summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2019-02-05Change /proc/PID/cmdline to read environment vector.Zach Koopmans
- Change proc to return envp on overwrite of argv with limitations from upstream. - Add unit tests - Change layout of argv/envp on the stack so that end of argv is contiguous with beginning of envp. PiperOrigin-RevId: 232506107 Change-Id: I993880499ab2c1220f6dc456a922235c49304dec
2019-02-04Deflake unlink test.Kevin Krakauer
Multiple tests were creating the same directory before removing it, making it possible for concurrent tests to fail because the directory already exists. PiperOrigin-RevId: 232389814 Change-Id: I35d409fff4b3fd864b30fee742cb587b14975c23
2019-02-04Note //third_party in coding guidelinesMichael Pratt
PiperOrigin-RevId: 232375745 Change-Id: I26146ad65fac1dcdc5fcb4b11a1580133f9ca46d
2019-02-01gvisor/test: Remove gtest shard env variablesAndrei Vagin
PiperOrigin-RevId: 232071420 Change-Id: I5aa57f3dc4aac637d6f467445b4b3110fc08ac80
2019-02-01CachingInodeOperations was over-dirtying cached attributesFabricio Voznika
Dirty should be set only when the attribute is changed in the cache only. Instances where the change was also sent to the backing file doesn't need to dirty the attribute. Also remove size update during WriteOut as writing dirty page would naturaly grow the file if needed. RELNOTES: relnotes is needed for the parent CL. PiperOrigin-RevId: 232068978 Change-Id: I00ba54693a2c7adc06efa9e030faf8f2e8e7f188
2019-02-01Factor the subtargets method into a helper method with tests.Nicolas Lacasse
PiperOrigin-RevId: 232047515 Change-Id: I00f036816e320356219be7b2f2e6d5fe57583a60
2019-01-31Move package sync to third_partyMichael Pratt
PiperOrigin-RevId: 231889261 Change-Id: I482f1df055bcedf4edb9fe3fe9b8e9c80085f1a0
2019-01-31gvisor/gofer: Use pivot_root instead of chrootAndrei Vagin
PiperOrigin-RevId: 231864273 Change-Id: I8545b72b615f5c2945df374b801b80be64ec3e13
2019-01-31Fix commentMichael Pratt
PiperOrigin-RevId: 231861005 Change-Id: I134d4e20cc898d44844219db0a8aacda87e11ef0
2019-01-31Add syscall test dimension for --file_access=sharedFabricio Voznika
PiperOrigin-RevId: 231856279 Change-Id: I175db87374890a62a3a3c2ddef727668ff854ce4
2019-01-31Invalidate COW mappings when file is truncatedFabricio Voznika
This changed required making fsutil.HostMappable use a backing file to ensure the correct FD would be used for read/write operations. RELNOTES: relnotes is needed for the parent CL. PiperOrigin-RevId: 231836164 Change-Id: I8ae9639715529874ea7d80a65e2c711a5b4ce254
2019-01-31Don't mask out sticky bit to/from goferFabricio Voznika
RELNOTES: sticky bit propagates to gofers now. PiperOrigin-RevId: 231822453 Change-Id: I73426170b9457350480a3b144a2baf937e7cb477
2019-01-31Remove license commentsMichael Pratt
Nothing reads them and they can simply get stale. Generated with: $ sed -i "s/licenses(\(.*\)).*/licenses(\1)/" **/BUILD PiperOrigin-RevId: 231818945 Change-Id: Ibc3f9838546b7e94f13f217060d31f4ada9d4bf0
2019-01-31runsc: check whether a container is deleted or not before setupContainerFSAndrei Vagin
PiperOrigin-RevId: 231811387 Change-Id: Ib143fb9a4d0fa1f105d1a3a3bd533dfc44e792af
2019-01-30Add muldiv/rd_tsc support for arm64 platform.Haibo Xu
Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: If35459be78e023346a140184401172f8e023c7f9 PiperOrigin-RevId: 231638020
2019-01-29Fix IsLost check to match the description in RFC6675.Bhasker Hariharan
quoting what "rscheff@gmx.at" pointed out over email. "IsLost in RFC3517 is defined as >= (DupThresh * SMSS) while RFC6675 improves upon this, and defines IsLost as > ((DupThresh - 1) * SMSS + 1). The latter addresses situations where partial segments (size < MSS) are sent (eg. last segment of a http protocol message sent with PSH being less than MSS is common)." PiperOrigin-RevId: 231512331 Change-Id: I1addd4a92e3e7baeb0bdda46463ebfae435da958
