summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/kernel
AgeCommit message (Collapse)Author
2019-07-24Use different pidns among different containerschris.zn
The different containers in a sandbox used only one pid namespace before. This results in that a container can see the processes in another container in the same sandbox. This patch use different pid namespace for different containers. Signed-off-by: chris.zn <chris.zn@antfin.com>
2019-07-24Merge 7e38d643 (automated)gVisor bot
2019-07-24Merge d7bb79b6 (automated)gVisor bot
2019-07-23Merge bd770895 (automated)gVisor bot
2019-07-23Merge 04cbb13c (automated)gVisor bot
2019-07-23Merge 57745994 (automated)gVisor bot
2019-07-23Merge 12c25656 (automated)gVisor bot
2019-07-22Merge d706922d (automated)gVisor bot
2019-07-22Merge a0a86bbb (automated)gVisor bot
2019-07-22Merge fdac770f (automated)gVisor bot
2019-07-19Merge 32e6be00 (automated)gVisor bot
2019-07-19Merge f544509c (automated)gVisor bot
2019-07-19Merge 0e040ba6 (automated)gVisor bot
2019-07-17Merge 6f7e2bb3 (automated)gVisor bot
2019-07-17Merge 84a59de5 (automated)gVisor bot
2019-07-17Merge 8e3e021a (automated)gVisor bot
2019-07-17Merge 609cd91e (automated)gVisor bot
2019-07-17Merge pull request #355 from zhuangel:mastergVisor bot
PiperOrigin-RevId: 258643966
2019-07-17Merge 542fbd01 (automated)gVisor bot
2019-07-17Fix race in FDTable.GetFDs().Bhasker Hariharan
PiperOrigin-RevId: 258635459
2019-07-17Merge 682fd2d6 (automated)gVisor bot
2019-07-17Merge ca829158 (automated)gVisor bot
2019-07-17Merge 78a2704b (automated)gVisor bot
2019-07-16Merge 89368456 (automated)gVisor bot
2019-07-16Merge 74dc663b (automated)gVisor bot
2019-07-16Merge cf4fc510 (automated)gVisor bot
2019-07-16Merge 6a8ff6da (automated)gVisor bot
2019-07-15Merge ab44d145 (automated)gVisor bot
2019-07-12Merge c8ae00eb (automated)gVisor bot
2019-07-12Merge 4ad67050 (automated)gVisor bot
2019-07-12Merge eff2c264 (automated)gVisor bot
2019-07-12Merge 69e0affa (automated)gVisor bot
2019-07-09build: add nogo for static validationAdin Scannell
PiperOrigin-RevId: 257297820
2019-07-03futex: compare keys for equality when doing a FUTEX_UNLOCK_PI.Neel Natu
PiperOrigin-RevId: 256453827
2019-07-03Merge pull request #493 from ahmetb:reticulating-splinesgVisor bot
PiperOrigin-RevId: 256319059
2019-07-02Remove map from fd_map, change to fd_table.Adin Scannell
This renames FDMap to FDTable and drops the kernel.FD type, which had an entire package to itself and didn't serve much use (it was freely cast between types, and served as more of an annoyance than providing any protection.) Based on BenchmarkFDLookupAndDecRef-12, we can expect 5-10 ns per lookup operation, and 10-15 ns per concurrent lookup operation of savings. This also fixes two tangential usage issues with the FDMap. Namely, non-atomic use of NewFDFrom and associated calls to Remove (that are both racy and fail to drop the reference on the underlying file.) PiperOrigin-RevId: 256285890
2019-07-02sentry/kernel: add syslog messageAhmet Alp Balkan
It feels like "reticulating splines" is missing from the list of meaningless syslog messages. Signed-off-by: Ahmet Alp Balkan <ahmetb@google.com>
2019-06-28Add finalizer on AtomicRefCount to check for leaks.Ian Gudger
PiperOrigin-RevId: 255711454
2019-06-28Merge b2907595 (automated)gVisor bot
2019-06-27Complete pipe support on overlayfsFabricio Voznika
Get/Set pipe size and ioctl support were missing from overlayfs. It required moving the pipe.Sizer interface to fs so that overlay could get access. Fixes #318 PiperOrigin-RevId: 255511125
2019-06-27Merge 5b41ba5d (automated)gVisor bot
2019-06-27Merge 085a9075 (automated)gVisor bot
2019-06-27Fix various spelling issues in the documentationMichael Pratt
Addresses obvious typos, in the documentation only. COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/443 from Pixep:fix/documentation-spelling 4d0688164eafaf0b3010e5f4824b35d1e7176d65 PiperOrigin-RevId: 255477779
2019-06-26Merge 857e5c47 (automated)gVisor bot
2019-06-26Merge 67e2f227 (automated)gVisor bot
2019-06-26Merge e98ce4a2 (automated)gVisor bot
2019-06-25Merge 03ae91c6 (automated)gVisor bot
2019-06-25gvisor: lockless read access for task credentialsAndrei Vagin
Credentials are immutable and even before these changes we could read them without locks, but we needed to take a task lock to get a credential object from a task object. It is possible to avoid this lock, if we will guarantee that a credential object will not be changed after setting it on a task. PiperOrigin-RevId: 254989492
2019-06-25Merge fd16a329 (automated)gVisor bot
2019-06-22Merge 35719d52 (automated)gVisor bot