summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2018-05-15Simplify KVM invalidation logic.Adin Scannell
PiperOrigin-RevId: 196780209 Change-Id: I89f39eec914ce54a7c6c4f28e1b6d5ff5a7dd38d
2018-05-15Simplify KVM state handling.Adin Scannell
This also removes the dependency on tmutex. PiperOrigin-RevId: 196764317 Change-Id: I523fb67454318e1a2ca9da3a08e63bfa3c1eeed3
2018-05-15sentry: Replaces saving of inet.Stack with retrieval via context.Kevin Krakauer
Previously, inet.Stack was referenced in 2 structs in sentry/socket that can be saved/restored. If an app is saved and restored on another machine, it may try to use the old stack, which will have been replaced by a new stack on the new machine. PiperOrigin-RevId: 196733985 Change-Id: I6a8cfe73b5d7a90749734677dada635ab3389cb9
2018-05-15Fix problem with sendfile(2) writing less dataFabricio Voznika
When the amount of data read is more than the amount written, sendfile would not adjust 'in file' position and would resume from the wrong location. Closes #33 PiperOrigin-RevId: 196731287 Change-Id: Ia219895dd765016ed9e571fd5b366963c99afb27
2018-05-15Refactor the Sandbox package into Sandbox + Container.Nicolas Lacasse
This is a necessary prerequisite for supporting multiple containers in a single sandbox. All the commands (in cmd package) now call operations on Containers (container package). When a Container first starts, it will create a Sandbox with the same ID. The Sandbox class is now simpler, as it only knows how to create boot/gofer processes, and how to forward commands into the running boot process. There are TODOs sprinkled around for additional support for multiple containers. Most notably, we need to detect when a container is intended to run in an existing sandbox (by reading the metadata), and then have some way to signal to the sandbox to start a new container. Other urpc calls into the sandbox need to pass the container ID, so the sandbox can run the operation on the given container. These are only half-plummed through right now. PiperOrigin-RevId: 196688269 Change-Id: I1ecf4abbb9dd8987a53ae509df19341aaf42b5b0
2018-05-14Disable INVPCID check; it's not used.Adin Scannell
PiperOrigin-RevId: 196615029 Change-Id: Idfa383a9aee6a9397167a4231ce99d0b0e5b9912
2018-05-14Make KVM system call first check.Adin Scannell
PiperOrigin-RevId: 196613447 Change-Id: Ib76902896798f072c3031b0c5cf7b433718928b7
2018-05-14Simplify KVM host map handling.Adin Scannell
PiperOrigin-RevId: 196611084 Change-Id: I6afa6b01e1dcd2aa9776dfc0f910874cc6b8d72c
2018-05-14Ignore spurious KVM emulation failures.Adin Scannell
PiperOrigin-RevId: 196609789 Change-Id: Ie261eea3b7fa05b6c348ca93e229de26cbd4dc7d
2018-05-11sentry: Adds canonical mode support.Kevin Krakauer
PiperOrigin-RevId: 196331627 Change-Id: Ifef4485f8202c52481af317cedd52d2ef48cea6a
2018-05-11netstack: TCP connecting state endpoint save / restore support.Zhaozhong Ni
PiperOrigin-RevId: 196325647 Change-Id: I850eb4a29b9c679da4db10eb164bbdf967690663
2018-05-11netstack: release rcv lock after ping socket save is done.Zhaozhong Ni
PiperOrigin-RevId: 196324694 Change-Id: Ia3a48976433f21622eacb4a38fefe7143ca5e31b
2018-05-11Remove error return from AddressSpace.Release()Michael Pratt
PiperOrigin-RevId: 196291289 Change-Id: Ie3487be029850b0b410b82416750853a6c4a2b00
2018-05-11Implement MAP_32BIT.Jamie Liu
PiperOrigin-RevId: 196281052 Change-Id: Ie620a0f983a1bf2570d0003d4754611879335c1c
2018-05-11Update README to point to nightly builds.Nicolas Lacasse
The "install from source" section is moved under "advanced" header, right before the testing section. PiperOrigin-RevId: 196271666 Change-Id: I653ac0a2fa4661c96a0cb3daf3528c2109fed8d7
2018-05-10Fix failure to rename directoryFabricio Voznika