2019-01-29Bump rules_go to v0.17.0, and go toolchain to v1.11.5.Nicolas Lacasse
PiperOrigin-RevId: 231506385 Change-Id: I739ca24a152b32130ab4c6cdd200242d2fb37e31
2019-01-29runsc: reap a sandbox process only in sandbox.Wait()Andrei Vagin
PiperOrigin-RevId: 231504064 Change-Id: I585b769aef04a3ad7e7936027958910a6eed9c8d
2019-01-29Fix NIC endpoint forwarding.Ian Gudger
Also adds a test for regular NIC forwarding. PiperOrigin-RevId: 231495279 Change-Id: Ic7edec249568e9ad0280cea77eac14478c9073e1
2019-01-29Don't assume that stdout is always writable in PollTest.Nfds.Jamie Liu
stdout can be (and, in automated testing, often is) a host pipe or similar resource shared between multiple parallel tests, such that it can become transiently full during testing. PiperOrigin-RevId: 231413569 Change-Id: Id14991b5f71e53c894695899e65e1be4dd228cc6
2019-01-29Refactor out NewEventFD to a test utility.Jamie Liu
PiperOrigin-RevId: 231404512 Change-Id: I31efcc23a0c4a48ef6fbba3ca07415d79290f55c
2019-01-29Use recvmmsg() instead of readv() to read packets from NIC.Bhasker Hariharan
This should reduce the number of syscalls required to process packets significantly and improve throughputs. PiperOrigin-RevId: 231366886 Change-Id: I8b38077262bf9c53176bc4a94b530188d3d7c0ca
2019-01-28check isRootNS by ns inodeShijiang Wei
Signed-off-by: Shijiang Wei <mountkin@gmail.com> Change-Id: I032f834edae5c716fb2d3538285eec07aa11a902 PiperOrigin-RevId: 231318438
2019-01-28Convert TODO into FIXME.Zhaozhong Ni
PiperOrigin-RevId: 231301228 Change-Id: I3e18f3a12a35fb89a22a8c981188268d5887dc61
2019-01-28Fix data race in InodeSimpleAttributes.Unstable.Nicolas Lacasse
We were modifying InodeSimpleAttributes.Unstable.AccessTime without holding the necessary lock. Luckily for us, InodeSimpleAttributes already has a NotifyAccess method that will do the update while holding the lock. In addition, we were holding dfo.dir.mu.Lock while setting AccessTime, which is unnecessary, so that lock has been removed. PiperOrigin-RevId: 231278447 Change-Id: I81ed6d3dbc0b18e3f90c1df5e5a9c06132761769
2019-01-28Remove obsolete gVisor-specific test condition.Jamie Liu
PiperOrigin-RevId: 231274510 Change-Id: I8f65157dbe18dae1c6235147fc4d27e0c844c833
2019-01-28Convert outdated TODO to NOTE.Zhaozhong Ni
PiperOrigin-RevId: 231263193 Change-Id: Ib732c9639462f7994d473050495d88c2855434af
2019-01-28runsc: Only uninstall cgroup for sandbox stop.Lantao Liu
PiperOrigin-RevId: 231263114 Change-Id: I57467a34fe94e395fdd3685462c4fe9776d040a3
2019-01-28Drop the one-page limit for /proc/[pid]/{cmdline,environ}.Jamie Liu
It never actually should have applied to environ (the relevant change in Linux 4.2 is c2c0bb44620d "proc: fix PAGE_SIZE limit of /proc/$PID/cmdline"), and we claim to be Linux 4.4 now anyway. PiperOrigin-RevId: 231250661 Change-Id: I37f9c4280a533d1bcb3eebb7803373ac3c7b9f15
2019-01-25Deflake socket_stream_blocking tests.Jamie Liu
PiperOrigin-RevId: 231020482 Change-Id: Idd9168678b18d03aac473adcc40902e27e06d0a1
2019-01-25Make cacheRemoteRevalidating detect changes to file sizeFabricio Voznika
When file size changes outside the sandbox, page cache was not refreshing file size which is required for cacheRemoteRevalidating. In fact, cacheRemoteRevalidating should be skipping the cache completely since it's not really benefiting from it. The cache is cache is already bypassed for unstable attributes (see cachePolicy.cacheUAttrs). And althought the cache is called to map pages, they will always miss the cache and map directly from the host. Created a HostMappable struct that maps directly to the host and use it for files with cacheRemoteRevalidating. Closes #124 PiperOrigin-RevId: 230998440 Change-Id: Ic5f632eabe33b47241e05e98c95e9b2090ae08fc
