summaryrefslogtreecommitdiffhomepage
path: root/pkg
AgeCommit message (Collapse)Author
2020-04-30Merge release-20200413.0-28-g043b7d8 (automated)gVisor bot
2020-04-30Prefer temporary addressesGhanan Gowripalan
Implement rule 7 of Source Address Selection RFC 6724 section 5. This makes temporary (short-lived) addresses preferred over non-temporary addresses when earlier rules are equal. Test: stack_test.TestIPv6SourceAddressSelectionScopeAndSameAddress PiperOrigin-RevId: 309250975
2020-04-30Merge release-20200413.0-27-g442fde4 (automated)gVisor bot
2020-04-30Fix proc net bugs in VFS2.Dean Deng
The /proc/net/udp header was missing, and /proc/sys/net was set up as /proc/sys/net/net. Discovered while trying to run networking tests for VFS2. PiperOrigin-RevId: 309243758
2020-04-29Merge release-20200413.0-24-gef94401 (automated)gVisor bot
2020-04-29Add read/write timeouts for VFS2 socket files.Dean Deng
Updates #1476 PiperOrigin-RevId: 309098590
2020-04-29Merge release-20200413.0-23-ga105d18 (automated)gVisor bot
2020-04-29iptables: don't pollute logsKevin Krakauer
The netfilter package uses logs to make debugging the (de)serialization of structs easier. This generates a lot of (usually irrelevant) logs. Logging is now hidden behind a debug flag. PiperOrigin-RevId: 309087115
2020-04-29Merge release-20200413.0-18-gce19497 (automated)gVisor bot
2020-04-28Fix Unix socket permissions.Dean Deng
Enforce write permission checks in BoundEndpointAt, which corresponds to the permission checks in Linux (net/unix/af_unix.c:unix_find_other). Also, create bound socket files with the correct permissions in VFS2. Fixes #2324. PiperOrigin-RevId: 308949084
2020-04-29Merge release-20200413.0-17-g24abccb (automated)gVisor bot
2020-04-28Internal change.gVisor bot
PiperOrigin-RevId: 308940886
2020-04-29Merge release-20200413.0-16-gf93f2fd (automated)gVisor bot
2020-04-28Deduplicate unix socket Release() method.Dean Deng
PiperOrigin-RevId: 308932254
2020-04-28Merge release-20200413.0-15-g37a59bc (automated)gVisor bot
2020-04-28Support IPv6 Privacy Extensions for SLAACGhanan Gowripalan
Support generating temporary (short-lived) IPv6 SLAAC addresses to address privacy concerns outlined in RFC 4941. Tests: - stack_test.TestAutoGenTempAddr - stack_test.TestNoAutoGenTempAddrForLinkLocal - stack_test.TestAutoGenTempAddrRegen - stack_test.TestAutoGenTempAddrRegenTimerUpdates - stack_test.TestNoAutoGenTempAddrWithoutStableAddr - stack_test.TestAutoGenAddrInResponseToDADConflicts PiperOrigin-RevId: 308915566
2020-04-28Merge release-20200413.0-10-gf3ca5ca (automated)gVisor bot
2020-04-28Support pipes and sockets in VFS2 gofer fs.Dean Deng
Named pipes and sockets can be represented in two ways in gofer fs: 1. As a file on the remote filesystem. In this case, all file operations are passed through 9p. 2. As a synthetic file that is internal to the sandbox. In this case, the dentry stores an endpoint or VFSPipe for sockets and pipes respectively, which replaces interactions with the remote fs through the gofer. In gofer.filesystem.MknodAt, we attempt to call mknod(2) through 9p, and if it fails, fall back to the synthetic version. Updates #1200. PiperOrigin-RevId: 308828161
2020-04-27Merge release-20200413.0-7-g1c2ecbb (automated)gVisor bot
2020-04-27Import host sockets.Dean Deng
The FileDescription implementation for hostfs sockets uses the standard Unix socket implementation (unix.SocketVFS2), but is also tied to a hostfs dentry. Updates #1672, #1476 PiperOrigin-RevId: 308716426
2020-04-27Reduce flakiness in tcp_test.Bhasker Hariharan
Poll for metric updates as immediately trying to read them can sometimes be flaky if due to goroutine scheduling the check happens before the sender has got a chance to update the corresponding sent metric. PiperOrigin-RevId: 308712817
2020-04-27Merge release-20200323.0-254-g003e79a (automated)gVisor bot
2020-04-27Dump stack for stuck start and stuck watchdogFabricio Voznika
The meaning for skipDump was reversed, but not all callers were updated. Change the meaning once again to forceDump, so that the period between stack dump is respected from all callers. PiperOrigin-RevId: 308674373
2020-04-27Merge release-20200323.0-253-g55f0c33 (automated)gVisor bot
2020-04-27Automated rollback of changelist 308163542gVisor bot
PiperOrigin-RevId: 308674219
2020-04-27Merge release-20200323.0-252-g292f3f9 (automated)gVisor bot
2020-04-27Don't leak vfs.MountNamespace reference if kernel.TaskSet.NewTask fails.Jamie Liu
