Age | Commit message (Collapse) | Author |
|
|
|
PiperOrigin-RevId: 391331401
|
|
|
|
PiperOrigin-RevId: 391217339
|
|
|
|
This is a new kernel feature that are controlled by the net.core.mibs_allocation
sysctl.
PiperOrigin-RevId: 391215784
|
|
|
|
Otherwise, it fails with this error:
Get:3 http://security.debian.org/debian-security buster/updates InRelease
Reading package lists...
E: Repository 'http://deb.debian.org/debian buster InRelease' changed its
'Suite' value from 'stable' to 'oldstable'
PiperOrigin-RevId: 391155532
|
|
|
|
Removes package syserror and moves still relevant code to either linuxerr
or to syserr (to be later removed).
Internal errors are converted from random types to *errors.Error types used
in linuxerr. Internal errors are in linuxerr/internal.go.
PiperOrigin-RevId: 390724202
|
|
|
|
Update the start benchmark on empty to only "Start" a container, not wait
for its completion.
TL:DR only measure the actual start call for the empty container.
Previously, we were measuring the completion of /bin/true in container
alpine AND the cleanup. This was fine until profiling started failing all
the time on ptrace. This is a cost that runc is not paying.
These changes will reduce the over all timing of the benchmark, but it will
give more sane results.
Instead, use "Spawn" which is similar to `docker run --detach alpine
/bin/sleep 100`. Call sleep so containers stick around long enough
for the profiler to read profile data from them.
PiperOrigin-RevId: 390705431
|
|
|
|
Add Event controls and implement "stream" commands.
PiperOrigin-RevId: 390691702
|
|
|
|
PiperOrigin-RevId: 390659097
|
|
|
|
On Go tip (pre-1.18), http://golang.org/issue/44195 is making SA1019 mistake
uses of reflect.Value.Len for reflect.Value.InterfaceData, which is deprecated.
It is thus mistakenly raising deprecation errors on uses of reflect.Value.Len.
Suppress these errors by disabling SA1019 entirely. This is a bit overkill, but
it is unclear to me if we want hard errors on deprecation anyways. That can be
reevaluated when http://golang.org/issue/44195 is fixed.
The other staticcheck analyzers are moved to alphabetical order.
Updates golang/go#44195
PiperOrigin-RevId: 390655918
|
|
|
|
This list has gotten a little out-of-date. Note that `clockwork` used to be
used but was removed in gvisor.dev/pr/5384.
PiperOrigin-RevId: 390644841
|
|
|
|
tcpip.Endpoint.Close is documented to free all resources associated
with an endpoint so we don't need to create an empty map to clear
the multicast memberships.
PiperOrigin-RevId: 390609826
|
|
|
|
Add Usage controls and implement "usage/usagefd" commands.
PiperOrigin-RevId: 390507423
|
|
|
|
Convert remaining public errors (e.g. EINTR) from syserror to linuxerr.
PiperOrigin-RevId: 390471763
|
|
|
|
PiperOrigin-RevId: 390467957
|
|
|
|
PiperOrigin-RevId: 390463819
|
|
|
|
PiperOrigin-RevId: 390405182
|
|
|
|
PiperOrigin-RevId: 390399815
|
|
|
|
PiperOrigin-RevId: 390346783
|
|
|
|
PiperOrigin-RevId: 390318725
|
|
|
|
Send buffer size in TCP indicates the amount of bytes available for the sender
to transmit. This change will allow TCP to update the send buffer size when
- TCP enters established state.
- ACK is received.
The auto tuning is disabled when the send buffer size is set with the
SO_SNDBUF option.
PiperOrigin-RevId: 390312274
|
|
|
|
PiperOrigin-RevId: 390284683
|
|
|
|
Earlier PacketBuffer.Clone() would do a shallow top level copy of the packet
buffer - which involved sharing the *buffer.Buffer between packets. Reading
or writing to the buffer in one packet would impact the other.
This caused modifications in one packet to affect the other's pkt.Views() which
is not desired. Change the clone to do a deeper copy of the underlying buffer
list and buffer pointers. The payload buffers (which are immutable) are still
shared. This change makes the Clone() operation more expensive as we now need to
allocate the entire buffer list.
Added unit test to test integrity of packet data after cloning.
Reported-by: syzbot+7ffff9a82a227b8f2e31@syzkaller.appspotmail.com
Reported-by: syzbot+7d241de0d9072b2b6075@syzkaller.appspotmail.com
Reported-by: syzbot+212bc4d75802fa461521@syzkaller.appspotmail.com
PiperOrigin-RevId: 390277713
|
|
|
|
The dentry for each file/directory can be created/destroyed multiple
times during sandbox lifetime. We should not clear the Merkle file each
time a dentry is created.
PiperOrigin-RevId: 390277107
|
|
|
|
We were relying on children adding its name to parent's dentry to
populate parent's children list. However, this may not work since the
parent dentry could be destroyed if its reference count drops to zero.
In that case, a new dentry will be created when enabling the parent and
it does not contain the children names info. Therefore we need to
populate the child names list again to avoid missing children in the
directory.
PiperOrigin-RevId: 390270227
|
|
|
|
+ Do not check for CAP_NET_RAW on Fuchsia
Fuchsia does not support capabilities the same way Linux does. Instead
emulate the check for CAP_NET_RAW by checking if a packet socket may
be created.
Bug: https://fxbug.dev/79016, https://fxbug.dev/81592
PiperOrigin-RevId: 390263666
|