summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2019-01-28Convert outdated TODO to NOTE.Zhaozhong Ni
PiperOrigin-RevId: 231263193 Change-Id: Ib732c9639462f7994d473050495d88c2855434af
2019-01-28runsc: Only uninstall cgroup for sandbox stop.Lantao Liu
PiperOrigin-RevId: 231263114 Change-Id: I57467a34fe94e395fdd3685462c4fe9776d040a3
2019-01-28Drop the one-page limit for /proc/[pid]/{cmdline,environ}.Jamie Liu
It never actually should have applied to environ (the relevant change in Linux 4.2 is c2c0bb44620d "proc: fix PAGE_SIZE limit of /proc/$PID/cmdline"), and we claim to be Linux 4.4 now anyway. PiperOrigin-RevId: 231250661 Change-Id: I37f9c4280a533d1bcb3eebb7803373ac3c7b9f15
2019-01-25Deflake socket_stream_blocking tests.Jamie Liu
PiperOrigin-RevId: 231020482 Change-Id: Idd9168678b18d03aac473adcc40902e27e06d0a1
2019-01-25Make cacheRemoteRevalidating detect changes to file sizeFabricio Voznika
When file size changes outside the sandbox, page cache was not refreshing file size which is required for cacheRemoteRevalidating. In fact, cacheRemoteRevalidating should be skipping the cache completely since it's not really benefiting from it. The cache is cache is already bypassed for unstable attributes (see cachePolicy.cacheUAttrs). And althought the cache is called to map pages, they will always miss the cache and map directly from the host. Created a HostMappable struct that maps directly to the host and use it for files with cacheRemoteRevalidating. Closes #124 PiperOrigin-RevId: 230998440 Change-Id: Ic5f632eabe33b47241e05e98c95e9b2090ae08fc
2019-01-25Fix a nil pointer dereference bug in Container.Destroy()ShiruRen
In Container.Destroy(), we call c.stop() before calling executeHooksBestEffort(), therefore, when we call executeHooksBestEffort(c.Spec.Hooks.Poststop, c.State()) to execute the poststop hook, it results in a nil pointer dereference since it reads c.Sandbox.Pid in c.State() after the sandbox has been destroyed. To fix this bug, we can change container's status to "stopped" before executing the poststop hook. Signed-off-by: ShiruRen <renshiru2000@gmail.com> Change-Id: I4d835e430066fab7e599e188f945291adfc521ef PiperOrigin-RevId: 230975505
2019-01-25Execute statically linked binaryFabricio Voznika
Mounting lib and lib64 are not necessary anymore and simplifies the test. PiperOrigin-RevId: 230971195 Change-Id: Ib91a3ffcec4b322cd3687c337eedbde9641685ed
2019-01-25Remove O_CLOEXEC from socket test configurations where irrelevant.Jamie Liu
The implementation of O_CLOEXEC is orthogonal to every property tested by these tests; removing it significantly reduces the number of redundant tests we run. Also remove no-op calls to VecCat (calls with a single argument). PiperOrigin-RevId: 230959537 Change-Id: I83fe7db24e481ef67ca1f1992228af423f640b5c
2019-01-24Add runsc logs to test resultsFabricio Voznika
PiperOrigin-RevId: 230850177 Change-Id: I34eb24e8ff8dd9ce3e7f5eb2dc2ee58eeac49f07
2019-01-24cleanup: extract the kernel from contextAdin Scannell
Change-Id: I94704a90beebb53164325e0cce1fcb9a0b97d65c PiperOrigin-RevId: 230817308
2019-01-24Increase gofer coverage in testsFabricio Voznika
Lots of tests use /tmp for the tests. Force /tmp to be mounted over fsgofer instead of tmpfs. PiperOrigin-RevId: 230788985 Change-Id: Id6597ed88133232d15e808c48126bf77cb32673e
2019-01-24Explicitly std::move() returned std::vector<Mapping>.Jamie Liu
Otherwise, C++11-compliant compilers may select PosixErrorOr(const T&) as the relevant constructor, and fail because std::vector<Mapping> is not copyable (because Mapping is not copyable). This is a C++11 defect that is fixed in C++14 (and in C++11 mode for Clang, but not GCC). See DR 1579, http://www.open-std.org/jtc1/sc22/wg21/docs/cwg_defects.html#1579. PiperOrigin-RevId: 230767401 Change-Id: I65f481f5188d91db6cbbbd65ed0a60bc55df3401
2019-01-23Fix cases of missing braces on ifMichael Pratt
PiperOrigin-RevId: 230641540 Change-Id: Icccc3cdeec191138940f0ecea0a29798359d2b1f
2019-01-23socket_netlink_route: ignore negative port ID valuesAndrei Vagin
