summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2020-02-25Add nat table support for iptables.Nayana Bidari
- commit the changes for the comments.
2020-02-18Add nat table support for iptables.Nayana Bidari
Add nat table support for Prerouting hook with Redirect option. Add tests to check redirect of ports.
2020-02-18ring0/pagetables: fix typogVisor bot
PiperOrigin-RevId: 295770717
2020-02-17Add flag to run without building baked images.gVisor bot
Adds flag to :benchmarks to allow running without building "baked images", which depends on gcloud. Users can skip gcloud workflows using the following: blaze run --define gcloud=off :benchmarks -- my-command-without-gcloud "run-gcp" will not work with the flag set, but all other commands will. PiperOrigin-RevId: 295627718
2020-02-15Ensure Marshallable.SizeBytes() always works on a typed nil pointer.gVisor bot
This lets go-marshal replace various calls to binary.Size() throughout the sentry without requiring concrete objects. PiperOrigin-RevId: 295299965
2020-02-14Generate implementation of io.WriterTo via go-marshal.gVisor bot
PiperOrigin-RevId: 295269654
2020-02-14Remove linux.EpollEvent.Fd.gVisor bot
glibc defines struct epoll_event in such a way that epoll_event.data.fd exists. However, the kernel's definition of struct epoll_event makes epoll_event.data an opaque uint64, so naming half of it "fd" just introduces confusion. Remove the Fd field, and make Data a [2]int32 to compensate. Also add required padding to linux.EpollEvent on ARM64. PiperOrigin-RevId: 295250424
2020-02-14Synchronize signalling with S/RgVisor bot
This is to fix a data race between sending an external signal to a ThreadGroup and kernel saving state for S/R. PiperOrigin-RevId: 295244281
2020-02-14Add a minimal binary target for escape analysis on go-marshal.gVisor bot
Note that this is not an automated test. PiperOrigin-RevId: 295238672
2020-02-14Allow vfs.IterDirentsCallback.Handle() to return an error.gVisor bot
This is easier than storing errors from e.g. CopyOut in the callback. PiperOrigin-RevId: 295230021
2020-02-14Enable automated marshalling for RSeqCriticalSection.gVisor bot
PiperOrigin-RevId: 295226468
2020-02-14Inline vfs.VirtualFilesystem in Kernel structgVisor bot
This saves one pointer dereference per VFS access. Updates #1623 PiperOrigin-RevId: 295216176
2020-02-14Un-export p9 message encode/decode functions.gVisor bot
These are not used outside of the p9 package. PiperOrigin-RevId: 295200052
2020-02-14Enable automated marshalling for struct stat.gVisor bot
This requires fixing a few build issues for non-am64 platforms. PiperOrigin-RevId: 295196922
2020-02-14Plumb VFS2 inside the SentrygVisor bot
- Added fsbridge package with interface that can be used to open and read from VFS1 and VFS2 files. - Converted ELF loader to use fsbridge - Added VFS2 types to FSContext - Added vfs.MountNamespace to ThreadGroup Updates #1623 PiperOrigin-RevId: 295183950
2020-02-14Fix various issues related to enabling go-marshal.gVisor bot
- Add missing build tags to files in the abi package. - Add the marshal package as a sentry dependency, allowed by deps_test. - Fix an issue with our top-level go_library BUILD rule, which incorrectly shadows the variable containing the input set of source files. This caused the expansion for the go_marshal clause to silently omit input files. - Fix formatting when copying build tags to gomarshal-generated files. - Fix a bug with import statement collision detection in go-marshal. PiperOrigin-RevId: 295112284
2020-02-13Add FileExec flag to OpenOptionsgVisor bot
This allow callers to say whether the file is being opened to be executed, so that the proper checks can be done from FilesystemImpl.OpenAt() Updates #1623 PiperOrigin-RevId: 295042595
2020-02-13Ensure the marshalled object doesn't escape.gVisor bot
Add new Marshallable interface methods CopyIn/CopyOut, which can be directly called on the marshalled object, avoiding an interface indirection. Such indirections are problematic because they always cause the marshalled object to escape. PiperOrigin-RevId: 295028010
2020-02-13Merge pull request #1791 from kevinGC:uchainsgVisor bot
PiperOrigin-RevId: 294957297
2020-02-13Internal change.gVisor bot
PiperOrigin-RevId: 294952610
2020-02-13Call py_requirement with named argument for optional kwarg.gVisor bot
PiperOrigin-RevId: 294930818
2020-02-12Minor runtime test fixes.gVisor bot
* Allow scripts/common.sh to be sourced from outside the scripts/ directory * Fix passing empty args to Bazel, which causes the tool to exit with a failure even if the command succeeds. PiperOrigin-RevId: 294785456
2020-02-12iptables: User chainsKevin Krakauer
- Adds creation of user chains via `-N <chainname>` - Adds `-j RETURN` support for built-in chains, which triggers the chain's underflow rule (usually the default policy). - Adds tests for chain creation, default policies, and `-j RETURN' from built-in chains.
