summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2020-04-28Fix Unix socket permissions.Dean Deng
Enforce write permission checks in BoundEndpointAt, which corresponds to the permission checks in Linux (net/unix/af_unix.c:unix_find_other). Also, create bound socket files with the correct permissions in VFS2. Fixes #2324. PiperOrigin-RevId: 308949084
2020-04-28Internal change.gVisor bot
PiperOrigin-RevId: 308940886
2020-04-28Deduplicate unix socket Release() method.Dean Deng
PiperOrigin-RevId: 308932254
2020-04-28Support IPv6 Privacy Extensions for SLAACGhanan Gowripalan
Support generating temporary (short-lived) IPv6 SLAAC addresses to address privacy concerns outlined in RFC 4941. Tests: - stack_test.TestAutoGenTempAddr - stack_test.TestNoAutoGenTempAddrForLinkLocal - stack_test.TestAutoGenTempAddrRegen - stack_test.TestAutoGenTempAddrRegenTimerUpdates - stack_test.TestNoAutoGenTempAddrWithoutStableAddr - stack_test.TestAutoGenAddrInResponseToDADConflicts PiperOrigin-RevId: 308915566
2020-04-28Use existing bazeldefs with top-level BUILD file.Adin Scannell
PiperOrigin-RevId: 308901116
2020-04-28Don't unlink named pipes in pipe test.Jamie Liu
TempPath's destructor runs at the end of the named pipe creation functions, deleting the named pipe. If the named pipe is backed by a "non-virtual" filesystem (!fs.Inode.IsVirtual()), this causes the following save attempt to fail because there are FDs holding the deleted named pipe open. PiperOrigin-RevId: 308861999
2020-04-28Merge pull request #2558 from prattmic:forward_signalgVisor bot
PiperOrigin-RevId: 308829800
2020-04-28Support pipes and sockets in VFS2 gofer fs.Dean Deng
Named pipes and sockets can be represented in two ways in gofer fs: 1. As a file on the remote filesystem. In this case, all file operations are passed through 9p. 2. As a synthetic file that is internal to the sandbox. In this case, the dentry stores an endpoint or VFSPipe for sockets and pipes respectively, which replaces interactions with the remote fs through the gofer. In gofer.filesystem.MknodAt, we attempt to call mknod(2) through 9p, and if it fails, fall back to the synthetic version. Updates #1200. PiperOrigin-RevId: 308828161
2020-04-27Merge pull request #2544 from prattmic:runsc_do_cleanupgVisor bot
PiperOrigin-RevId: 308727526
2020-04-27Import host sockets.Dean Deng
The FileDescription implementation for hostfs sockets uses the standard Unix socket implementation (unix.SocketVFS2), but is also tied to a hostfs dentry. Updates #1672, #1476 PiperOrigin-RevId: 308716426
2020-04-27Reduce flakiness in tcp_test.Bhasker Hariharan
Poll for metric updates as immediately trying to read them can sometimes be flaky if due to goroutine scheduling the check happens before the sender has got a chance to update the corresponding sent metric. PiperOrigin-RevId: 308712817
2020-04-27Merge pull request #2557 from cmingxu:mastergVisor bot
PiperOrigin-RevId: 308706483
2020-04-27runsc: extend do network cleanupMichael Pratt
Previously we unconditionally failed to cleanup the networking files (hostname, resolve.conf, hosts), and failed to cleanup the netns, etc on partial setup failure. We can drop the iptables commands from cleanup, as the routes automatically go away when the device is deleted. Those commands were failing previously. Forward signals to the container, allowing it to exit normally when a signal is received, and then for runsc to run the cleanup. This doesn't cover cleanup when runsc is signalled before the container start, it covers the most common case. Fixes #2539 Fixes #2540
2020-04-27Dump stack for stuck start and stuck watchdogFabricio Voznika
The meaning for skipDump was reversed, but not all callers were updated. Change the meaning once again to forceDump, so that the period between stack dump is respected from all callers. PiperOrigin-RevId: 308674373
2020-04-27Automated rollback of changelist 308163542gVisor bot
PiperOrigin-RevId: 308674219
