RevId: 272059043
2019-09-30Merge release-20190806.1-211-g61f6fbd (automated)gVisor bot
2019-09-30Fix bugs in PickEphemeralPort for TCP.Bhasker Hariharan
Netstack always picks a random start point everytime PickEphemeralPort is called. While this is required for UDP so that DNS requests go out through a randomized set of ports it is not required for TCP. Infact Linux explicitly hashes the (srcip, dstip, dstport) and a one time secret initialized at start of the application to get a random offset. But to ensure it doesn't start from the same point on every scan it uses a static hint that is incremented by 2 in every call to pick ephemeral ports. The reason for 2 is Linux seems to split the port ranges where active connects seem to use even ones while odd ones are used by listening sockets. This CL implements a similar strategy where we use a hash + hint to generate the offset to start the search for a free Ephemeral port. This ensures that we cycle through the available port space in order for repeated connects to the same destination and significantly reduces the chance of picking a recently released port. PiperOrigin-RevId: 272058370
2019-09-30Merge release-20190806.1-210-g3ad17ff (automated)gVisor bot
2019-09-30Force timestamps to update when set via InodeOperations.SetTimestamps.Nicolas Lacasse
The gofer's CachingInodeOperations implementation contains an optimization for the common open-read-close pattern when we have a host FD. In this case, the host kernel will update the timestamp for us to a reasonably close time, so we don't need an extra RPC to the gofer. However, when the app explicitly sets the timestamps (via futimes or similar) then we actually DO need to update the timestamps, because the host kernel won't do it for us. To fix this, a new boolean `forceSetTimestamps` was added to CachineInodeOperations.SetMaskedAttributes. It is only set by gofer.InodeOperations.SetTimestamps. PiperOrigin-RevId: 272048146
2019-09-30Only copy out remaining time on nanosleep successMichael Pratt
It looks like the old code attempted to do this, but didn't realize that err != nil even in the happy case. PiperOrigin-RevId: 272005887
2019-09-30Merge release-20190806.1-208-g0c4d080 (automated)gVisor bot
2019-09-29Ensure runsc is uploaded.Adin Scannell
One would reasonably assume that a field named "regex" would expect a regular expression. However, in this case, one would be wrong. The "regex" field actually requires "FileSet" [1] syntax. ?\_(?)_/? [1] http://ant.apache.org/manual/Types/fileset.html PiperOrigin-RevId: 271917356
2019-09-28Merge release-20190806.1-207-geebc38b (automated)gVisor bot
2019-09-27Merge pull request #882 from DarcySail:darcy_faster_CopyStringIngVisor bot
PiperOrigin-RevId: 271675009
2019-09-27Merge release-20190806.1-205-gc8bb208 (automated)gVisor bot
2019-09-27Automated rollback of changelist 256276198Adin Scannell
PiperOrigin-RevId: 271665517
2019-09-27Merge release-20190806.1-204-g6a54aa1 (automated)gVisor bot
2019-09-27Bump rules_go to 0.19.5 and Go to 1.13.1.Nicolas Lacasse
PiperOrigin-RevId: 271664207
2019-09-27Merge release-20190806.1-203-g8539abc (automated)gVisor bot
2019-09-27Merge pull request #864 from tanjianfeng:fix-861gVisor bot
PiperOrigin-RevId: 271649711
2019-09-27Merge release-20190806.1-201-gabbee56 (automated)gVisor bot
2019-09-27Implement SO_BINDTODEVICE sockoptgVisor bot
PiperOrigin-RevId: 271644926
2019-09-27Merge release-20190806.1-200-g7582385 (automated)gVisor bot
2019-09-27kokoro: don't pass KOKORO_REPO_KEY in presubmit jobsAndrei Vagin
We don't want to upload packages from the presubmit jobs. This will fix the error: [11:01:34][ERROR] Cannot inject environment variables into the build without allowed_env_vars regexes. PiperOrigin-RevId: 271622996
2019-09-27Merge release-20190806.1-199-gfa15fda (automated)gVisor bot
2019-09-27bazel: use rules_pkg from https://github.com/bazelbuild/Andrei Vagin
BUILD:85:1: in _pkg_deb rule //runsc:runsc-debian: target '//runsc:runsc-debian' depends on deprecated target '@bazel_tools//tools/build_defs/pkg:make_deb': The internal version of make_deb is deprecated. Please use the replacement for pkg_deb from https://github.com/bazelbuild/rules_pkg/blob/master/pkg. PiperOrigin-RevId: 271590386
2019-09-27Merge release-20190806.1-198-g8337e4f (automated)gVisor bot
2019-09-26Disallow opening of sockets if --fsgofer-host-uds=falseFabricio Voznika
Updates #235 PiperOrigin-RevId: 271475319
2019-09-26Merge release-20190806.1-197-g5434926 (automated)gVisor bot
2019-09-26Make raw socket tests pass in environments with or without CAP_NET_RAW.Kevin Krakauer
PiperOrigin-RevId: 271442321
2019-09-26Merge release-20190806.1-196-g3221e83 (automated)gVisor bot
2019-09-26kokoro: don't force to use python2Andrei Vagin
https://github.com/bazelbuild/bazel/issues/7899 was fixed and we don't need this hack anymore. PiperOrigin-RevId: 271434565
2019-09-25Merge release-20190806.1-195-gdd0e5ee (automated)gVisor bot
2019-09-25Merge pull request #765 from trailofbits:uds_supportgVisor bot
PiperOrigin-RevId: 271235134
2019-09-25Merge release-20190806.1-184-g129c67d (automated)gVisor bot
2019-09-25Fix runsc log collection in kokoroFabricio Voznika
PiperOrigin-RevId: 271207152
2019-09-25Merge release-20190806.1-183-g59ccbb1 (automated)gVisor bot
2019-09-25Remove centralized registration of protocols.Kevin Krakauer
Also removes the need for protocol names. PiperOrigin-RevId: 271186030
2019-09-25Merge release-20190806.1-182-g99c86b8 (automated)gVisor bot
2019-09-25Merge pull request #863 from tanjianfeng:fix-862gVisor bot
PiperOrigin-RevId: 271168948
2019-09-25Merge release-20190806.1-180-g76ff194 (automated)gVisor bot
2019-09-24gvisor: change syscall.RawSyscall to syscall.RawSyscall6 where requiredgVisor bot
Before https://golang.org/cl/173160 syscall.RawSyscall would zero out the last three register arguments to the system call. That no longer happens. For system calls that take more than three arguments, use RawSyscall6 to ensure that we pass zero, not random data, for the additional arguments. PiperOrigin-RevId: 271062527
2019-09-25Merge release-20190806.1-179-g2fb34c8 (automated)gVisor bot
2019-09-24test: don't use designated initializersAndrei Vagin
This change fixes compile errors: pty.cc:1460:7: error: expected primary-expression before '.' token ... PiperOrigin-RevId: 271033729
2019-09-24Remove unecessary seccomp permission.Robert Tonic
This removes the F_DUPFD_CLOEXEC support for the gofer, previously required when depending on the STL net package.
2019-09-24Refactor command line options and remove the allowed terminology for udsRobert Tonic
2019-09-24Merge release-20190806.1-178-g502f8f2 (automated)gVisor bot