Age | Commit message (Collapse) | Author |
|
noNewPrivileges is ignored if set to false since gVisor assumes that
PR_SET_NO_NEW_PRIVS is always enabled.
PiperOrigin-RevId: 305991947
|
|
As in VFS1, we only support the user.* namespace. Plumbing is added to tmpfs
and goferfs.
Note that because of the slightly different order of checks between VFS2 and
Linux, one of the xattr tests needs to be relaxed slightly.
Fixes #2363.
PiperOrigin-RevId: 305985121
|
|
The sentry doesn't allow execve, but it's a good defense
in-depth measure.
PiperOrigin-RevId: 305958737
|
|
PiperOrigin-RevId: 305944892
|
|
PiperOrigin-RevId: 305940483
|
|
PiperOrigin-RevId: 305927989
|
|
PiperOrigin-RevId: 305922105
|
|
Continues the modifications in cl/272963663. This prevents non-syscall errors
from being propogated to kernel/task_syscall.go:ExtractErrno(), which causes a
sentry panic.
PiperOrigin-RevId: 305913127
|
|
The dependency strace=>kernel grew over time. strace also depends on
task's FD table and FSContext. It could be fixed with some interfaces
the other way, but then we're trading an interface for another, and
kernel.Stracer is likely cleaner.
Closes #155
PiperOrigin-RevId: 305909678
|
|
PiperOrigin-RevId: 305879441
|
|
It was added in cl/201419897 to deflake
socket_ip_tcp_loopback_non_blocking_test_gvisor.
It seems we don't need this hack, because the origin issue isn't
reproducible without this hack.
PiperOrigin-RevId: 305871748
|
|
PiperOrigin-RevId: 305807868
|
|
Better validate NDP NS messages and their options before doing work in
response to them. Also make sure that NA messages sent in response to
an NS use the correct IPv6 and link-layer addresses so they are
routed properly and received by the right node.
Test: stack_test.TestNeighorSolicitationResponse
PiperOrigin-RevId: 305799054
|
|
This should fix panic at aio callback.
PiperOrigin-RevId: 305798549
|
|
PiperOrigin-RevId: 305794509
|
|
Closes #2393
PiperOrigin-RevId: 305793027
|
|
Block and drain requests in io_destroy(2).
Note the reason to create read-only mapping.
PiperOrigin-RevId: 305786312
|
|
PiperOrigin-RevId: 305782490
|
|
It seems no longer necessary.
PiperOrigin-RevId: 305758572
|
|
PiperOrigin-RevId: 305751225
|
|
PiperOrigin-RevId: 305749697
|
|
PiperOrigin-RevId: 305721329
|
|
PiperOrigin-RevId: 305718392
|
|
PiperOrigin-RevId: 305699233
|
|
When a command is called as if expression, its error
code can be get only in this if block.
For example, the next script prints 0:
if ( false ); then
true
fi
echo $?
PiperOrigin-RevId: 305638629
|
|
Dereference any fields which are pointers before string formatting so that the
value pointed to ends up in the string representation.
Tested:
Added TestLayerStringFormat to
//third_party/gvisor/test/packetimpact/testbench:testbench_test
PiperOrigin-RevId: 305627821
|
|
The Linux does the same.
Reported-by: syzbot+e81716e8956e92e9d56b@syzkaller.appspotmail.com
PiperOrigin-RevId: 305625439
|
|
PiperOrigin-RevId: 305604557
|
|
PiperOrigin-RevId: 305598136
|
|
PiperOrigin-RevId: 305592245
|
|
PiperOrigin-RevId: 305588941
|
|
Determine system time from within the sentry rather than relying on the remote
filesystem to prevent inconsistencies.
Resolve related TODOs; the time discrepancies in question don't exist anymore.
PiperOrigin-RevId: 305557099
|
|
PiperOrigin-RevId: 305546584
|
|
FileDescription references are side-effectual; for example, holding a reference
on the write end of a pipe prevents reads from the read end from returning EOF.
This change is consistent with Linux, but not VFS1; while VFS1 also has this
bug, it's less visible there since VFS1 procfs disables caching.
Updates #1195
PiperOrigin-RevId: 305545099
|
|
Updates #164
PiperOrigin-RevId: 305544029
|
|
Updates #2243
|
|
This fixes a bug in the proc net directory.
Updates #2243
|
|
Updates #2243
|
|
This required minor restructuring of how system call tables were saved
and restored, but it makes way more sense this way.
Updates #2243
|
|
PiperOrigin-RevId: 305466309
|
|
SO_REUSEPORT is not properly restored:
https://github.com/google/gvisor/issues/873
PiperOrigin-RevId: 305422775
|
|
Issue #2270
Issue #1765
PiperOrigin-RevId: 305385436
|
|
Move TODO to #238 so that proper synchronization of operations is handled
when we create the urpc client.
Issue #238
Fixes #512
PiperOrigin-RevId: 305383924
|
|
Required directory checks were being skipped when there was
no child cached. Now the code always loads the child file
before unlinking it.
Updates #1198
PiperOrigin-RevId: 305382323
|
|
RFC 1122 Section 3.7: A sending TCP MUST be robust against window shrinking,
which may cause the "useable window" to become negative.
PiperOrigin-RevId: 305377072
|
|
Starting with go1.13, we can specify ambient capabilities when we execute a new
process with os/exe.Cmd.
PiperOrigin-RevId: 305366706
|
|
Check whether an fd is seekable by calling the seek syscall and
examining the return value, instead of checking the file type,
which is inaccurate.
PiperOrigin-RevId: 305361593
|
|
PiperOrigin-RevId: 305344989
|
|
We already have network namespace for netstack.
PiperOrigin-RevId: 305341954
|
|
PiperOrigin-RevId: 305341059
|