2020-04-27container: use sighandling packageMichael Pratt
Use the sighandling package for Container.ForwardSignals, for consistency with other signal forwarding. Fixes #2546
2020-04-27Don't leak vfs.MountNamespace reference if kernel.TaskSet.NewTask fails.Jamie Liu
PiperOrigin-RevId: 308617610
2020-04-27Update container.gokevin.xu
typo, should be `start` in comments
2020-04-27Merge pull request #1 from google/masterkevin.xu
catch up
2020-04-25Enable automated marshalling for signals and the arch package.Rahat Mahmood
PiperOrigin-RevId: 308472331
2020-04-25Add container tests passing with VFS2Zach Koopmans
Several tests are passing after getting TestAppExitStatus (run /bin/true) changes. Make versions that run via VFS2 so that we know what is and isn't working. In addition, fix bug in VFSFile ReadFull. For the TestExePath test in container_test.go, the case "unmasked" will return 0 bytes read with no EOF err, causing the ReadFull call to spin. PiperOrigin-RevId: 308428126
2020-04-24More descriptive error message for missing docker image.Eyal Soha
Tested: Ran a packetimpact test after `docker image rm` and examined the message. PiperOrigin-RevId: 308370603
2020-04-24VFS2: Get HelloWorld image tests to pass with VFS2Zach Koopmans
This change includes: - Modifications to loader_test.go to get TestCreateMountNamespace to pass with VFS2. - Changes necessary to get TestHelloWorld in image tests to pass with VFS2. This means runsc can run the hello-world container with docker on VSF2. Note: Containers that use sockets will not run with these changes. See "//test/image/...". Any tests here with sockets currently fail (which is all of them but HelloWorld). PiperOrigin-RevId: 308363072
2020-04-24Propagate PID limit from OCI to sandbox cgroupFabricio Voznika
Closes #2489 PiperOrigin-RevId: 308362434
2020-04-24Merge pull request #1707 from lubinszARM:pr_lazy_fpsimd_2gVisor bot
PiperOrigin-RevId: 308347744
2020-04-24Add ICMP6 param problem testEyal Soha
Tested: When run on Linux, a correct ICMPv6 response is received. On netstack, no ICMPv6 response is received. PiperOrigin-RevId: 308343113
2020-04-24Better error message from ExpectFrameEyal Soha
Display the errors as diffs between the expected and wanted frame. PiperOrigin-RevId: 308333271
2020-04-24Improve and update packetimpact README.mdEyal Soha
PiperOrigin-RevId: 308328860
2020-04-24Standardize all Docker images.Adin Scannell
This change moves all Docker images to a standard location, and abstracts the build process so that they can be maintained in an automated fashion. This also allows the images to be architecture-independent. All images will now be referred to by the test framework via the canonical `gvisor.dev/images/<name>`, where `<name>` is a function of the path within the source tree. In a subsequent change, continuous integration will be added so that the images will always be correct and available locally. In the end, using `bazel` for Docker containers is simply not possible. Given that we already have the need to use `make` with the base container (for Docker), we extend this approach to get more flexibility. This change also adds a self-documenting and powerful Makefile that is intended to replace the collection of scripts in scripts. Canonical (self-documenting) targets can be added here for targets that understand which images need to be loaded and/or built. PiperOrigin-RevId: 308322438
2020-04-24Port SCM Rights to VFS2.Dean Deng
Fixes #1477. PiperOrigin-RevId: 308317511
2020-04-24kokoro: save all files from test.outputs/Andrei Vagin
If a test fails by timeout, bazel doesn't generate outputs.zip. PiperOrigin-RevId: 308307815
2020-04-24Do not copy tcpip.CancellableTimerGhanan Gowripalan
A CancellableTimer's AfterFunc timer instance creates a closure over the CancellableTimer's address. This closure makes a CancellableTimer unsafe to copy. No behaviour change, existing tests pass. PiperOrigin-RevId: 308306664
