Age | Commit message (Collapse) | Author |
|
- commit the changes for the comments.
|
|
Add nat table support for Prerouting hook with Redirect option.
Add tests to check redirect of ports.
|
|
PiperOrigin-RevId: 295770717
|
|
Adds flag to :benchmarks to allow running without
building "baked images", which depends on gcloud.
Users can skip gcloud workflows using the following:
blaze run --define gcloud=off :benchmarks -- my-command-without-gcloud
"run-gcp" will not work with the flag set, but all other commands will.
PiperOrigin-RevId: 295627718
|
|
This lets go-marshal replace various calls to binary.Size() throughout
the sentry without requiring concrete objects.
PiperOrigin-RevId: 295299965
|
|
PiperOrigin-RevId: 295269654
|
|
glibc defines struct epoll_event in such a way that epoll_event.data.fd exists.
However, the kernel's definition of struct epoll_event makes epoll_event.data
an opaque uint64, so naming half of it "fd" just introduces confusion. Remove
the Fd field, and make Data a [2]int32 to compensate.
Also add required padding to linux.EpollEvent on ARM64.
PiperOrigin-RevId: 295250424
|
|
This is to fix a data race between sending an external signal to
a ThreadGroup and kernel saving state for S/R.
PiperOrigin-RevId: 295244281
|
|
Note that this is not an automated test.
PiperOrigin-RevId: 295238672
|
|
This is easier than storing errors from e.g. CopyOut in the callback.
PiperOrigin-RevId: 295230021
|
|
PiperOrigin-RevId: 295226468
|
|
This saves one pointer dereference per VFS access.
Updates #1623
PiperOrigin-RevId: 295216176
|
|
These are not used outside of the p9 package.
PiperOrigin-RevId: 295200052
|
|
This requires fixing a few build issues for non-am64 platforms.
PiperOrigin-RevId: 295196922
|
|
- Added fsbridge package with interface that can be used to open
and read from VFS1 and VFS2 files.
- Converted ELF loader to use fsbridge
- Added VFS2 types to FSContext
- Added vfs.MountNamespace to ThreadGroup
Updates #1623
PiperOrigin-RevId: 295183950
|
|
- Add missing build tags to files in the abi package.
- Add the marshal package as a sentry dependency, allowed by deps_test.
- Fix an issue with our top-level go_library BUILD rule, which
incorrectly shadows the variable containing the input set of source
files. This caused the expansion for the go_marshal clause to
silently omit input files.
- Fix formatting when copying build tags to gomarshal-generated files.
- Fix a bug with import statement collision detection in go-marshal.
PiperOrigin-RevId: 295112284
|
|
This allow callers to say whether the file is being
opened to be executed, so that the proper checks can
be done from FilesystemImpl.OpenAt()
Updates #1623
PiperOrigin-RevId: 295042595
|
|
Add new Marshallable interface methods CopyIn/CopyOut, which can be directly
called on the marshalled object, avoiding an interface indirection. Such
indirections are problematic because they always cause the marshalled object to
escape.
PiperOrigin-RevId: 295028010
|
|
PiperOrigin-RevId: 294957297
|
|
PiperOrigin-RevId: 294952610
|
|
PiperOrigin-RevId: 294930818
|
|
* Allow scripts/common.sh to be sourced from outside the scripts/ directory
* Fix passing empty args to Bazel, which causes the tool to exit with a failure
even if the command succeeds.
PiperOrigin-RevId: 294785456
|
|
- Adds creation of user chains via `-N <chainname>`
- Adds `-j RETURN` support for built-in chains, which triggers the
chain's underflow rule (usually the default policy).
- Adds tests for chain creation, default policies, and `-j RETURN' from
built-in chains.
|
|
So that they can be included by Fuchsia's syscall tests
PiperOrigin-RevId: 294654890
|
|
PiperOrigin-RevId: 294582802
|
|
Fixes #1812. (The more direct cause of the deadlock is panic unsafety because
the historically high cost of defer means that we avoid it in hot paths,
including much of MM; defer is much cheaper as of Go 1.14, but still a
measurable overhead.)
PiperOrigin-RevId: 294560316
|
|
In particular, explain how to push updates to the images.
PiperOrigin-RevId: 294508879
|
|
PiperOrigin-RevId: 294500858
|
|
This is to avoid conflicts with types that share the same
[short] package and type names, e.g. proc.smapsData exist
in pkg/sentry/fs/proc and pkg/sentry/fsimpl/proc.
Updates #1663
PiperOrigin-RevId: 294485146
|
|
The slaveInodeOperations is currently copying the object when
truncate is called (which is a no-op). This may result in a
(unconsequential) data race when being modified concurrently.
PiperOrigin-RevId: 294484276
|
|
PiperOrigin-RevId: 294477647
|
|
PiperOrigin-RevId: 294340468
|
|
PiperOrigin-RevId: 294339229
|
|
The name 'bazel' also doesn't work because bazel will treat it specially.
Fixes #1807
PiperOrigin-RevId: 294321221
|
|
Put most of the logic for getxattr in one place for clarity. This simplifies
FGetXattr and getXattrFromPath, which are just wrappers for getXattr.
PiperOrigin-RevId: 294308332
|
|
PiperOrigin-RevId: 294300437
|
|
PiperOrigin-RevId: 294300040
|
|
PiperOrigin-RevId: 294297004
|
|
PiperOrigin-RevId: 294295852
|
|
PiperOrigin-RevId: 294289066
|
|
PiperOrigin-RevId: 294286242
|
|
PiperOrigin-RevId: 294285723
|
|
PiperOrigin-RevId: 294273559
|
|
PiperOrigin-RevId: 294272755
|
|
PiperOrigin-RevId: 294271541
|
|
PiperOrigin-RevId: 294265019
|
|
The readme didn't mention that users need to:
- `bazel build` when working on iptables tests
- enable raw sockets in /etc/docker/daemon.json.
PiperOrigin-RevId: 294260169
|
|
PiperOrigin-RevId: 294257911
|
|
PiperOrigin-RevId: 294253155
|
|
PiperOrigin-RevId: 294250370
|