| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-02-24 | Merge release-20210208.0-85-gacd516cfe (automated) | gVisor bot | |
| 2021-02-24 | Add YAMA security module restrictions on ptrace(2). | Dean Deng | |
| Restrict ptrace(2) according to the default configurations of the YAMA security module (mode 1), which is a common default among various Linux distributions. The new access checks only permit the tracer to proceed if one of the following conditions is met: a) The tracer is already attached to the tracee. b) The target is a descendant of the tracer. c) The target has explicitly given permission to the tracer through the PR_SET_PTRACER prctl. d) The tracer has CAP_SYS_PTRACE. See security/yama/yama_lsm.c for more details. Note that these checks are added to CanTrace, which is checked for PTRACE_ATTACH as well as some other operations, e.g., checking a process' memory layout through /proc/[pid]/mem. Since this patch adds restrictions to ptrace, it may break compatibility for applications run by non-root users that, for instance, rely on being able to trace processes that are not descended from the tracer (e.g., `gdb -p`). YAMA restrictions can be turned off by setting /proc/sys/kernel/yama/ptrace_scope to 0, or exceptions can be made on a per-process basis with the PR_SET_PTRACER prctl. Reported-by: syzbot+622822d8bca08c99e8c8@syzkaller.appspotmail.com PiperOrigin-RevId: 359237723 | |||
| 2021-02-09 | Merge release-20210201.0-57-gcfa4633c3 (automated) | gVisor bot | |
| 2021-02-08 | [go-marshal] Add dynamic tag in go_marshal. | Ayush Ranjan | |
| This makes it easier to implement dynamically sized types in go-marshal. You really only need to implement MarshalBytes, UnmarshalBytes and SizeBytes to implement the entire interface. By using the `dynamic` tag, the autogenerator will generate the rest of the methods for us. This change also simplifies how KernelIPTGetEntries implements Marshallable using the newly added utility. PiperOrigin-RevId: 356397114 | |||
| 2021-01-29 | Merge release-20210125.0-31-g0a52b6479 (automated) | gVisor bot | |
| 2021-01-29 | - Add more comments for the TCP_INFO struct fields. | Nayana Bidari | |
| PiperOrigin-RevId: 354595623 | |||
| 2021-01-28 | Merge release-20210112.0-104-g99988e45e (automated) | gVisor bot | |
| 2021-01-27 | Add support for more fields in netstack for TCP_INFO | Nayana Bidari | |
| This CL adds support for the following fields: - RTT, RTTVar, RTO - send congestion window (sndCwnd) and send slow start threshold (sndSsthresh) - congestion control state(CaState) - ReorderSeen PiperOrigin-RevId: 354195361 | |||
| 2021-01-22 | Merge release-20210112.0-75-gf52f0101b (automated) | gVisor bot | |
| 2021-01-22 | Implement F_GETLK fcntl. | Dean Deng | |
| Fixes #5113. PiperOrigin-RevId: 353313374 | |||
| 2021-01-12 | Merge release-20201216.0-87-g4e03e8754 (automated) | gVisor bot | |
| 2021-01-12 | Fix simple mistakes identified by goreportcard. | Adin Scannell | |
| These are primarily simplification and lint mistakes. However, minor fixes are also included and tests added where appropriate. PiperOrigin-RevId: 351425971 | |||
| 2021-01-06 | Merge release-20201208.0-117-gabe9d9f67 (automated) | gVisor bot | |
| 2021-01-06 | Support add/remove IPv6 multicast group sock opt | Ghanan Gowripalan | |
| IPv4 was always supported but UDP never supported joining/leaving IPv6 multicast groups via socket options. Add: IPPROTO_IPV6, IPV6_JOIN_GROUP/IPV6_ADD_MEMBERSHIP Remove: IPPROTO_IPV6, IPV6_LEAVE_GROUP/IPV6_DROP_MEMBERSHIP Test: integration_test.TestUDPAddRemoveMembershipSocketOption PiperOrigin-RevId: 350396072 | |||
| 2020-12-30 | Merge release-20201208.0-98-g0fb5de115 (automated) | gVisor bot | |
| 2020-12-30 | Merge release-20201208.0-97-g1b66bad7c (automated) | gVisor bot | |
| 2020-12-30 | Merge release-20201208.0-96-ged5850e8e (automated) | gVisor bot | |
| 2020-12-30 | Merge release-20201208.0-95-gfc153750e (automated) | gVisor bot | |
