Age | Commit message (Collapse) | Author |
|
The run-benchmark target would run the benchmark with VFS1.
PiperOrigin-RevId: 362754188
|
|
By default, fusefs defers node permission checks to the server. The
default_permissions mount option enables the usual unix permission
checks based on the node owner and mode bits. Previously fusefs was
incorrectly checking permissions unconditionally.
Additionally, fusefs should restrict filesystem access to processes
started by the mount owner to prevent the fuse daemon from gaining
priviledge over other processes. The allow_other mount option
overrides this behaviour. Previously fusefs was incorrectly skipping
this check.
Updates #3229
PiperOrigin-RevId: 362419092
|
|
This is replaced with a straight call to bazel. Unfortunately,
the built gazelle target requires a bazel installation to run
anyways.
PiperOrigin-RevId: 355211990
|
|
PiperOrigin-RevId: 354991724
|
|
Updates #5273
PiperOrigin-RevId: 352088736
|
|
PiperOrigin-RevId: 351906812
|
|
PiperOrigin-RevId: 351632484
|
|
If the release directory is a parent directory (for reasons), then this causes
a few problems (to say the least).
PiperOrigin-RevId: 351515882
|
|
gvisor-containerd-shim is not compatible with containerd 1.1 or earlier.
Starting from containerd 1.2, shim v2 is the preferred interface.
PiperOrigin-RevId: 351485556
|
|
This requires several changes:
* Templates must preserve relevant tags.
* Pagetables templates are split into two targets, each preserving tags.
* The binary VDSO is similarly split into two targets, with some juggling.
* The top level tools/go_branch.sh now does a crossbuild of ARM64 as well,
and checks and merges the results of the two branches together.
Fixes #5178
PiperOrigin-RevId: 351304330
|
|
This change works around an issue in rules_pkg, described here:
https://github.com/bazelbuild/rules_pkg/pull/263
PiperOrigin-RevId: 350869030
|
|
This was not being tested as part of the unit test workflows, and thus was
not being hit normally. These tests are also added to the unit tests target.
PiperOrigin-RevId: 350766814
|
|
make BAZEL_CONFIG=aarch64 arm-qemu-smoke-test
Signed-off-by: Andrei Vagin <avagin@gmail.com>
|
|
PiperOrigin-RevId: 350509137
|
|
This allows us to link directly to profiling results from
the build results. The code uses the standard pprof http
server, exported from the Cloud Run instance.
PiperOrigin-RevId: 350440910
|
|
This includes minor fix-ups:
* Handle SIGTERM in runsc debug, to exit gracefully.
* Fix cmd.debug.go opening all profiles as RDONLY.
* Fix the test name in fio_test.go, and encode the block size in the test.
PiperOrigin-RevId: 350205718
|
|
This change cleans up some minor Makefile issues, and adds support for
BuildKite annotations on failure and on profiles being generated. These
annotations will make failures very clear and link to the artifacts.
This change is a stepping stone for aggregating coverage data from all
individual test jobs, as this will also happen in .buildkite/annotate.sh.
PiperOrigin-RevId: 349606598
|
|
If not set, the cached result is used even when runtime options
are changed, because they are not visible to blaze/bazel.
PiperOrigin-RevId: 348074339
|
|
PiperOrigin-RevId: 347864621
|
|
These are not passing arguments properly. This breaks the current
pre-command for BuildKite.
PiperOrigin-RevId: 347062729
|
|
Fix 'run' function call so that parameters are passed properly to the function.
PiperOrigin-RevId: 346929952
|
|
Recursive make is difficult to follow and debug. Drop this by using
internal functions, which, while difficult, are easier than trying to
following recursive invokations.
Further simplify the Makefile by collapsing the image bits and removing
the tools/vm directory, which is effectively unused.
Fixes #4952
PiperOrigin-RevId: 346569133
|
|
PiperOrigin-RevId: 346101076
|
|
PiperOrigin-RevId: 345764404
|
|
make load-benchmarks-images is empty with the deleted line.
