| Age | Commit message (Collapse) | Author |
|---|
|
Return EEXIST when overwritting a file as long as the caller has exec
permission on the parent directory, even if the caller doesn't have
write permission.
Also reordered the mount write check, which happens before permission
is checked.
Closes #5164
PiperOrigin-RevId: 351868123
|
|
Commit 25b5ec7 moved link address resolution out of the transport layer;
special handling of link address resolution is no longer necessary in tcp.
PiperOrigin-RevId: 351839254
|
|
Note, this includes static entries to match linux's behaviour.
```
$ ip neigh show dev eth0
192.168.42.1 lladdr fc:ec:da:70:6e:f9 STALE
$ sudo ip neigh add 192.168.42.172 lladdr 22:33:44:55:66:77 dev eth0
$ ip neigh show dev eth0
192.168.42.1 lladdr fc:ec:da:70:6e:f9 STALE
192.168.42.172 lladdr 22:33:44:55:66:77 PERMANENT
$ sudo ifconfig eth0 down
$ ip neigh show dev eth0
$ sudo ifconfig eth0 up
$ ip neigh show dev eth0
```
Test: stack_test.TestClearNeighborCacheOnNICDisable
PiperOrigin-RevId: 351696306
|
|
Link address resolution is performed at the link layer (if required) so
we can defer it from the transport layer. When link resolution is
required, packets will be queued and sent once link resolution
completes. If link resolution fails, the transport layer will receive a
control message indicating that the stack failed to route the packet.
tcpip.Endpoint.Write no longer returns a channel now that writes do not
wait for link resolution at the transport layer.
tcpip.ErrNoLinkAddress is no longer used so it is removed.
Removed calls to stack.Route.ResolveWith from the transport layer so
that link resolution is performed when a route is created in response
to an incoming packet (e.g. to complete TCP handshakes or send a RST).
Tests:
- integration_test.TestForwarding
- integration_test.TestTCPLinkResolutionFailure
Fixes #4458
RELNOTES: n/a
PiperOrigin-RevId: 351684158
|
|
Whether the variable was found is already returned by syscall.Getenv.
os.Getenv drops this value while os.Lookupenv passes it along.
PiperOrigin-RevId: 351674032
|
|
This is useful when using the shell library in order to log to both the test
log and the standard logs.
PiperOrigin-RevId: 351673465
|
|
PiperOrigin-RevId: 351638451
|
|
PiperOrigin-RevId: 351632484
|
|
It is now composed by a NetworkInterface interface which lets us delete
the methods we don't need.
PiperOrigin-RevId: 351613267
|
|
PiperOrigin-RevId: 351606635
|
|
Rather than dumping metrics on a single line, nearly unrelated textproto, print
them in alphabetical order, each on their own line.
e.g.,
D0108 17:42:42.198216 3382465 metric.go:253] Emitting metrics:
D0108 17:42:42.198240 3382465 metric.go:255] /fs/opens: &{Uint64Value:22}
D0108 17:42:42.198271 3382465 metric.go:255] /fs/read_wait: &{Uint64Value:0}
D0108 17:42:42.198294 3382465 metric.go:255] /fs/reads: &{Uint64Value:26}
D0108 17:42:42.198319 3382465 metric.go:255] /gofer/opened_write_execute_file: &{Uint64Value:0}
D0108 17:42:42.198327 3382465 metric.go:255] /gofer/opens_9p: &{Uint64Value:0}
D0108 17:42:42.198340 3382465 metric.go:255] /gofer/opens_host: &{Uint64Value:20}
...
PiperOrigin-RevId: 351590340
|
|
This change implements TLP details enumerated in
https://tools.ietf.org/html/draft-ietf-tcpm-rack-08#section-7.6
Fixes #5131
PiperOrigin-RevId: 351558449
|
|
If the release directory is a parent directory (for reasons), then this causes
a few problems (to say the least).
PiperOrigin-RevId: 351515882
|
|
Files removed from the working tree were not being properly removed from
the branch, leading to symbol conflicts while building. This requires the
change to 'git add --all' in the tools/go_branch.sh script.
But why was this not caught by CI? The "git clean -f" command by default
only cleans files in the current working directory. In order to clean the
whole tree recursively, we need to specify a pathspec, which is ".".
In addition to these fixes, re-add the "go tests" command to help prevent
this from happening again, since merges on the Go branch will happen in
GitHub actions for simplicity. The Go test is retained in BuildKite.
PiperOrigin-RevId: 351503804
|
|
When a control packet is delivered, it is delivered to a transport
endpoint with a matching stack.TransportEndpointID so there is no
need to pass the ID to the endpoint as it already knows its ID.
PiperOrigin-RevId: 351497588
|
|
PiperOrigin-RevId: 351491836
|
|
Simplify some logic while I'm here.
PiperOrigin-RevId: 351491593
|
|
gvisor-containerd-shim is not compatible with containerd 1.1 or earlier.
Starting from containerd 1.2, shim v2 is the preferred interface.
