| Age | Commit message (Collapse) | Author |
|---|
|
|
|
The /proc/net/udp header was missing, and /proc/sys/net was set up as
/proc/sys/net/net. Discovered while trying to run networking tests for VFS2.
PiperOrigin-RevId: 309243758
|
|
|
|
Updates #1476
PiperOrigin-RevId: 309098590
|
|
|
|
The netfilter package uses logs to make debugging the (de)serialization of
structs easier. This generates a lot of (usually irrelevant) logs. Logging is
now hidden behind a debug flag.
PiperOrigin-RevId: 309087115
|
|
|
|
Enforce write permission checks in BoundEndpointAt, which corresponds to the
permission checks in Linux (net/unix/af_unix.c:unix_find_other).
Also, create bound socket files with the correct permissions in VFS2.
Fixes #2324.
PiperOrigin-RevId: 308949084
|
|
|
|
PiperOrigin-RevId: 308932254
|
|
|
|
Named pipes and sockets can be represented in two ways in gofer fs:
1. As a file on the remote filesystem. In this case, all file operations are
passed through 9p.
2. As a synthetic file that is internal to the sandbox. In this case, the
dentry stores an endpoint or VFSPipe for sockets and pipes respectively,
which replaces interactions with the remote fs through the gofer.
In gofer.filesystem.MknodAt, we attempt to call mknod(2) through 9p,
and if it fails, fall back to the synthetic version.
Updates #1200.
PiperOrigin-RevId: 308828161
|
|
|
|
The FileDescription implementation for hostfs sockets uses the standard Unix
socket implementation (unix.SocketVFS2), but is also tied to a hostfs dentry.
Updates #1672, #1476
PiperOrigin-RevId: 308716426
|
|
|
|
The meaning for skipDump was reversed, but not all callers
were updated. Change the meaning once again to forceDump, so
that the period between stack dump is respected from all
callers.
PiperOrigin-RevId: 308674373
|
|
|
|
PiperOrigin-RevId: 308674219
|
|
|
|
PiperOrigin-RevId: 308617610
|
|
|
|
PiperOrigin-RevId: 308472331
|
|
|
|
This change includes:
- Modifications to loader_test.go to get TestCreateMountNamespace to
pass with VFS2.
- Changes necessary to get TestHelloWorld in image tests to pass with
VFS2. This means runsc can run the hello-world container with docker
on VSF2.
Note: Containers that use sockets will not run with these changes.
See "//test/image/...". Any tests here with sockets currently fail
(which is all of them but HelloWorld).
PiperOrigin-RevId: 308363072
|
|
|
|
PiperOrigin-RevId: 308347744
|
|
|
|
Fixes #1477.
PiperOrigin-RevId: 308317511
|
|
|
|
PiperOrigin-RevId: 308304793
|
|
|
|
- Return ENOENT for /proc/[pid]/task if task is zoombied or terminated
- Allow directory to be Seek() to the end
- Construct synthetic files for /proc/[pid]/ns/*
- Changed GenericDirectoryFD.Init to not register with FileDescription,
otherwise other implementation cannot change behavior.
Updates #1195,1193
PiperOrigin-RevId: 308294649
|
|
|
|
This is needed to set up host fds passed through a Unix socket. Note that
the host package depends on kernel, so we cannot set up the hostfs mount
directly in Kernel.Init as we do for sockfs and pipefs.
Also, adjust sockfs to make its setup look more like hostfs's and pipefs's.
PiperOrigin-RevId: 308274053
|
|
|
|
Just call syscall.Fstat directly each time mode/file owner are needed. This
feels more natural than using i.getPermissions().
PiperOrigin-RevId: 308257405
|
|
|
|
PiperOrigin-RevId: 308170679
|
|
|
|
PiperOrigin-RevId: 308164359
|
|
|
|
These methods let users eaily break the VectorisedView abstraction, and
allowed netstack to slip into pseudo-enforcement of the "all headers are
in the first View" invariant. Removing them and replacing with PullUp(n)
breaks this reliance and will make it easier to add iptables support and
rework network buffer management.
The new View.PullUp(n) method is low cost in the common case, when when
all the headers fit in the first View.
PiperOrigin-RevId: 308163542
|
|
|
|
Ensure we use the correct architecture-specific defintion of epoll
event, and use go-marshal for serialization.
PiperOrigin-RevId: 308145677
|
|
|
|
PiperOrigin-RevId: 308143529
|
|
|
|
PiperOrigin-RevId: 308100771
|
|
This change adds a layer of abstraction around the internal Docker APIs,
and eliminates all direct dependencies on Dockerfiles in the infrastructure.
A subsequent change will automated the generation of local images (with
efficient caching). Note that this change drops the use of bazel container
rules, as that experiment does not seem to be viable.
PiperOrigin-RevId: 308095430
|
|
|
