summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2020-05-01Merge release-20200422.0-10-ge7b8a71 (automated)gVisor bot
2020-05-01Internal change.gVisor bot
PiperOrigin-RevId: 309467878
2020-05-01Merge release-20200422.0-9-g82bae30 (automated)gVisor bot
2020-05-01Port netstack, hostinet, and netlink sockets to VFS2.Dean Deng
All three follow the same pattern: 1. Refactor VFS1 sockets into socketOpsCommon, so that most of the methods can be shared with VFS2. 2. Create a FileDescriptionImpl with the corresponding socket operations, rewriting the few that cannot be shared with VFS1. 3. Set up a VFS2 socket provider that creates a socket by setting up a dentry in the global Kernel.socketMount and connecting it with a new FileDescription. This mostly completes the work for porting sockets to VFS2, and many syscall tests can be enabled as a result. There are several networking-related syscall tests that are still not passing: 1. net gofer tests 2. socketpair gofer tests 2. sendfile tests (splice is not implemented in VFS2 yet) Updates #1478, #1484, #1485 PiperOrigin-RevId: 309457331
2020-05-01Merge release-20200422.0-8-g8962b78 (automated)gVisor bot
2020-04-30Enable FIFO QDisc by default in runsc.Bhasker Hariharan
Updates #231 PiperOrigin-RevId: 309339316
2020-04-30Merge release-20200422.0-7-gae15d90 (automated)gVisor bot
2020-04-30FIFO QDisc implementationBhasker Hariharan
Updates #231 PiperOrigin-RevId: 309323808
2020-04-30Merge release-20200422.0-6-g01beec3 (automated)gVisor bot
2020-04-30Add gofer.InternalFilesystemOptions.LeakConnection.Jamie Liu
PiperOrigin-RevId: 309317605
2020-04-30Merge release-20200422.0-5-gbae30a0 (automated)gVisor bot
2020-04-30Implement waiter.Waitable methods on VFS2 host inodes.Nicolas Lacasse
This fixes bash in Ubuntu. Updates #1672. PiperOrigin-RevId: 309298252
2020-04-30Merge release-20200413.0-29-gc01e103 (automated)gVisor bot
2020-04-30Allow to run kvm syscall tests on the RBE clusterAndrei Vagin
PiperOrigin-RevId: 309265978
2020-04-30Merge release-20200413.0-28-g043b7d8 (automated)gVisor bot
2020-04-30Prefer temporary addressesGhanan Gowripalan
Implement rule 7 of Source Address Selection RFC 6724 section 5. This makes temporary (short-lived) addresses preferred over non-temporary addresses when earlier rules are equal. Test: stack_test.TestIPv6SourceAddressSelectionScopeAndSameAddress PiperOrigin-RevId: 309250975
2020-04-30Merge release-20200413.0-27-g442fde4 (automated)gVisor bot
2020-04-30Fix proc net bugs in VFS2.Dean Deng
The /proc/net/udp header was missing, and /proc/sys/net was set up as /proc/sys/net/net. Discovered while trying to run networking tests for VFS2. PiperOrigin-RevId: 309243758
2020-04-30Merge release-20200413.0-26-g4875cda (automated)gVisor bot
2020-04-30Make tcp_close_wait_ack_test more accurateZeling Feng
Previously the test used an out-dated window size which is advertised during the handshake to generate testing packets, but the window size has changed since the handshake; currently it is using the most recent one which is advertised in DUT's ACK to our FIN packet to generate the testing outside-the-window packets. PiperOrigin-RevId: 309222921
2020-04-30Merge release-20200413.0-25-g44a5764 (automated)gVisor bot
2020-04-30make_repository.sh has to print only the repo path on stdoutAndrei Vagin
PiperOrigin-RevId: 309176385
2020-04-29Merge release-20200413.0-24-gef94401 (automated)gVisor bot
2020-04-29Add read/write timeouts for VFS2 socket files.Dean Deng
Updates #1476 PiperOrigin-RevId: 309098590
2020-04-29Merge release-20200413.0-23-ga105d18 (automated)gVisor bot
2020-04-29iptables: don't pollute logsKevin Krakauer
The netfilter package uses logs to make debugging the (de)serialization of structs easier. This generates a lot of (usually irrelevant) logs. Logging is now hidden behind a debug flag. PiperOrigin-RevId: 309087115
