| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Updates #1035
PiperOrigin-RevId: 404072231
|
|
|
|
Updates #1035
PiperOrigin-RevId: 404043283
|
|
|
|
The in-progress Go 1.18's testing.corpusEntry changed definition slightly in
https://golang.org/cl/354632. Update our definition to the new version.
PiperOrigin-RevId: 404040853
|
|
|
|
PiperOrigin-RevId: 404025736
|
|
|
|
Updates #1035
PiperOrigin-RevId: 404017795
|
|
|
|
Fixes #6590
PiperOrigin-RevId: 404007524
|
|
|
|
https://github.com/dominikh/go-tools/issues/924 has been fixed.
PiperOrigin-RevId: 403485831
|
|
|
|
PiperOrigin-RevId: 403479257
|
|
|
|
Implement WriteRawPacket for pipe by calling `DeliverNetworkPacket`
on the other end with empty values for the route and protocol number,
and relies on the `NetworkDispatcher` to decapsulate the link layer
header from the raw packet itself.
PiperOrigin-RevId: 403461448
|
|
|
|
tcpip.Error does not implement error and thus cannot be used with %w.
This was flagged by nogo.
PiperOrigin-RevId: 403458480
|
|
|
|
gVisor was previously reporting the lower of cgroup limit or 2GB as total
memory. This may cause applications to make bad decisions based on amount
of memory available to them when more than 2GB is required.
This change makes the lower of cgroup limit or the host total memory to be
reported inside the sandbox. This also is more inline with docker which always
reports host total memory. Note that reporting cgroup limit is strictly better
than host total memory when there is a limit set.
Fixes #5608
PiperOrigin-RevId: 403241608
|
|
|
|
PiperOrigin-RevId: 403241314
|
|
|
|
PiperOrigin-RevId: 403214414
|
|
|
|
PiperOrigin-RevId: 402995191
|
|
|
|
Use route/protocol from packetbuffer.
Sharedmem implementation should use the EgressRoute/NetworkProtocolNumber
embedded in the packetbuffer rather than what is passed as parameters to
Write(Raw)Packet(s).
PiperOrigin-RevId: 402934171
|
|
|
|
These can be used by applications to manipulate iptables rules without enabling
arbitrary reads from and writes to the underlying packet socket.
PiperOrigin-RevId: 402924733
|
|
|
|
Before cl/402392291 and cl/402614820, it worked without any problem.
In this case, we just ignore a cgroup configuration. We do the same thing,
when we don't have permissions to create new cgroups on cgroupV1.
PiperOrigin-RevId: 402913129
|
|
|
|
...since direction can only hold one of two possible values.
PiperOrigin-RevId: 402855698
|
|
|
|
This CL allows both SNAT and DNAT targets to be performed on the same
packet.
Fixes #5696.
PiperOrigin-RevId: 402714738
|
|
|
|
PiperOrigin-RevId: 402705397
|
|
|
|
Fixes #6725
PiperOrigin-RevId: 402683244
|
|
|
|
This change also refactors the conntrack packet handling code
to not perform the actual rewriting of the packet while holding
the lock.
This change prepares for a followup CL that adds support for twice-NAT.
Updates #5696.
PiperOrigin-RevId: 402671685
|
|
|
|
We don't want the read to block and want to test that epoll_wait returns only
when there is data available in rfd to be read.
PiperOrigin-RevId: 402631091
|
|
|
|
- Don't attempt to create directory is controller is not
present in the system
- Ensure that all files being written exist in cgroupfs
- Attempt to delete directories during Uninstall even if
other deletions have failed
Fixes #6446
PiperOrigin-RevId: 402614820
|
|
|
|
Prior to cl/318010298, //pkg/state couldn't handle pointers to struct fields,
which meant that it couldn't handle intrusive linked lists, which meant that it
couldn't handle waiter.Queue, which meant that it couldn't handle epoll. As a
result, VFS1 unregisters all epoll waiters before saving and re-registers them
after loading, and waitable VFS1 file implementations tag their waiter.Queues
state:"nosave" (causing them to be skipped by the save/restore machinery) or
state:"zerovalue" (causing them to only be checked for zero-value-equality on
save).
VFS2 required cl/318010298 to support save/restore (due to the Impl inheritance
pattern used by vfs.FileDescription, vfs.Dentry, etc.); correspondingly, VFS2
epoll assumes that waiter.Queues *will be* saved and loaded correctly, and VFS2
file implementations do not tag waiter.Queues.
Some waiter.Queues, e.g. pipe.Pipe.Queue and kernel.Task.signalQueue, are used
by both VFS1 and VFS2 (the latter via signalfd); as a result of the above,
tagging these Queues state:"nosave" or state:"zerovalue" breaks VFS2 epoll.
Remove VFS1 epoll unregistration before saving (bringing it in line with VFS2),
and remove these tags from all waiter.Queues.
Also clean up after the epoll test added by cl/402323053, which implied this
issue (by instantiating DisableSave in the new test) without reporting it.
PiperOrigin-RevId: 402596216
|