os.Rename validates that the target doesn't exist, which is different from syscall.Rename which replace the target if both are directories. fsgofer needs the syscall behavior. PiperOrigin-RevId: 196194630 Change-Id: I87d08cad88b5ef310b245cd91647c4f5194159d8
2018-05-10Display the current git revision in the info blockChanwit Kaewkasi
Change-Id: I9737cc680968033ba82c95bb04cc482fcaa12642 PiperOrigin-RevId: 196192683
2018-05-10Skip atime and mtime update when file is backed by host FDFabricio Voznika
When file is backed by host FD, atime and mtime for the host file and the cached attributes in the Sentry must be close together. In this case, the call to update atime and mtime can be skipped. This is important when host filesystem is using overlay because updating atime and mtime explicitly forces a copy up for every file that is touched. PiperOrigin-RevId: 196176413 Change-Id: I3933ea91637a071ba2ea9db9d8ac7cdba5dc0482
2018-05-10Make cachePolicy int to avoid string comparisonFabricio Voznika
PiperOrigin-RevId: 196157086 Change-Id: Ia7f7ffe1bf486b21ef8091e2e8ef9a9faf733dfc
2018-05-10Fix nightly release upload path.Nicolas Lacasse
The "nightly/latest" was duplicated. PiperOrigin-RevId: 196156453 Change-Id: Iccac65d870f3eb44c4bd97bcbed5cc436cb1d3c9
2018-05-10Open file as read-write when mount points to a fileFabricio Voznika
This is to allow files mapped directly, like /etc/hosts, to be writable. Closes #40 PiperOrigin-RevId: 196155920 Change-Id: Id2027e421cef5f94a0951c3e18b398a77c285bbd
2018-05-10Upload the nightly release to a "nightly/latest" bucket for easy download.Nicolas Lacasse
We also upload to a path with the current date, so that previous builds are archived. Since these builds only include the date (and not time) their links are somewhat discoverable as well. PiperOrigin-RevId: 196147475 Change-Id: I54792d7a4ba2a7af24a51cd9b9f153c7744b310b
2018-05-10Put the http dependencies first in the WORKSPACE file.Nicolas Lacasse
PiperOrigin-RevId: 196131690 Change-Id: I3a4eec0dcca654380ea229e3ae388ca416200110
2018-05-10Build nightly runsc releases with Kokoro.Nicolas Lacasse
PiperOrigin-RevId: 196129010 Change-Id: I655eb3eecf24ffff475b3882ec55a8b55e6d2f36
2018-05-10Use the go_repository rule from the Gazelle repo.Nicolas Lacasse
The one from rules_go is being deprecated. PiperOrigin-RevId: 196128132 Change-Id: I7a4ab32696a1bcd221b0585b7a4e8109462a3609
2018-05-09Cache symlinks in addition to files and directories.Nicolas Lacasse
PiperOrigin-RevId: 196051326 Change-Id: I4195b110e9a7d38d1ce1ed9c613971dea1be3bf0
2018-05-09Small readme tweak.Nicolas Lacasse
Change-Id: Ibbb94cfd901d72d879657aca38bf3db1580f0d62 PiperOrigin-RevId: 196043734
2018-05-09Increment link count in CreateHardlinkFabricio Voznika
Closes #28 PiperOrigin-RevId: 196041391 Change-Id: I5d79f1735b9d72744e8bebc6897002b27df9aa7a
2018-05-09Return better errors from Docker when runsc fails to start.Nicolas Lacasse
Two changes in this CL: First, make the "boot" process sleep when it encounters an error to give the controller time to send the error back to the "start" process. Otherwise the "boot" process exits immediately and the control connection errors with EOF. Secondly, open the log file with O_APPEND, not O_TRUNC. Docker uses the same log file for all runtime commands, and setting O_TRUNC causes them to get destroyed. Furthermore, containerd parses these log files in the event of an error, and it does not like the file being truncated out from underneath it. Now, when trying to run a binary that does not exist in the image, the error message is more reasonable: $ docker run alpine /not/found docker: Error response from daemon: OCI runtime start failed: /usr/local/google/docker/runtimes/runscd did not terminate sucessfully: error starting sandbox: error starting application [/not/found]: failed to create init process: no such file or directory Fixes #32 PiperOrigin-RevId: 196027084 Change-Id: Iabc24c0bdd8fc327237acc051a1655515f445e68
