gvisor - Container Runtime Sandbox

Age	Commit message (Collapse)	Author
2018-09-17	runsc: Enable waiting on exited processes.	Kevin Krakauer
	This makes `runsc wait` behave more like waitpid()/wait4() in that: - Once a process has run to completion, you can wait on it and get its exit code. - Processes not waited on will consume memory (like a zombie process) PiperOrigin-RevId: 213358916 Change-Id: I5b5eca41ce71eea68e447380df8c38361a4d1558
2018-09-13	Plumb monotonic time to netstack	Ian Gudger
	Netstack needs to be portable, so this seems to be preferable to using raw system calls. PiperOrigin-RevId: 212917409 Change-Id: I7b2073e7db4b4bf75300717ca23aea4c15be944c
2018-09-07	Use root abstract socket namespace for exec	Fabricio Voznika
	PiperOrigin-RevId: 211999211 Change-Id: I5968dd1a8313d3e49bb6e6614e130107495de41d
2018-09-06	createProcessArgs.RootFromContext should return process Root if it exists.	Nicolas Lacasse
	It was always returning the MountNamespace root, which may be different from the process Root if the process is in a chroot environment. PiperOrigin-RevId: 211862181 Change-Id: I63bfeb610e2b0affa9fdbdd8147eba3c39014480
2018-08-31	Disintegrate kernel.TaskResources.	Jamie Liu
	This allows us to call kernel.FDMap.DecRef without holding mutexes cleanly. PiperOrigin-RevId: 211139657 Change-Id: Ie59d5210fb9282e1950e2e40323df7264a01bcec
2018-08-23	Implement POSIX per-process interval timers.	Jamie Liu
	PiperOrigin-RevId: 210021612 Change-Id: If7c161e6fd08cf17942bfb6bc5a8d2c4e271c61e
2018-08-15	runsc fsgofer: Support dynamic serving of filesystems.	Kevin Krakauer
	When multiple containers run inside a sentry, each container has its own root filesystem and set of mounts. Containers are also added after sentry boot rather than all configured and known at boot time. The fsgofer needs to be able to serve the root filesystem of each container. Thus, it must be possible to add filesystems after the fsgofer has already started. This change: * Creates a URPC endpoint within the gofer process that listens for requests to serve new content. * Enables the sentry, when starting a new container, to add the new container's filesystem. * Mounts those new filesystems at separate roots within the sentry. PiperOrigin-RevId: 208903248 Change-Id: Ifa91ec9c8caf5f2f0a9eead83c4a57090ce92068
2018-08-02	Automated rollback of changelist 207037226	Zhaozhong Ni
	PiperOrigin-RevId: 207125440 Change-Id: I6c572afb4d693ee72a0c458a988b0e96d191cd49
2018-08-01	Automated rollback of changelist 207007153	Michael Pratt
	PiperOrigin-RevId: 207037226 Change-Id: I8b5f1a056d4f3eab17846f2e0193bb737ecb5428
2018-08-01	stateify: convert all packages to use explicit mode.	Zhaozhong Ni
	PiperOrigin-RevId: 207007153 Change-Id: Ifedf1cc3758dc18be16647a4ece9c840c1c636c9
2018-07-10	netstack: tcp socket connected state S/R support.	Zhaozhong Ni
	PiperOrigin-RevId: 203958972 Change-Id: Ia6fe16547539296d48e2c6731edacdd96bd6e93c
2018-06-26	Automated rollback of changelist 201596247	Brian Geffon
	PiperOrigin-RevId: 202151720 Change-Id: I0491172c436bbb32b977f557953ba0bc41cfe299
2018-06-21	netstack: tcp socket connected state S/R support.	Zhaozhong Ni
	PiperOrigin-RevId: 201596247 Change-Id: Id22f47b2cdcbe14aa0d930f7807ba75f91a56724
2018-06-21	Drop return from SendExternalSignal	Michael Pratt
	SendExternalSignal is no longer called before CreateProcess, so it can enforce this simplified precondition. StartForwarding, and after Kernel.Start. PiperOrigin-RevId: 201591170 Change-Id: Ib7022ef7895612d7d82a00942ab59fa433c4d6e9
2018-06-14	Ignore expiration count in kernelCPUClockListener.Notify.	Jamie Liu
	PiperOrigin-RevId: 200590832 Change-Id: I35b817ecccc9414a742dee4815dfc67d0c7d0496
2018-05-08	Capture restore file system corruption errors in exit error.	Zhaozhong Ni
	PiperOrigin-RevId: 195850822 Change-Id: I4d7bdd8fe129c5ed461b73e1d7458be2cf5680c2
2018-05-01	Implement SO_TIMESTAMP	Ian Gudger
	PiperOrigin-RevId: 195047018 Change-Id: I6d99528a00a2125f414e1e51e067205289ec9d3d
2018-04-28	Check in gVisor.	Googler
	PiperOrigin-RevId: 194583126 Change-Id: Ica1d8821a90f74e7e745962d71801c598c652463