gvisor - Container Runtime Sandbox

Age	Commit message (Collapse)	Author
2020-09-16	Merge release-20200907.0-69-g286830855 (automated)	gVisor bot

2020-09-16	Merge release-20200907.0-68-g64aae6bbd (automated)	gVisor bot

2020-09-16	Merge release-20200907.0-66-g29ce0ad16 (automated)	gVisor bot

2020-09-16	Merge release-20200907.0-65-g3749e70a6 (automated)	gVisor bot

2020-09-16	Merge release-20200907.0-64-g666397c5c (automated)	gVisor bot

2020-09-16	Merge release-20200907.0-63-g0356c7ef3 (automated)	gVisor bot

2020-09-16	Merge release-20200907.0-62-g49857849f (automated)	gVisor bot

2020-09-16	Merge pull request #3893 from lubinszARM:pr_n1_03	gVisor bot
	PiperOrigin-RevId: 332069743
2020-09-16	Merge release-20200907.0-60-g87c5c0ad2 (automated)	gVisor bot

2020-09-16	Merge release-20200907.0-58-g9ef1c7992 (automated)	gVisor bot

2020-09-16	Merge release-20200907.0-57-gd201feb8c (automated)	gVisor bot

2020-09-16	Merge release-20200907.0-56-gdcd532e2e (automated)	gVisor bot

2020-09-15	Add support for OCI seccomp filters in the sandbox.	Ian Lewis
	OCI configuration includes support for specifying seccomp filters. In runc, these filter configurations are converted into seccomp BPF programs and loaded into the kernel via libseccomp. runsc needs to be a static binary so, for runsc, we cannot rely on a C library and need to implement the functionality in Go. The generator added here implements basic support for taking OCI seccomp configuration and converting it into a seccomp BPF program with the same behavior as a program generated by libseccomp. - New conditional operations were added to pkg/seccomp to support operations available in OCI. - AllowAny and AllowValue were renamed to MatchAny and EqualTo to better reflect that syscalls matching the conditionals result in the provided action not simply SCMP_RET_ALLOW. - BuildProgram in pkg/seccomp no longer panics if provided an empty list of rules. It now builds a program with the architecture sanity check only. - ProgramBuilder now allows adding labels that are unused. However, backwards jumps are still not permitted. Fixes #510 PiperOrigin-RevId: 331938697
2020-09-16	Merge release-20200907.0-55-gc053c4bb0 (automated)	gVisor bot

2020-09-16	Merge release-20200907.0-54-gcb2e3c946 (automated)	gVisor bot

2020-09-15	Merge release-20200907.0-53-g8b15effd9 (automated)	gVisor bot

2020-09-15	Merge release-20200907.0-52-g456c6c33e (automated)	gVisor bot

2020-09-15	Merge release-20200907.0-50-g72a30b114 (automated)	gVisor bot

2020-09-15	Merge release-20200907.0-49-g7f89a26e1 (automated)	gVisor bot

2020-09-15	Merge release-20200907.0-48-g0d790cbae (automated)	gVisor bot

2020-09-15	Merge release-20200907.0-47-g86b31a807 (automated)	gVisor bot

2020-09-15	Merge release-20200907.0-44-gd3880b76c (automated)	gVisor bot

2020-09-14	Merge release-20200907.0-43-g52ffeb2d6 (automated)	gVisor bot

2020-09-14	Merge release-20200907.0-42-g2747030ec (automated)	gVisor bot

2020-09-14	Merge release-20200907.0-40-g2969b1740 (automated)	gVisor bot

2020-09-14	Merge release-20200907.0-39-g833ceb0f1 (automated)	gVisor bot

2020-09-12	Merge release-20200907.0-37-g3ca73841d (automated)	gVisor bot

2020-09-11	Merge release-20200810.0-237-g8d0f76dda (automated)	gVisor bot

2020-09-11	Merge release-20200907.0-36-g1f4fb817c (automated)	gVisor bot

2020-09-11	Merge release-20200810.0-236-gb8bee78d0 (automated)	gVisor bot

2020-09-11	Merge release-20200907.0-35-g325f7036b (automated)	gVisor bot

2020-09-11	Merge release-20200907.0-34-g490e5c83b (automated)	gVisor bot

2020-09-11	Merge release-20200907.0-33-g9a5635eb1 (automated)	gVisor bot

2020-09-11	Merge release-20200907.0-32-g831ab2dd9 (automated)	gVisor bot

2020-09-11	Merge release-20200907.0-31-g964447c8c (automated)	gVisor bot

2020-09-11	arm64 mm: asid and tlb support	Bin Lu
	Some optimizations in this pr: 1, Move ASID from TTBR0 to TTBR1 2, tlb_flush_all Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-09-10	Merge release-20200818.0-154-g365545855 (automated)	gVisor bot

2020-09-10	Merge release-20200818.0-153-g14e0eb6e0 (automated)	gVisor bot

2020-09-10	Merge release-20200818.0-152-g7275f293d (automated)	gVisor bot

2020-09-10	Merge release-20200818.0-150-g50c99a86d (automated)	gVisor bot

2020-09-10	Merge release-20200818.0-149-g9a003835f (automated)	gVisor bot

2020-09-10	arm64:place an SB sequence following an ERET instruction	Bin Lu
	Some CPUs(eg: ampere-emag) can speculate past an ERET instruction and potentially perform speculative accesses to memory before processing the exception return. Since the register state is often controlled by a lower privilege level at the point of an ERET, this could potentially be used as part of a side-channel attack. Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-09-10	Merge release-20200818.0-148-g1ab097b08 (automated)	gVisor bot

2020-09-10	Merge release-20200818.0-146-g2c7df1a9a (automated)	gVisor bot

2020-09-10	Merge release-20200818.0-145-gf94995114 (automated)	gVisor bot

2020-09-10	Merge release-20200810.0-200-gc7d09207e (automated)	gVisor bot

2020-09-09	Don't sched_setaffinity in ptrace platform.	Jamie Liu
	PiperOrigin-RevId: 330777900
2020-09-09	Device major number greater than 2 digits in /proc/self/maps on arm64 N1 machine	Bin Lu
	Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-09-09	Support stdlib analyzers with nogo.	Adin Scannell
	This immediately revealed an escape analysis violation (!), where the sync.Map was being used in a context that escapes were not allowed. This is a relatively minor fix and is included. PiperOrigin-RevId: 328611237
2020-09-09	Bump build constraints to 1.17	Michael Pratt
	This enables pre-release testing with 1.16. The intention is to replace these with a nogo check before the next release. PiperOrigin-RevId: 328193911