2018-05-09Internal change.Googler
PiperOrigin-RevId: 195980843 Change-Id: I066f9696b69e92e144c2c8d2c2aa52c546df94fb
2018-05-08state: serialize string as bytes instead of protobuf string.Zhaozhong Ni
Protobuf strings have to be UTF-8 encoded or 7-bit ASCII. PiperOrigin-RevId: 195902557 Change-Id: I9800afd47ecfa6615e28a2cce7f2532f04f10763
2018-05-08Implement /proc/[pid]/statm.Jamie Liu
PiperOrigin-RevId: 195893391 Change-Id: I645b7042d7f4f9dd54723afde3e5df0986e43160
2018-05-08Bump Bazel rules_go to v0.12.0, and Go toolchain to v1.10.2Nicolas Lacasse
PiperOrigin-RevId: 195866234 Change-Id: I81404d44a45b41c6cb81f83bd7b7a8d8493f5c98
2018-05-08Capture restore file system corruption errors in exit error.Zhaozhong Ni
PiperOrigin-RevId: 195850822 Change-Id: I4d7bdd8fe129c5ed461b73e1d7458be2cf5680c2
2018-05-08Correct definition of SysV IPC structures.Jamie Liu
PiperOrigin-RevId: 195849066 Change-Id: If2146c7ce649522f86e661c5e52a9983345d6967
2018-05-08Use the containerd annotation instead of detecting the "pause" application.Nicolas Lacasse
FIXED=72380268 PiperOrigin-RevId: 195846596 Change-Id: Ic87fed1433482a514631e1e72f5ee208e11290d1
2018-05-08Error if container requires AppArmor, SELinux or seccompFabricio Voznika
Closes #35 PiperOrigin-RevId: 195840128 Change-Id: I31c1ad9b51ec53abb6f0b485d35622d4e9764b29
2018-05-08Sentry: always use "best speed" compression for save and remove the option.Zhaozhong Ni
PiperOrigin-RevId: 195835861 Change-Id: Ib696b1b571a6b061725a33c535cd7215fe518b97
2018-05-08Reword misleading log lineIan Gudger
PiperOrigin-RevId: 195834310 Change-Id: I8af748f75ab87ad1cd29c4c8904d07fd729ba6c9
2018-05-08Fix warning: redundant if ...; err != nil check, just return error instead.Ian Gudger
This warning is produced by golint. PiperOrigin-RevId: 195833381 Change-Id: Idd6a7e57e3cfdf00819f2374b19fc113585dc1e1
2018-05-08Fix format string type in testIan Gudger
PiperOrigin-RevId: 195831778 Change-Id: I413dc909cedc18fbf5320a4f75d876f1be133c6c
2018-05-07Fix misspellingsIan Gudger
PiperOrigin-RevId: 195742598 Change-Id: Ibd4a8e4394e268c87700b6d1e50b4b37dfce5182
2018-05-07tools/go_generics: fix typo in documentation of the type flagTravis McDemus
PiperOrigin-RevId: 195742471 Change-Id: I114657f9238675da23461817ca542bdcb81312c2
2018-05-07Improve consistency in go_stateify file generationIan Gudger
This also fixes the go_vet warning: error: Fprintln call ends with newline (vet) PiperOrigin-RevId: 195738471 Change-Id: Ic7a9df40eec1457ef03e6ee70872c497a676b53c
2018-05-07Improve consistency of github templatesIan Gudger
PiperOrigin-RevId: 195735915 Change-Id: If4dcd836c3cf9da7c314b95101b23f95ff0eb234
2018-05-07Add generated file.Adin Scannell
PiperOrigin-RevId: 195706470 Change-Id: Ia146119f04d92d559f58a6bab133d9da97e054c9
2018-05-07Make bug template more readable in edit modeFabricio Voznika
When editing the bug, the rendered view of the tags don't show up. This format is easier to read. PiperOrigin-RevId: 195697019 Change-Id: If9bb818b7ecd28bb87608a52b3343d488144ebfd
2018-05-05Remove dead code in urpcIan Gudger
PiperOrigin-RevId: 195525267 Change-Id: I7a5ef31365cb0c55c462deb9bdbec092473ebc6b
2018-05-05Note architecture and Linux version requirementsMichael Pratt
PiperOrigin-RevId: 195522238 Change-Id: I0107f856bea72ea6af8b196c1c13bafbc293ce95
2018-05-04Remove ineffectual code in sentry ELF loaderIan Gudger
PiperOrigin-RevId: 195517702 Change-Id: Id90309a6365cac06e68e8774aa79dc76ce1b11c7