| 2020-12-30 | Merge release-20201208.0-94-gffa9a715a (automated) | gVisor bot | |
| 2020-12-30 | Merge release-20201208.0-93-g3c58405a5 (automated) | gVisor bot | |
| 2020-12-30 | Merge release-20201208.0-92-gd302c0570 (automated) | gVisor bot | |
| 2020-12-30 | Merge release-20201208.0-91-g85c1c3ed4 (automated) | gVisor bot | |
| 2020-12-29 | Merge release-20201208.0-90-g91c05c609 (automated) | gVisor bot | |
| 2020-12-28 | Merge release-20201208.0-89-g3ff7324df (automated) | gVisor bot | |
| 2020-12-17 | [netstack] Implement MSG_ERRQUEUE flag for recvmsg(2). | Ayush Ranjan | |
| Introduces the per-socket error queue and the necessary cmsg mechanisms. PiperOrigin-RevId: 348028508 | |||
| 2020-12-15 | Implement command SEM_INFO and SEM_STAT for semctl. | Jing Chen | |
| PiperOrigin-RevId: 347711998 | |||
| 2020-12-15 | Merge release-20201208.0-45-gb2a697334 (automated) | gVisor bot | |
| 2020-12-15 | Merge release-20201208.0-44-ga1c56bc22 (automated) | gVisor bot | |
| 2020-12-14 | Merge release-20201208.0-43-g2e191cb3f (automated) | gVisor bot | |
| 2020-12-14 | Merge release-20201208.0-42-g65e4ed8fb (automated) | gVisor bot | |
| 2020-12-14 | Merge release-20201208.0-41-gab593661e (automated) | gVisor bot | |
| 2020-12-12 | Merge release-20201208.0-40-g08d36b6c6 (automated) | gVisor bot | |
| 2020-12-12 | Merge release-20201208.0-39-g4aef908c9 (automated) | gVisor bot | |
| 2020-12-12 | Merge release-20201208.0-38-g4b697aae5 (automated) | gVisor bot | |
| 2020-12-12 | Merge release-20201208.0-37-gbe5922fbd (automated) | gVisor bot | |
| 2020-12-12 | Merge release-20201208.0-36-g1e92732eb (automated) | gVisor bot | |
| 2020-12-11 | Merge release-20201208.0-35-g80379894d (automated) | gVisor bot | |
| 2020-12-11 | Merge release-20201208.0-34-gd45420b15 (automated) | gVisor bot | |
| 2020-12-11 | Merge release-20201208.0-33-g5bdc167d1 (automated) | gVisor bot | |
| 2020-12-11 | Merge release-20201208.0-32-g305a45655 (automated) | gVisor bot | |
| 2020-12-11 | Merge release-20201208.0-31-g4cba3904f (automated) | gVisor bot | |
| 2020-12-11 | Remove existing nogo exceptions. | Adin Scannell | |
| PiperOrigin-RevId: 347047550 | |||
| 2020-12-11 | Merge release-20201208.0-28-gaf4afdc0e (automated) | gVisor bot | |
| 2020-12-11 | [netstack] Decouple tcpip.ControlMessages from the IP control messges. | Ayush Ranjan | |
| tcpip.ControlMessages can not contain Linux specific structures which makes it painful to convert back and forth from Linux to tcpip back to Linux when passing around control messages in hostinet and raw sockets. Now we convert to the Linux version of the control message as soon as we are out of tcpip. PiperOrigin-RevId: 347027065 | |||
| 2020-12-04 | Merge release-20201130.0-36-ga78cef0ed (automated) | gVisor bot | |
| 2020-12-03 | Implement command IPC_INFO for semctl. | Jing Chen | |
| PiperOrigin-RevId: 345589628 | |||
| 2020-12-03 | Merge release-20201130.0-30-g6f60a2b0a (automated) | gVisor bot | |
| 2020-12-03 | Implement `fcntl` options `F_GETSIG` and `F_SETSIG`. | Etienne Perot | |
| These options allow overriding the signal that gets sent to the process when I/O operations are available on the file descriptor, rather than the default `SIGIO` signal. Doing so also populates `siginfo` to contain extra information about which file descriptor caused the event (`si_fd`) and what events happened on it (`si_band`). The logic around which FD is populated within `si_fd` matches Linux's, which means it has some weird edge cases where that value may not actually refer to a file descriptor that is still valid. This CL also ports extra S/R logic regarding async handler in VFS2. Without this, async I/O handlers aren't properly re-registered after S/R. PiperOrigin-RevId: 345436598 | |||
| 2020-12-02 | Merge release-20201117.0-90-gb26dd6d9b (automated) | gVisor bot | |
| 2020-12-02 | Add /proc/sys/kernel/sem. | Jing Chen | |
| PiperOrigin-RevId: 345178956 | |||
 |
index : gvisor | |
| Container Runtime Sandbox |
| summaryrefslogtreecommitdiffhomepage |