PiperOrigin-RevId: 351485556
|
|
This can race and cause issues. Instead, a manual shutdown can be done
via 'bazel-shutdown' if required for specific cases. The ARM64 builds
are now done using cross-compilation, so this hack is not necessary.
PiperOrigin-RevId: 351477908
|
|
This change implements TLP details enumerated in
https://tools.ietf.org/html/draft-ietf-tcpm-rack-08#section-7.5.1.
Fixes #5083
PiperOrigin-RevId: 351467357
|
|
These are primarily simplification and lint mistakes. However, minor
fixes are also included and tests added where appropriate.
PiperOrigin-RevId: 351425971
|
|
This requires several changes:
* Templates must preserve relevant tags.
* Pagetables templates are split into two targets, each preserving tags.
* The binary VDSO is similarly split into two targets, with some juggling.
* The top level tools/go_branch.sh now does a crossbuild of ARM64 as well,
and checks and merges the results of the two branches together.
Fixes #5178
PiperOrigin-RevId: 351304330
|
|
This allows for use in restricted contexts.
Updates #5039
PiperOrigin-RevId: 351265378
|
|
PiperOrigin-RevId: 351263241
|
|
Closes #5226
PiperOrigin-RevId: 351259576
|
|
This allows for use in restricted contexts.
Updates #5039
PiperOrigin-RevId: 351220385
|
|
The release was changed by bazel ಠ_ಠ:
https://github.com/bazelbuild/rules_go/issues/2779
Updates #5188
PiperOrigin-RevId: 351185440
|
|
This change works around an issue in rules_pkg, described here:
https://github.com/bazelbuild/rules_pkg/pull/263
PiperOrigin-RevId: 350869030
|
|
PiperOrigin-RevId: 350862699
|
|
This creates a TTY pair and runs `/bin/sh` in interactive mode within it.
It provides useful helper functions to interact with the shell and read the
output of commands run within it.
This is meant to be used for testing upcoming changes allowing `runsc exec` to
work in `-detach=false -tty=true` mode.
PiperOrigin-RevId: 350841006
|
|
PiperOrigin-RevId: 350823213
|
|
It isn't used on aarch64.
Signed-off-by: Andrei Vagin <avagin@gmail.com>
|
|
This is extremely convenient similar to being able to link to Go
package documentation via the canonical package names.
PiperOrigin-RevId: 350774913
|
|
This was not being tested as part of the unit test workflows, and thus was
not being hit normally. These tests are also added to the unit tests target.
PiperOrigin-RevId: 350766814
|
|
PiperOrigin-RevId: 350691246
|
|
make BAZEL_CONFIG=aarch64 arm-qemu-smoke-test
Signed-off-by: Andrei Vagin <avagin@gmail.com>
|
|
This further restricts the surface exposed only to artifacts
generated by the continuous integration system.
This change also installs appropriate root certificates, so
that objects can be fetched from https://storage.googleapis.com.
PiperOrigin-RevId: 350650197
|
|
PiperOrigin-RevId: 350646249
|
|
Read now takes a destination io.Writer, count, options. Keeping the method name
Read, in contrast to the Write method.
This enables:
* direct transfer of views under VV
* zero copy
It also eliminates the need for sentry to keep a slice of view because
userspace had requested a read that is smaller than the view returned, removing
the complexity there.
Read/Peek/ReadPacket are now consolidated together and some duplicate code is
removed.
PiperOrigin-RevId: 350636322
|
|
PiperOrigin-RevId: 350619346
|
|
PiperOrigin-RevId: 350614888
|
|
Signed-off-by: Andrei Vagin <avagin@gmail.com>
|
|
Closes #5192
PiperOrigin-RevId: 350578130
|
|
Add redirects from any module package path to its corressponding
pkg.go.dev documentation. e.g., gvisor.dev/gvisor/pkg/sentry/kernel ->
https://pkg.go.dev/gvisor.dev/gvisor/pkg/sentry/kernel.
This is a handy way to get to documentation, also used by other vanity
domains, like golang.org/x/tools.
|
|
PiperOrigin-RevId: 350509137
|
|
This allows us to link directly to profiling results from
the build results. The code uses the standard pprof http
server, exported from the Cloud Run instance.
PiperOrigin-RevId: 350440910
|
|
... Otherwise it will be mounted in via some other path, and will
not be available inside the container at all.
PiperOrigin-RevId: 350440843
|
|
PiperOrigin-RevId: 350438564
|
|
Ethernet frames are usually filtered at the hardware-level so there is
no need to filter the frames in software.
For test purposes, a new link endpoint was introduced to filter frames
based on their destination.
PiperOrigin-RevId: 350422941
|
|
IPv4 was always supported but UDP never supported joining/leaving IPv6
multicast groups via socket options.
Add: IPPROTO_IPV6, IPV6_JOIN_GROUP/IPV6_ADD_MEMBERSHIP
Remove: IPPROTO_IPV6, IPV6_LEAVE_GROUP/IPV6_DROP_MEMBERSHIP
Test: integration_test.TestUDPAddRemoveMembershipSocketOption
PiperOrigin-RevId: 350396072
|