2019-01-25Fix a nil pointer dereference bug in Container.Destroy()ShiruRen
In Container.Destroy(), we call c.stop() before calling executeHooksBestEffort(), therefore, when we call executeHooksBestEffort(c.Spec.Hooks.Poststop, c.State()) to execute the poststop hook, it results in a nil pointer dereference since it reads c.Sandbox.Pid in c.State() after the sandbox has been destroyed. To fix this bug, we can change container's status to "stopped" before executing the poststop hook. Signed-off-by: ShiruRen <renshiru2000@gmail.com> Change-Id: I4d835e430066fab7e599e188f945291adfc521ef PiperOrigin-RevId: 230975505
2019-01-25Execute statically linked binaryFabricio Voznika
Mounting lib and lib64 are not necessary anymore and simplifies the test. PiperOrigin-RevId: 230971195 Change-Id: Ib91a3ffcec4b322cd3687c337eedbde9641685ed
2019-01-25Remove O_CLOEXEC from socket test configurations where irrelevant.Jamie Liu
The implementation of O_CLOEXEC is orthogonal to every property tested by these tests; removing it significantly reduces the number of redundant tests we run. Also remove no-op calls to VecCat (calls with a single argument). PiperOrigin-RevId: 230959537 Change-Id: I83fe7db24e481ef67ca1f1992228af423f640b5c
2019-01-24Add runsc logs to test resultsFabricio Voznika
PiperOrigin-RevId: 230850177 Change-Id: I34eb24e8ff8dd9ce3e7f5eb2dc2ee58eeac49f07
2019-01-24cleanup: extract the kernel from contextAdin Scannell
Change-Id: I94704a90beebb53164325e0cce1fcb9a0b97d65c PiperOrigin-RevId: 230817308
2019-01-24Increase gofer coverage in testsFabricio Voznika
Lots of tests use /tmp for the tests. Force /tmp to be mounted over fsgofer instead of tmpfs. PiperOrigin-RevId: 230788985 Change-Id: Id6597ed88133232d15e808c48126bf77cb32673e
2019-01-24Explicitly std::move() returned std::vector<Mapping>.Jamie Liu
Otherwise, C++11-compliant compilers may select PosixErrorOr(const T&) as the relevant constructor, and fail because std::vector<Mapping> is not copyable (because Mapping is not copyable). This is a C++11 defect that is fixed in C++14 (and in C++11 mode for Clang, but not GCC). See DR 1579, http://www.open-std.org/jtc1/sc22/wg21/docs/cwg_defects.html#1579. PiperOrigin-RevId: 230767401 Change-Id: I65f481f5188d91db6cbbbd65ed0a60bc55df3401
2019-01-23Fix cases of missing braces on ifMichael Pratt
PiperOrigin-RevId: 230641540 Change-Id: Icccc3cdeec191138940f0ecea0a29798359d2b1f
2019-01-23socket_netlink_route: ignore negative port ID valuesAndrei Vagin
netlink_autobind() sets a port id to a process ID, if this address is available. Otherwise, it will set a port id to a random negative value. PiperOrigin-RevId: 230631956 Change-Id: I11692e4fe9421e77d9406627b4e7772e4d9b105a
2019-01-22Don't bind-mount runsc into a sandbox mntnsAndrei Vagin
PiperOrigin-RevId: 230437407 Change-Id: Id9d8ceeb018aad2fe317407c78c6ee0f4b47aa2b
2019-01-22gvisor/test: fix a compile time error in socket_netdeviceAndrei Vagin
Compilation of this test fails in kokoro: In file included from /usr/include/linux/netdevice.h:28:0, from /usr/include/linux/if_arp.h:26, from ./test/syscalls/linux/socket_netlink_util.h:18, from test/syscalls/linux/socket_netdevice.cc:24: /usr/include/linux/if.h:143:8: error: redefinition of 'struct ifmap' struct ifmap { ^~~~~ In file included from test/syscalls/linux/socket_netdevice.cc:18:0: /usr/include/net/if.h:111:8: note: previous definition of 'struct ifmap' struct ifmap ^~~~~ In file included from /usr/include/linux/netdevice.h:28:0, from /usr/include/linux/if_arp.h:26, from ./test/syscalls/linux/socket_netlink_util.h:18, from