summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
AgeCommit message (Collapse)Author
2020-04-13Merge release-20200323.0-136-g5d885d7 (automated)gVisor bot
2020-04-13Port socket-related syscalls to VFS2.Dean Deng
Note that most kinds of sockets are not yet supported in VFS2 (only Unix sockets are partially supported at the moment), so these syscalls will still generally fail. Enabling them allows us to begin running socket tests for VFS2 as more features are ported over. Updates #1476, #1478, #1484, #1485. PiperOrigin-RevId: 306292294
2020-04-13Merge release-20200323.0-134-g6a4d17a (automated)gVisor bot
2020-04-13Remove obsolete TODOs for b/38173783Jon Budd
The comments in the ticket indicate that this behavior is fine and that the ticket should be closed, so we shouldn't need pointers to the ticket. PiperOrigin-RevId: 306266071
2020-04-13Merge release-20200323.0-133-g445c366 (automated)gVisor bot
2020-04-13Fix VFS2 getdents()/getdents64() alignment.Jamie Liu
PiperOrigin-RevId: 306263615
2020-04-11Merge release-20200323.0-130-gdaf3322 (automated)gVisor bot
2020-04-10Add logging message for noNewPrivileges OCI option.Ian Lewis
noNewPrivileges is ignored if set to false since gVisor assumes that PR_SET_NO_NEW_PRIVS is always enabled. PiperOrigin-RevId: 305991947
2020-04-11Merge release-20200323.0-129-g09ddb5a (automated)gVisor bot
2020-04-10Port extended attributes to VFS2.Dean Deng
As in VFS1, we only support the user.* namespace. Plumbing is added to tmpfs and goferfs. Note that because of the slightly different order of checks between VFS2 and Linux, one of the xattr tests needs to be relaxed slightly. Fixes #2363. PiperOrigin-RevId: 305985121
2020-04-10Merge release-20200323.0-128-g96f9142 (automated)gVisor bot
2020-04-10Use O_CLOEXEC when dup'ing FDsFabricio Voznika
The sentry doesn't allow execve, but it's a good defense in-depth measure. PiperOrigin-RevId: 305958737
2020-04-10Merge release-20200323.0-122-g1798d6c (automated)gVisor bot
2020-04-10Remove TODO from kernel.StracerFabricio Voznika
The dependency strace=>kernel grew over time. strace also depends on task's FD table and FSContext. It could be fixed with some interfaces the other way, but then we're trading an interface for another, and kernel.Stracer is likely cleaner. Closes #155 PiperOrigin-RevId: 305909678
2020-04-10Merge release-20200323.0-119-g7812661 (automated)gVisor bot
2020-04-09Merge pull request #2253 from amscanne:nogogVisor bot
PiperOrigin-RevId: 305807868
2020-04-10Merge release-20200323.0-113-gc919534 (automated)gVisor bot
2020-04-09Replace type assertion with TaskFromContext.Ting-Yu Wang
This should fix panic at aio callback. PiperOrigin-RevId: 305798549
2020-04-10Merge release-20200323.0-112-g257225c (automated)gVisor bot
2020-04-09Downgrade VFS1-specific FIXME to a NOTE.Jamie Liu
PiperOrigin-RevId: 305794509
2020-04-09Merge release-20200323.0-110-g9f87502 (automated)gVisor bot
2020-04-09Remove TODOs from Async IOFabricio Voznika
Block and drain requests in io_destroy(2). Note the reason to create read-only mapping. PiperOrigin-RevId: 305786312
2020-04-09Merge release-20200323.0-107-g9a5e5ab (automated)gVisor bot
2020-04-09Merge release-20200323.0-103-g7928aa3 (automated)gVisor bot
2020-04-09Convert int and bool socket options to use GetSockOptInt and GetSockOptBoolAndrei Vagin
PiperOrigin-RevId: 305699233
2020-04-09Merge release-20200323.0-100-ga10389e (automated)gVisor bot