2020-04-24Plumb context.Context into kernfs.Inode.Open().Dean Deng
PiperOrigin-RevId: 308304793
2020-04-24Fixes for procfsFabricio Voznika
- Return ENOENT for /proc/[pid]/task if task is zoombied or terminated - Allow directory to be Seek() to the end - Construct synthetic files for /proc/[pid]/ns/* - Changed GenericDirectoryFD.Init to not register with FileDescription, otherwise other implementation cannot change behavior. Updates #1195,1193 PiperOrigin-RevId: 308294649
2020-04-24Move hostfs mount to Kernel struct.Dean Deng
This is needed to set up host fds passed through a Unix socket. Note that the host package depends on kernel, so we cannot set up the hostfs mount directly in Kernel.Init as we do for sockfs and pipefs. Also, adjust sockfs to make its setup look more like hostfs's and pipefs's. PiperOrigin-RevId: 308274053
2020-04-24Refactor syscall.Fstat calls in hostfs.Dean Deng
Just call syscall.Fstat directly each time mode/file owner are needed. This feels more natural than using i.getPermissions(). PiperOrigin-RevId: 308257405
2020-04-24Merge pull request #2509 from prattmic:benchmark_docsgVisor bot
PiperOrigin-RevId: 308215754
2020-04-23Fix Layer merge and add unit testsEyal Soha
mergo was improperly merging nil and empty strings PiperOrigin-RevId: 308170862
2020-04-23Enable automated marshalling for mempolicy syscalls.Rahat Mahmood
PiperOrigin-RevId: 308170679
2020-04-23Port devpts to VFS2.Nicolas Lacasse
PiperOrigin-RevId: 308164359
2020-04-23Remove View.First() and View.RemoveFirst()Kevin Krakauer
These methods let users eaily break the VectorisedView abstraction, and allowed netstack to slip into pseudo-enforcement of the "all headers are in the first View" invariant. Removing them and replacing with PullUp(n) breaks this reliance and will make it easier to add iptables support and rework network buffer management. The new View.PullUp(n) method is low cost in the common case, when when all the headers fit in the first View. PiperOrigin-RevId: 308163542
2020-04-23Enable automated marshalling for epoll events.Rahat Mahmood
Ensure we use the correct architecture-specific defintion of epoll event, and use go-marshal for serialization. PiperOrigin-RevId: 308145677
2020-04-23Add vfs.MkdirOptions.ForSyntheticMountpoint.Jamie Liu
PiperOrigin-RevId: 308143529
2020-04-23Fix test output so that filenames have the correct path.Eyal Soha
Tested: Intentionally introduce an error and then run: blaze test --test_output=streamed //third_party/gvisor/test/packetimpact/tests:tcp_outside_the_window_linux_test PiperOrigin-RevId: 308114194
2020-04-23Add basic GitHub labeler workflow.Adin Scannell
This is the first automated GitHub actions workflow, and it simply applies labels to pull request in a best-effort fashion. PiperOrigin-RevId: 308112191
2020-04-23Merge pull request #1819 from lubinszARM:pr_signal_2gVisor bot
PiperOrigin-RevId: 308100771
2020-04-23Simplify Docker test infrastructure.Adin Scannell
This change adds a layer of abstraction around the internal Docker APIs, and eliminates all direct dependencies on Dockerfiles in the infrastructure. A subsequent change will automated the generation of local images (with efficient caching). Note that this change drops the use of bazel container rules, as that experiment does not seem to be viable. PiperOrigin-RevId: 308095430
2020-04-23Factor fsimpl/gofer.host{Preadv,Pwritev} out of fsimpl/gofer.Jamie Liu
Also fix returning EOF when 0 bytes are read. PiperOrigin-RevId: 308089875
2020-04-23Disable nogo because it breaks Go 1.13Fabricio Voznika
Even though the default build option is to use 1.14, we want to be want to keep the ability to target different Go versions for testing and in case the new release has bugs. PiperOrigin-RevId: 308078876
2020-04-23Run failing packetimpact test and expect failure.Eyal Soha
This will make it easier to notice if a code change causes an existing test to pass. PiperOrigin-RevId: 308057978