PiperOrigin-RevId: 345741855
|
|
PiperOrigin-RevId: 345564927
|
|
PiperOrigin-RevId: 345399936
|
|
This change also simplifies and documents the build_cmd pipeline, and
reduces general noise for debugging Makefile issues.
It also drops the mapping for /etc/docker/daemon.json, which if it
does not exist initially will create this as a directory (causing lots
of confusion and breaks).
PiperOrigin-RevId: 343932456
|
|
This causes some networking related tests to take a very long time.
Upon failure, tests can be manually run with debug flags to debug. As is the
strace logs are not available from a test run.
PiperOrigin-RevId: 342156294
|
|
PiperOrigin-RevId: 341757694
|
|
PiperOrigin-RevId: 341667792
|
|
PiperOrigin-RevId: 341531230
|
|
PiperOrigin-RevId: 341132662
|
|
This will allow us to run massive runtime tests live java to run in parallel
across multiple jobs.
PiperOrigin-RevId: 340956246
|
|
PiperOrigin-RevId: 340941898
|
|
Fixes #4613.
PiperOrigin-RevId: 339746784
|
|
Also fixes the docker_image bazel rule, and website-server make target.
Fixes #3273
PiperOrigin-RevId: 338606668
|
|
Using the newer bazel rules necessitates a transition from proto1 to
proto2. In order to resolve the incompatibility between proto2 and
gogoproto, the cri runtimeoptions proto must be vendored.
Further, some of the semantics of bazel caching changed during the
transition. It is now necessary to:
- Ensure that :gopath depends only on pure library targets, as the
propagation of go_binary build attributes (pure, static) will
affected the generated files (though content remains the same,
there are conflicts with respect to the gopath).
- Update bazel.mk to include the possibility of binaries in the
bazel-out directory, as it will now put runsc and others there.
This required some refinements to the mechanism of extracting
paths, since some the existing regex resulted in false positives.
- Change nogo rules to prevent escape generation on binary targets.
For some reason, the newer version of bazel attempted to run the
nogo analysis on the binary targets, which fails due to the fact
that objdump does not work on the final binary. This must be due
to a change in the semantics of aspects in bazel3.
PiperOrigin-RevId: 337958324
|
|
PiperOrigin-RevId: 337415009
|
|
This change also adds support to go_stateify for detecting an appropriate
receiver name, avoiding a large number of false positives.
PiperOrigin-RevId: 335994587
|
|
When nogo checks are violated, they will automatically posted
as annotations on the specific GitHub commit. This allows us
to ensure analysis & style rules and have them called out.
PiperOrigin-RevId: 334447285
|
|
PiperOrigin-RevId: 332878900
|
|
`ip6tables -t filter` is now usable. NAT support will come in a future CL.
#3549
PiperOrigin-RevId: 332381801
|
|
PiperOrigin-RevId: 332358833
|
|
The modprobe command only takes 1 module per invocation. The second module name
is being passed as a module parameter.
PiperOrigin-RevId: 331585765
|
|
PiperOrigin-RevId: 330981912
|
|
This change makes the following fixes:
- When creating a test repo.key, create a secret keyring as other workflows
also use secret keyrings only.
- We should not be using both --keyring and --secret-keyring options. Just use
--secret-keyring.
- Pass homedir to all gpg commands. dpkg-sig takes an arg -g which stands for
gpgopts. So we need to pass the homedir there too.
PiperOrigin-RevId: 330443280
|
|
The debian rules are also moved to the top-level, since they
apply to binaries outside the //runsc directory.
Fixes #3665
PiperOrigin-RevId: 328379709
|
|
Mark all tests passing for VFS2 in:
image_test
integration_test
There's no way to do negative look ahead/behind in golang test regex,
so check if the tests uses VFS2 and skip CheckPointRestore if it does.
PiperOrigin-RevId: 326050915
|
|
PiperOrigin-RevId: 325861904
|