Age | Commit message (Collapse) | Author | |
---|---|---|---|
2019-08-07 | Merge 79cc4397 (automated) | gVisor bot | |
2019-08-07 | Merge e70eafc9 (automated) | gVisor bot | |
2019-08-06 | Merge dfbc0b0a (automated) | gVisor bot | |
2019-08-06 | Merge 704f9610 (automated) | gVisor bot | |
2019-08-05 | Merge 23e74043 (automated) | gVisor bot | |
2019-08-02 | Merge 960a5e55 (automated) | gVisor bot | |
2019-08-02 | Merge b6a5b950 (automated) | gVisor bot | |
2019-08-02 | Job control: controlling TTYs and foreground process groups. | Kevin Krakauer | |
(Don't worry, this is mostly tests.) Implemented the following ioctls: - TIOCSCTTY - set controlling TTY - TIOCNOTTY - remove controlling tty, maybe signal some other processes - TIOCGPGRP - get foreground process group. Also enables tcgetpgrp(). - TIOCSPGRP - set foreground process group. Also enabled tcsetpgrp(). Next steps are to actually turn terminal-generated control characters (e.g. C^c) into signals to the proper process groups, and to send SIGTTOU and SIGTTIN when appropriate. PiperOrigin-RevId: 261387276 | |||
2019-08-02 | Merge b461be88 (automated) | gVisor bot | |
2019-08-02 | Merge 2906dffc (automated) | gVisor bot | |
2019-08-02 | Merge aaaefdf9 (automated) | gVisor bot | |
2019-08-02 | Remove kernel.mounts. | Nicolas Lacasse | |
We can get the mount namespace from the CreateProcessArgs in all cases where we need it. This also gets rid of kernel.Destroy method, since the only thing it was doing was DecRefing the mounts. Removing the need to call kernel.SetRootMountNamespace also allowed for some more simplifications in the container fs setup code. PiperOrigin-RevId: 261357060 | |||
2019-08-02 | Merge 3eff0531 (automated) | gVisor bot | |
2019-08-01 | Merge bad43772 (automated) | gVisor bot | |
2019-08-01 | Merge f2b25aea (automated) | gVisor bot | |
2019-08-01 | Merge 0a246fab (automated) | gVisor bot | |
2019-07-31 | Merge cf2b2d97 (automated) | gVisor bot | |
2019-07-31 | Initialize kernel.unimplementedSyscallEmitter with a sync.Once. | Nicolas Lacasse | |
This is initialized lazily on the first unimplemented syscall. Without the sync.Once, this is racy. PiperOrigin-RevId: 260971758 | |||
2019-07-30 | Merge 7369c63e (automated) | gVisor bot | |
2019-07-30 | Merge 93b0917d (automated) | gVisor bot | |
2019-07-30 | Merge e511c0e0 (automated) | gVisor bot | |
2019-07-30 | Add feature to launch Sentry from an open host FD. | Zach Koopmans | |
Adds feature to launch from an open host FD instead of a binary_path. The FD should point to a valid executable and most likely be statically compiled. If the executable is not statically compiled, the loader will search along the interpreter paths, which must be able to be resolved in the Sandbox's file system or start will fail. PiperOrigin-RevId: 260756825 | |||
2019-07-30 | Merge 1decf764 (automated) | gVisor bot | |
2019-07-30 | Merge 8da9f8a1 (automated) | gVisor bot | |
2019-07-30 | Merge ddf25e33 (automated) | gVisor bot | |
2019-07-30 | Merge b765eb45 (automated) | gVisor bot | |
2019-07-30 | Merge 5fdb945a (automated) | gVisor bot | |
2019-07-29 | Rate limit the unimplemented syscall event handler. | Nicolas Lacasse | |
This introduces two new types of Emitters: 1. MultiEmitter, which will forward events to other registered Emitters, and 2. RateLimitedEmitter, which will forward events to a wrapped Emitter, subject to given rate limits. The methods in the eventchannel package itself act like a multiEmitter, but is not actually an Emitter. Now we have a DefaultEmitter, and the methods in eventchannel simply forward calls to the DefaultEmitter. The unimplemented syscall handler now uses a RateLimetedEmitter that wraps the DefaultEmitter. PiperOrigin-RevId: 260612770 | |||
2019-07-29 | Merge f0507e1d (automated) | gVisor bot | |
2019-07-29 | Merge 8e8b6096 (automated) | gVisor bot | |
2019-07-29 | Merge 09be87bb (automated) | gVisor bot | |
2019-07-27 | Merge 4183b902 (automated) | gVisor bot | |
2019-07-26 | Merge 27626926 (automated) | gVisor bot | |
2019-07-26 | Merge b5012237 (automated) | gVisor bot | |
2019-07-26 | Merge pull request #452 from zhangningdlut:chris_test_pidns | gVisor bot | |
PiperOrigin-RevId: 260220279 | |||
2019-07-25 | Merge 7052d21d (automated) | gVisor bot | |
2019-07-25 | Merge 83767574 (automated) | gVisor bot | |
2019-07-25 | Merge 417096f7 (automated) | gVisor bot | |
2019-07-24 | Merge 2ed832ff (automated) | gVisor bot | |
2019-07-24 | Use different pidns among different containers | chris.zn | |
The different containers in a sandbox used only one pid namespace before. This results in that a container can see the processes in another container in the same sandbox. This patch use different pid namespace for different containers. Signed-off-by: chris.zn <chris.zn@antfin.com> | |||
2019-07-24 | Merge 7e38d643 (automated) | gVisor bot | |
2019-07-24 | Merge d7bb79b6 (automated) | gVisor bot | |
2019-07-23 | Merge bd770895 (automated) | gVisor bot | |
2019-07-23 | Merge 04cbb13c (automated) | gVisor bot | |
2019-07-23 | Merge 57745994 (automated) | gVisor bot | |
2019-07-23 | Merge 12c25656 (automated) | gVisor bot | |
2019-07-22 | Merge d706922d (automated) | gVisor bot | |
2019-07-22 | Merge a0a86bbb (automated) | gVisor bot | |
2019-07-22 | Merge fdac770f (automated) | gVisor bot | |
2019-07-19 | Merge 32e6be00 (automated) | gVisor bot | |