2020-04-29Merge release-20200413.0-22-gd5c34ba (automated)gVisor bot
2020-04-29Merge pull request #2487 from moricho:fix/bindmountgVisor bot
PiperOrigin-RevId: 309082540
2020-04-29Merge release-20200413.0-18-gce19497 (automated)gVisor bot
2020-04-28Fix Unix socket permissions.Dean Deng
Enforce write permission checks in BoundEndpointAt, which corresponds to the permission checks in Linux (net/unix/af_unix.c:unix_find_other). Also, create bound socket files with the correct permissions in VFS2. Fixes #2324. PiperOrigin-RevId: 308949084
2020-04-29Merge release-20200413.0-17-g24abccb (automated)gVisor bot
2020-04-28Internal change.gVisor bot
PiperOrigin-RevId: 308940886
2020-04-29Merge release-20200413.0-16-gf93f2fd (automated)gVisor bot
2020-04-28Deduplicate unix socket Release() method.Dean Deng
PiperOrigin-RevId: 308932254
2020-04-28Merge release-20200413.0-15-g37a59bc (automated)gVisor bot
2020-04-28Support IPv6 Privacy Extensions for SLAACGhanan Gowripalan
Support generating temporary (short-lived) IPv6 SLAAC addresses to address privacy concerns outlined in RFC 4941. Tests: - stack_test.TestAutoGenTempAddr - stack_test.TestNoAutoGenTempAddrForLinkLocal - stack_test.TestAutoGenTempAddrRegen - stack_test.TestAutoGenTempAddrRegenTimerUpdates - stack_test.TestNoAutoGenTempAddrWithoutStableAddr - stack_test.TestAutoGenAddrInResponseToDADConflicts PiperOrigin-RevId: 308915566
2020-04-28Merge release-20200413.0-14-g6472347 (automated)gVisor bot
2020-04-28Use existing bazeldefs with top-level BUILD file.Adin Scannell
PiperOrigin-RevId: 308901116
2020-04-28Merge release-20200413.0-13-g4282260 (automated)gVisor bot
2020-04-28Don't unlink named pipes in pipe test.Jamie Liu
TempPath's destructor runs at the end of the named pipe creation functions, deleting the named pipe. If the named pipe is backed by a "non-virtual" filesystem (!fs.Inode.IsVirtual()), this causes the following save attempt to fail because there are FDs holding the deleted named pipe open. PiperOrigin-RevId: 308861999
2020-04-28Merge release-20200413.0-12-gceb3c0e (automated)gVisor bot
2020-04-28Merge pull request #2558 from prattmic:forward_signalgVisor bot
PiperOrigin-RevId: 308829800
2020-04-28Merge release-20200413.0-10-gf3ca5ca (automated)gVisor bot
2020-04-28Support pipes and sockets in VFS2 gofer fs.Dean Deng
Named pipes and sockets can be represented in two ways in gofer fs: 1. As a file on the remote filesystem. In this case, all file operations are passed through 9p. 2. As a synthetic file that is internal to the sandbox. In this case, the dentry stores an endpoint or VFSPipe for sockets and pipes respectively, which replaces interactions with the remote fs through the gofer. In gofer.filesystem.MknodAt, we attempt to call mknod(2) through 9p, and if it fails, fall back to the synthetic version. Updates #1200. PiperOrigin-RevId: 308828161
2020-04-28Merge release-20200413.0-9-g316394e (automated)gVisor bot
2020-04-27Merge pull request #2544 from prattmic:runsc_do_cleanupgVisor bot
PiperOrigin-RevId: 308727526
2020-04-27Merge release-20200413.0-7-g1c2ecbb (automated)gVisor bot
2020-04-27Import host sockets.Dean Deng
The FileDescription implementation for hostfs sockets uses the standard Unix socket implementation (unix.SocketVFS2), but is also tied to a hostfs dentry. Updates #1672, #1476 PiperOrigin-RevId: 308716426
2020-04-27Merge release-20200323.0-258-g8f42cbf (automated)gVisor bot
2020-04-27Reduce flakiness in tcp_test.Bhasker Hariharan
Poll for metric updates as immediately trying to read them can sometimes be flaky if due to goroutine scheduling the check happens before the sender has got a chance to update the corresponding sent metric. PiperOrigin-RevId: 308712817