test/syscalls/linux/socket_netdevice.cc:24: /usr/include/linux/if.h:177:8: error: redefinition of 'struct ifreq' struct ifreq { ^~~~~ In file included from test/syscalls/linux/socket_netdevice.cc:18:0: /usr/include/net/if.h:126:8: note: previous definition of 'struct ifreq' struct ifreq ^~~~~ In file included from /usr/include/linux/netdevice.h:28:0, from /usr/include/linux/if_arp.h:26, from ./test/syscalls/linux/socket_netlink_util.h:18, from test/syscalls/linux/socket_netdevice.cc:24: /usr/include/linux/if.h:226:8: error: redefinition of 'struct ifconf' struct ifconf { ^~~~~~ In file included from test/syscalls/linux/socket_netdevice.cc:18:0: /usr/include/net/if.h:176:8: note: previous definition of 'struct ifconf' struct ifconf PiperOrigin-RevId: 230381931 Change-Id: I3c422c53e50cf2b90022778599d3a8a4a61fd1a3
2019-01-18Scrub runsc error messagesFabricio Voznika
Removed "error" and "failed to" prefix that don't add value from messages. Adjusted a few other messages. In particular, when the container fail to start, the message returned is easier for humans to read: $ docker run --rm --runtime=runsc alpine foobar docker: Error response from daemon: OCI runtime start failed: <path> did not terminate sucessfully: starting container: starting root container [foobar]: starting sandbox: searching for executable "foobar", cwd: "/", $PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin": no such file or directory Closes #77 PiperOrigin-RevId: 230022798 Change-Id: I83339017c70dae09e4f9f8e0ea2e554c4d5d5cd1
2019-01-18Start a sandbox process in a new userns only if CAP_SETUID is setAndrei Vagin
In addition, it fixes a race condition in TestMultiContainerGoferStop. There are two scripts copy the same set of files into the same directory and sometime one of this command fails with EXIST. PiperOrigin-RevId: 230011247 Change-Id: I9289f72e65dc407cdcd0e6cd632a509e01f43e9c
2019-01-18runsc: create a new proc mount if the sandbox process is running in a new pidnsAndrei Vagin
PiperOrigin-RevId: 229971902 Change-Id: Ief4fac731e839ef092175908de9375d725eaa3aa
2019-01-18Display /proc/net entries for all network configurations.Rahat Mahmood
Most of the entries are stubbed out at the moment, but even those were only displayed if IPv6 support was enabled. The entries should be displayed with IPv4-support only, and with only loopback devices. PiperOrigin-RevId: 229946441 Change-Id: I18afaa3af386322787f91bf9d168ab66c01d5a4c
2019-01-17Pin containerd to v1.2.2. in integration tests.Nicolas Lacasse
We no longer need to depend on master, since v1.2.2 contains a commit to work around "malformed input path" bug: https://github.com/containerd/containerd/commit/27c6449c2c50f7e66076a4186e81aa3167e0dd5a PiperOrigin-RevId: 229790405 Change-Id: Ia93b66959e6433bf096d6742be6064c1d7ed8b18
2019-01-17Allow fsync on a directory.Nicolas Lacasse
PiperOrigin-RevId: 229781337 Change-Id: I1f946cff2771714fb1abd83a83ed454e9febda0a
2019-01-16Prevent internal tmpfs mount to override files in /tmpFabricio Voznika
Runsc wants to mount /tmp using internal tmpfs implementation for performance. However, it risks hiding files that may exist under /tmp in case it's present in the container. Now, it only mounts over /tmp iff: - /tmp was not explicitly asked to be mounted - /tmp is empty If any of this is not true, then /tmp maps to the container's image /tmp. Note: checkpoint doesn't have sentry FS mounted to check if /tmp is empty. It simply looks for explicit mounts right now. PiperOrigin-RevId: 229607856 Change-Id: I10b6dae7ac157ef578efc4dfceb089f3b94cde06
2019-01-15Create working directory if it doesn't yet existFabricio Voznika
PiperOrigin-RevId: 229438125 Change-Id: I58eb0d10178d1adfc709d7b859189d1acbcb2f22