netlink_autobind() sets a port id to a process ID, if this address is available. Otherwise, it will set a port id to a random negative value. PiperOrigin-RevId: 230631956 Change-Id: I11692e4fe9421e77d9406627b4e7772e4d9b105a
2019-01-22Don't bind-mount runsc into a sandbox mntnsAndrei Vagin
PiperOrigin-RevId: 230437407 Change-Id: Id9d8ceeb018aad2fe317407c78c6ee0f4b47aa2b
2019-01-22gvisor/test: fix a compile time error in socket_netdeviceAndrei Vagin
Compilation of this test fails in kokoro: In file included from /usr/include/linux/netdevice.h:28:0, from /usr/include/linux/if_arp.h:26, from ./test/syscalls/linux/socket_netlink_util.h:18, from test/syscalls/linux/socket_netdevice.cc:24: /usr/include/linux/if.h:143:8: error: redefinition of 'struct ifmap' struct ifmap { ^~~~~ In file included from test/syscalls/linux/socket_netdevice.cc:18:0: /usr/include/net/if.h:111:8: note: previous definition of 'struct ifmap' struct ifmap ^~~~~ In file included from /usr/include/linux/netdevice.h:28:0, from /usr/include/linux/if_arp.h:26, from ./test/syscalls/linux/socket_netlink_util.h:18, from test/syscalls/linux/socket_netdevice.cc:24: /usr/include/linux/if.h:177:8: error: redefinition of 'struct ifreq' struct ifreq { ^~~~~ In file included from test/syscalls/linux/socket_netdevice.cc:18:0: /usr/include/net/if.h:126:8: note: previous definition of 'struct ifreq' struct ifreq ^~~~~ In file included from /usr/include/linux/netdevice.h:28:0, from /usr/include/linux/if_arp.h:26, from ./test/syscalls/linux/socket_netlink_util.h:18, from test/syscalls/linux/socket_netdevice.cc:24: /usr/include/linux/if.h:226:8: error: redefinition of 'struct ifconf' struct ifconf { ^~~~~~ In file included from test/syscalls/linux/socket_netdevice.cc:18:0: /usr/include/net/if.h:176:8: note: previous definition of 'struct ifconf' struct ifconf PiperOrigin-RevId: 230381931 Change-Id: I3c422c53e50cf2b90022778599d3a8a4a61fd1a3
2019-01-18Scrub runsc error messagesFabricio Voznika
Removed "error" and "failed to" prefix that don't add value from messages. Adjusted a few other messages. In particular, when the container fail to start, the message returned is easier for humans to read: $ docker run --rm --runtime=runsc alpine foobar docker: Error response from daemon: OCI runtime start failed: <path> did not terminate sucessfully: starting container: starting root container [foobar]: starting sandbox: searching for executable "foobar", cwd: "/", $PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin": no such file or directory Closes #77 PiperOrigin-RevId: 230022798 Change-Id: I83339017c70dae09e4f9f8e0ea2e554c4d5d5cd1
2019-01-18Start a sandbox process in a new userns only if CAP_SETUID is setAndrei Vagin
In addition, it fixes a race condition in TestMultiContainerGoferStop. There are two scripts copy the same set of files into the same directory and sometime one of this command fails with EXIST. PiperOrigin-RevId: 230011247 Change-Id: I9289f72e65dc407cdcd0e6cd632a509e01f43e9c
2019-01-18runsc: create a new proc mount if the sandbox process is running in a new pidnsAndrei Vagin
PiperOrigin-RevId: 229971902 Change-Id: Ief4fac731e839ef092175908de9375d725eaa3aa
2019-01-18Display /proc/net entries for all network configurations.Rahat Mahmood
Most of the entries are stubbed out at the moment, but even those were only displayed if IPv6 support was enabled. The entries should be displayed with IPv4-support only, and with only loopback devices. PiperOrigin-RevId: 229946441 Change-Id: I18afaa3af386322787f91bf9d168ab66c01d5a4c
2019-01-17Pin containerd to v1.2.2. in integration tests.Nicolas Lacasse
We no longer need to depend on master, since v1.2.2 contains a commit to work around "malformed input path" bug: https://github.com/containerd/containerd/commit/27c6449c2c50f7e66076a4186e81aa3167e0dd5a PiperOrigin-RevId: 229790405 Change-Id: Ia93b66959e6433bf096d6742be6064c1d7ed8b18
2019-01-17Allow fsync on a directory.Nicolas Lacasse
PiperOrigin-RevId: 229781337 Change-Id: I1f946cff2771714fb1abd83a83ed454e9febda0a