PiperOrigin-RevId: 308617610
2020-04-26Merge release-20200323.0-251-g3c67754 (automated)gVisor bot
2020-04-25Enable automated marshalling for signals and the arch package.Rahat Mahmood
PiperOrigin-RevId: 308472331
2020-04-24More descriptive error message for missing docker image.Eyal Soha
Tested: Ran a packetimpact test after `docker image rm` and examined the message. PiperOrigin-RevId: 308370603
2020-04-25Merge release-20200323.0-248-g15a822a (automated)gVisor bot
2020-04-24VFS2: Get HelloWorld image tests to pass with VFS2Zach Koopmans
This change includes: - Modifications to loader_test.go to get TestCreateMountNamespace to pass with VFS2. - Changes necessary to get TestHelloWorld in image tests to pass with VFS2. This means runsc can run the hello-world container with docker on VSF2. Note: Containers that use sockets will not run with these changes. See "//test/image/...". Any tests here with sockets currently fail (which is all of them but HelloWorld). PiperOrigin-RevId: 308363072
2020-04-24Merge release-20200323.0-246-g1072547 (automated)gVisor bot
2020-04-24Merge pull request #1707 from lubinszARM:pr_lazy_fpsimd_2gVisor bot
PiperOrigin-RevId: 308347744
2020-04-24Merge release-20200323.0-243-gdfff265 (automated)gVisor bot
2020-04-24Add ICMP6 param problem testEyal Soha
Tested: When run on Linux, a correct ICMPv6 response is received. On netstack, no ICMPv6 response is received. PiperOrigin-RevId: 308343113
2020-04-24Standardize all Docker images.Adin Scannell
This change moves all Docker images to a standard location, and abstracts the build process so that they can be maintained in an automated fashion. This also allows the images to be architecture-independent. All images will now be referred to by the test framework via the canonical `gvisor.dev/images/<name>`, where `<name>` is a function of the path within the source tree. In a subsequent change, continuous integration will be added so that the images will always be correct and available locally. In the end, using `bazel` for Docker containers is simply not possible. Given that we already have the need to use `make` with the base container (for Docker), we extend this approach to get more flexibility. This change also adds a self-documenting and powerful Makefile that is intended to replace the collection of scripts in scripts. Canonical (self-documenting) targets can be added here for targets that understand which images need to be loaded and/or built. PiperOrigin-RevId: 308322438
2020-04-24Merge release-20200323.0-239-gf13f26d (automated)gVisor bot
2020-04-24Port SCM Rights to VFS2.Dean Deng
Fixes #1477. PiperOrigin-RevId: 308317511
2020-04-24Merge release-20200323.0-237-g1ceee04 (automated)gVisor bot
2020-04-24Do not copy tcpip.CancellableTimerGhanan Gowripalan
A CancellableTimer's AfterFunc timer instance creates a closure over the CancellableTimer's address. This closure makes a CancellableTimer unsafe to copy. No behaviour change, existing tests pass. PiperOrigin-RevId: 308306664
2020-04-24Merge release-20200323.0-236-g632b104 (automated)gVisor bot
2020-04-24Plumb context.Context into kernfs.Inode.Open().Dean Deng
PiperOrigin-RevId: 308304793
2020-04-24Merge release-20200323.0-235-g2cc0fd4 (automated)gVisor bot
2020-04-24Fixes for procfsFabricio Voznika
- Return ENOENT for /proc/[pid]/task if task is zoombied or terminated - Allow directory to be Seek() to the end - Construct synthetic files for /proc/[pid]/ns/* - Changed GenericDirectoryFD.Init to not register with FileDescription, otherwise other implementation cannot change behavior. Updates #1195,1193 PiperOrigin-RevId: 308294649
2020-04-24Merge release-20200323.0-234-g1b88c63 (automated)gVisor bot
2020-04-24Move hostfs mount to Kernel struct.Dean Deng
This is needed to set up host fds passed through a Unix socket. Note that the host package depends on kernel, so we cannot set up the hostfs mount directly in Kernel.Init as we do for sockfs and pipefs. Also, adjust sockfs to make its setup look more like hostfs's and pipefs's. PiperOrigin-RevId: 308274053
2020-04-24Merge release-20200323.0-233-g40a712c (automated)gVisor bot
2020-04-24Refactor syscall.Fstat calls in hostfs.Dean Deng
Just call syscall.Fstat directly each time mode/file owner are needed. This feels more natural than using i.getPermissions(). PiperOrigin-RevId: 308257405
2020-04-24Merge release-20200323.0-229-gf01f213 (automated)gVisor bot