2020-02-12Include more test files in exports_filesgVisor bot
So that they can be included by Fuchsia's syscall tests PiperOrigin-RevId: 294654890
2020-02-11Simplify atomic operationsgVisor bot
PiperOrigin-RevId: 294582802
2020-02-11Ensure fsimpl/gofer.dentryPlatformFile.hostFileMapper is initialized.gVisor bot
Fixes #1812. (The more direct cause of the deadlock is panic unsafety because the historically high cost of defer means that we avoid it in hot paths, including much of MM; defer is much cheaper as of Go 1.14, but still a measurable overhead.) PiperOrigin-RevId: 294560316
2020-02-11Fix up test/runtimes/README.md.gVisor bot
In particular, explain how to push updates to the images. PiperOrigin-RevId: 294508879
2020-02-11Disallow duplicate NIC names.gVisor bot
PiperOrigin-RevId: 294500858
2020-02-11Stateify: register types with full package namesgVisor bot
This is to avoid conflicts with types that share the same [short] package and type names, e.g. proc.smapsData exist in pkg/sentry/fs/proc and pkg/sentry/fsimpl/proc. Updates #1663 PiperOrigin-RevId: 294485146
2020-02-11Prevent DATA RACE in UnstableAttr.Adin Scannell
The slaveInodeOperations is currently copying the object when truncate is called (which is a no-op). This may result in a (unconsequential) data race when being modified concurrently. PiperOrigin-RevId: 294484276
2020-02-11Move Align{Up,Down} into binary package.gVisor bot
PiperOrigin-RevId: 294477647
2020-02-10Merge pull request #1775 from kevinGC:tcp-matchers-submitgVisor bot
PiperOrigin-RevId: 294340468
2020-02-10Cleanup internal package group.Adin Scannell
PiperOrigin-RevId: 294339229
2020-02-10Rename build to builddefs and minor build clean-up.Adin Scannell
The name 'bazel' also doesn't work because bazel will treat it specially. Fixes #1807 PiperOrigin-RevId: 294321221
2020-02-10Refactor getxattr.Dean Deng
Put most of the logic for getxattr in one place for clarity. This simplifies FGetXattr and getXattrFromPath, which are just wrappers for getXattr. PiperOrigin-RevId: 294308332
2020-02-10Clean-up comments in runsc/BUILD and CONTRIBUTING.md.Adin Scannell
PiperOrigin-RevId: 294300437
2020-02-10Add context to note.Adin Scannell
PiperOrigin-RevId: 294300040
2020-02-10Add flag package to limit visibility.Adin Scannell
PiperOrigin-RevId: 294297004
2020-02-10Add context to comments.Adin Scannell
PiperOrigin-RevId: 294295852
2020-02-10Add contextual comment.Adin Scannell
PiperOrigin-RevId: 294289066
2020-02-10Fix build_file in runtimes_tests.Brad Burlage
PiperOrigin-RevId: 294286242
2020-02-10Add contextual note.Adin Scannell
PiperOrigin-RevId: 294285723
2020-02-10Document MinimumTotalMemoryBytes.Adin Scannell
PiperOrigin-RevId: 294273559
2020-02-10Redirect FIXME to gvisor.devFabricio Voznika
PiperOrigin-RevId: 294272755
2020-02-10Move x86 state definition to its own file.Brad Burlage
PiperOrigin-RevId: 294271541
2020-02-10Update visibility.Adin Scannell
PiperOrigin-RevId: 294265019
2020-02-10iptables: add instructions for runsc building.Kevin Krakauer
The readme didn't mention that users need to: - `bazel build` when working on iptables tests - enable raw sockets in /etc/docker/daemon.json. PiperOrigin-RevId: 294260169
2020-02-10Merge pull request #1453 from xiaobo55x:cpuidgVisor bot
PiperOrigin-RevId: 294257911
2020-02-10Bump rules_go, gazelle, and go toolchain.Nicolas Lacasse
PiperOrigin-RevId: 294253155
2020-02-10Internal change.Zach Koopmans
PiperOrigin-RevId: 294250370