2019-01-16Prevent internal tmpfs mount to override files in /tmpFabricio Voznika
Runsc wants to mount /tmp using internal tmpfs implementation for performance. However, it risks hiding files that may exist under /tmp in case it's present in the container. Now, it only mounts over /tmp iff: - /tmp was not explicitly asked to be mounted - /tmp is empty If any of this is not true, then /tmp maps to the container's image /tmp. Note: checkpoint doesn't have sentry FS mounted to check if /tmp is empty. It simply looks for explicit mounts right now. PiperOrigin-RevId: 229607856 Change-Id: I10b6dae7ac157ef578efc4dfceb089f3b94cde06
2019-01-15Create working directory if it doesn't yet existFabricio Voznika
PiperOrigin-RevId: 229438125 Change-Id: I58eb0d10178d1adfc709d7b859189d1acbcb2f22
2019-01-15test: Tag tcp_test as flaky.Kevin Krakauer
PiperOrigin-RevId: 229427852 Change-Id: I9de8ed63f4a7672dacd3b282c863c599d00acd52
2019-01-15Set end of subslice as begin of next subsliceYong He
syscall test split testcase via shard count, reset high bound as begin of next subslice, cause the slice is half-open range. Change-Id: I1954f57c93cbfd9be518153315da305a2de377a0 PiperOrigin-RevId: 229405199
2019-01-14Remove fs.Handle, ramfs.Entry, and all the DeprecatedFileOperations.Nicolas Lacasse
More helper structs have been added to the fsutil package to make it easier to implement fs.InodeOperations and fs.FileOperations. PiperOrigin-RevId: 229305982 Change-Id: Ib6f8d3862f4216745116857913dbfa351530223b
2019-01-14Fix a few compilation warningsAndrei Vagin
test/syscalls/linux/wait.cc:626:8: warning: lambda capture 'this' is not used 302 [this, stack] { ASSERT_THAT(FreeStack(stack), SyscallSucceeds()); }); 303 ^~~~~ test/syscalls/linux/priority.cc:195:17: warning: lambda capture 'kParentPriority' is not required to be captured for this use 273 ScopedThread([kParentPriority, kChildPriority]() { 274 ^~~~~~~~~~~~~~~~ PiperOrigin-RevId: 229275900 Change-Id: I6f0c88efc7891c6c729378a2fa70f70b1b9046a7
2019-01-14runsc: set up a minimal chroot from the sandbox processAndrei Vagin
In this case, new mounts are not created in the host mount namspaces, so tearDownChroot isn't needed, because chroot will be destroyed with a sandbox mount namespace. In additional, pivot_root can't be called instead of chroot. PiperOrigin-RevId: 229250871 Change-Id: I765bdb587d0b8287a6a8efda8747639d37c7e7b6
2019-01-14netstack: release port inline for listening sockets only.Zhaozhong Ni
PiperOrigin-RevId: 229243918 Change-Id: Ie14ef34e66ae851ed080f57b7d26a369a66f7664
2019-01-14Deflake RecvLessThanBufferWaitAll.Ian Gudger
PiperOrigin-RevId: 229238781 Change-Id: Ib5a1e46293583efcb09e255fcd400c3fcc53ef1b
2019-01-14Automated rollback of changelist 228945914Nicolas Lacasse
PiperOrigin-RevId: 229214698 Change-Id: Ib4ea2e330e61ee34bf913938d6120a52ecc38ce1
2019-01-11Internal change.Googler
PiperOrigin-RevId: 228979583 Change-Id: I69bd82def48ceb19bc8558c890622b8528d98764
2019-01-11Clean up some uses of fork() in tests.Jamie Liu
- Fix a few cases where async-signal-unsafe code is executed in a forked process pre-execve. - Ensure that the return value of fork() is always checked. PiperOrigin-RevId: 228949310 Change-Id: I3096cb7d7394b8d9ab81b0e0245f2060713ef589
2019-01-11Require CAP_SYS_CHROOT in ChrootTest.ProcMountsMountinfoNoEscape.Jamie Liu
PiperOrigin-RevId: 228949227 Change-Id: I8f47bcd56aab706081218ec7498af8049ccd6d63
2019-01-11Make syscall_test_runner binary testonly.Nicolas Lacasse
PiperOrigin-RevId: 228945914 Change-Id: Idfa0a3c27434655b5f9ac241f1726e0bc9ef0392
2019-01-11Update readme to say that 'kubectl cp' worksFabricio Voznika
PiperOrigin-RevId: 228904169 Change-Id: I948f417d1336cb69c5733b142c53850507432fda
2019-01-11runsc: Collect zombies of sandbox and gofer processesAndrei Vagin
And we need to wait a gofer process before cgroup.Uninstall, because it is running in the sandbox cgroups. PiperOrigin-RevId: 228904020 Change-Id: Iaf8826d5b9626db32d4057a1c505a8d7daaeb8f9