2020-04-08splice: cap splice calls to MAX_RW_COUNTAndrei Vagin
The Linux does the same. Reported-by: syzbot+e81716e8956e92e9d56b@syzkaller.appspotmail.com PiperOrigin-RevId: 305625439
2020-04-09Merge release-20200323.0-98-g0f75f72 (automated)gVisor bot
2020-04-08Don't call platform.AddressSpace.MapFile with no permissions.Jamie Liu
PiperOrigin-RevId: 305598136
2020-04-09Merge release-20200323.0-97-g6dd5a1f (automated)gVisor bot
2020-04-08Clean up TODOsFabricio Voznika
PiperOrigin-RevId: 305592245
2020-04-09Merge release-20200323.0-96-g981a587 (automated)gVisor bot
2020-04-08Remove InodeOperations FIXMEs that will be obsoleted by VFS2.Dean Deng
PiperOrigin-RevId: 305588941
2020-04-08Merge release-20200323.0-95-g357f136 (automated)gVisor bot
2020-04-08Handle utimes correctly for shared gofer filesystems.Dean Deng
Determine system time from within the sentry rather than relying on the remote filesystem to prevent inconsistencies. Resolve related TODOs; the time discrepancies in question don't exist anymore. PiperOrigin-RevId: 305557099
2020-04-08Merge release-20200323.0-93-gd8c0c1d (automated)gVisor bot
2020-04-08Do not hold FileDescription references in VFS2 procfs inodes.Jamie Liu
FileDescription references are side-effectual; for example, holding a reference on the write end of a pipe prevents reads from the read end from returning EOF. This change is consistent with Linux, but not VFS1; while VFS1 also has this bug, it's less visible there since VFS1 procfs disables caching. Updates #1195 PiperOrigin-RevId: 305545099
2020-04-08Enable SubprocessExited and SubprocessZombie for gVisorFabricio Voznika
Updates #164 PiperOrigin-RevId: 305544029
2020-04-08Fix unused result errors.Adin Scannell
This fixes a bug in the proc net directory. Updates #2243
2020-04-08Fix all printf formatting errors.Adin Scannell
Updates #2243
2020-04-08Fix all copy locks violations.Adin Scannell
This required minor restructuring of how system call tables were saved and restored, but it makes way more sense this way. Updates #2243
2020-04-07Make unlink tests pass with goferfsFabricio Voznika
Required directory checks were being skipped when there was no child cached. Now the code always loads the child file before unlinking it. Updates #1198 PiperOrigin-RevId: 305382323
2020-04-07Correctly distinguish between seekable and non-seekable host fds.Dean Deng
Check whether an fd is seekable by calling the seek syscall and examining the return value, instead of checking the file type, which is inaccurate. PiperOrigin-RevId: 305361593
2020-04-07Merge release-20200323.0-82-gd5ddb53 (automated)gVisor bot
2020-04-07Remove out-of-date TODOs.Ting-Yu Wang
We already have network namespace for netstack. PiperOrigin-RevId: 305341954
2020-04-07Make gofer.dentry.destroyLocked idempotentFabricio Voznika
gofer operations accumulate dentries touched in a slice to call checkCachingLocked on them when the operation is over. In case the same dentry is touched multiple times during the operation, checkCachingLocked, and consequently destroyLocked, may be called more than once for the same dentry. Updates #1198 PiperOrigin-RevId: 305276819
2020-04-06Merge release-20200323.0-75-gdd98fdd (automated)gVisor bot
2020-04-06Correctly implement magic symlinks in VFS2 procfs.Jamie Liu
Updates #1195 PiperOrigin-RevId: 305143567
2020-04-06Merge release-20200323.0-74-gf332a86 (automated)gVisor bot
2020-04-06Port timerfd to VFS2.Nicolas Lacasse
PiperOrigin-RevId: 305067208