gvisor - Container Runtime Sandbox

Age	Commit message (Collapse)	Author
2018-09-07	runsc: Support multi-container exec.	Nicolas Lacasse
	We must use a context.Context with a Root Dirent that corresponds to the container's chroot. Previously we were using the root context, which does not have a chroot. Getting the correct context required refactoring some of the path-lookup code. We can't lookup the path without a context.Context, which requires kernel.CreateProcArgs, which we only get inside control.Execute. So we have to do the path lookup much later than we previously were. PiperOrigin-RevId: 212064734 Change-Id: I84a5cfadacb21fd9c3ab9c393f7e308a40b9b537
2018-09-07	Use root abstract socket namespace for exec	Fabricio Voznika
	PiperOrigin-RevId: 211999211 Change-Id: I5968dd1a8313d3e49bb6e6614e130107495de41d
2018-09-05	Imported FD in exec was leaking	Fabricio Voznika
	Imported file needs to be closed after it's been imported. PiperOrigin-RevId: 211732472 Change-Id: Ia9249210558b77be076bcce465b832a22eed301f
2018-08-24	runsc: Terminal support for "docker exec -ti".	Nicolas Lacasse
	This CL adds terminal support for "docker exec". We previously only supported consoles for the container process, but not exec processes. The SYS_IOCTL syscall was added to the default seccomp filter list, but only for ioctls that get/set winsize and termios structs. We need to allow these ioctl for all containers because it's possible to run "exec -ti" on a container that was started without an attached console, after the filters have been installed. Note that control-character signals are still not properly supported. Tested with: $ docker run --runtime=runsc -it alpine In another terminial: $ docker exec -it <containerid> /bin/sh PiperOrigin-RevId: 210185456 Change-Id: I6d2401e53a7697bb988c120a8961505c335f96d9
2018-07-27	stateify: support explicit annotation mode; convert refs and stack packages.	Zhaozhong Ni
	We have been unnecessarily creating too many savable types implicitly. PiperOrigin-RevId: 206334201 Change-Id: Idc5a3a14bfb7ee125c4f2bb2b1c53164e46f29a8
2018-06-19	Added a resume command to unpause a paused container.	Justine Olshan
	Resume checks the status of the container and unpauses the kernel if its status is paused. Otherwise nothing happens. Tests were added to ensure that the process is in the correct state after various commands. PiperOrigin-RevId: 201251234 Change-Id: Ifd11b336c33b654fea6238738f864fcf2bf81e19
2018-06-06	Added a function to the controller to checkpoint a container.	Googler
	Functionality for checkpoint is not complete, more to come. PiperOrigin-RevId: 199500803 Change-Id: Iafb0fcde68c584270000fea898e6657a592466f7
2018-05-04	Run gofmt -s on everything	Ian Gudger
	PiperOrigin-RevId: 195469901 Change-Id: I66d5c7a334bbb8b47e40d266a2661291c2d91c7f
2018-05-02	Remove detach for exec options	Fabricio Voznika
	Detachable exec commands are handled in the client entirely and the detach option is not used anymore. PiperOrigin-RevId: 195181272 Change-Id: I6e82a2876d2c173709c099be59670f71702e5bf0
2018-04-28	Check in gVisor.	Googler
	PiperOrigin-RevId: 194583126 Change-Id: Ica1d8821a90f74e7e745962d71801c598c652463