2019-01-10Define name earlierMichael Pratt
PiperOrigin-RevId: 228805981 Change-Id: I4f4c4a5d8de325dff38f6dfb92108fc848d823fd
2019-01-10Fixing select call to not enforce RLIMIT_NOFILE.Zach Koopmans
Removing check to RLIMIT_NOFILE in select call. Adding unit test to select suite to document behavior. Moving setrlimit class from mlock to a util file for reuse. Fixing flaky test based on comments from Jamie. PiperOrigin-RevId: 228726131 Change-Id: Ie9dbe970bbf835ba2cca6e17eec7c2ee6fadf459
2019-01-09Minor memevent fixes.Jamie Liu
- Call MemoryEvents.done.Add(1) outside of MemoryEvents.run() so that if MemoryEvents.Stop() => MemoryEvents.done.Wait() is called before the goroutine starts running, it still waits for the goroutine to stop. - Use defer to call MemoryEvents.done.Done() in MemoryEvents.run() so that it's called even if the goroutine panics. PiperOrigin-RevId: 228623307 Change-Id: I1b0459e7999606c1a1a271b16092b1ca87005015
2019-01-09Avoid $(location) in syscall tests.Nicolas Lacasse
Instead just find the syscall_test_runner binary in the shell script. PiperOrigin-RevId: 228621230 Change-Id: I274ee0874e47d53f59474b1ac730ee45e3dff977
2019-01-09Make CooperativeSaveEnabled() async-signal-safe(r).Jamie Liu
The static local variable `enabled` in CooperativeSaveEnabled() is not initialized until the first call to CooperativeSaveEnabled(), per the C++14 standard, section 6.7 ("Declaration statement"), paragraph 4. This initialization is thread-safe as of C++11, but it is *not* required to be async-signal-safe. Use a namespace-scope variable instead, since this is guaranteed to be zero-initialized before main() by section 3.6.2 ("Initialization of non-local variables"). getenv() is technically not async-signal-safe either, hence the hedging in the change summary line. However, glibc's implementation of getenv() appears to be async-signal-safe in the absence of calls to setenv(). PiperOrigin-RevId: 228588617 Change-Id: I669f555d1c91352d55c606970bb237ec888fa7ca
2019-01-09Allow to specify a custom path to runsc for syscall-test-runnerAndrei Vagin
PiperOrigin-RevId: 228574092 Change-Id: Id93abcca1ce964eb595907df9355702d469bc33b
2019-01-09Fix lock order violation.Nicolas Lacasse
overlayFileOperations.Readdir was holding overlay.copyMu while calling DirentReaddir, which then attempts to take take the corresponding Dirent.mu, causing a lock order violation. (See lock order documentation in fs/copy_up.go.) We only actually need to hold copyMu during readdirEntries(), so holding the lock is moved in there, thus avoiding the lock order violation. A new lock was added to protect overlayFileOperations.dirCache. We were inadvertently relying on copyMu to protect this. There is no reason it should not have its own lock. PiperOrigin-RevId: 228542473 Change-Id: I03c3a368c8cbc0b5a79d50cc486fc94adaddc1c2
2019-01-09Restore to original cgroup after sandbox and gofer processes are createdFabricio Voznika
The original code assumed that it was safe to join and not restore cgroup, but Container.Run will not exit after calling start, making cgroup cleanup fail because there were still processes inside the cgroup. PiperOrigin-RevId: 228529199 Change-Id: I12a48d9adab4bbb02f20d71ec99598c336cbfe51
2019-01-08Allow MSG_OOB and MSG_DONTROUTE to be no-ops on recvmsg(2).Brian Geffon
PiperOrigin-RevId: 228428223 Change-Id: I433ba5ffc15ea4c2706ec944901b8269b1f364f8
2019-01-08Enable proc/self/fd test on linux and disable only on gvisor.Brian Geffon
PiperOrigin-RevId: 228403149 Change-Id: Iab212e49d9eb27d785bddc9fd447835ce8c485ae
2019-01-08Improve loader related error messages returned to users.Brian Geffon
PiperOrigin-RevId: 228382827 Change-Id: Ica1d30e0df826bdd77f180a5092b2b735ea5c804
2019-01-08Grant no initial capabilities to non-root UIDs.Jamie Liu
See modified comment in auth.NewUserCredentials(); compare to the behavior of setresuid(2) as implemented by //pkg/sentry/kernel/task_identity.go:kernel.Task.setKUIDsUncheckedLocked(). PiperOrigin-RevId: 228381765 Change-Id: I45238777c8f63fcf41b99fce3969caaf682fe408