Age | Commit message (Collapse) | Author |
|
And stop storing the Filesystem in the MountSource.
This allows us to decouple the MountSource filesystem type from the name of the
filesystem.
PiperOrigin-RevId: 247292982
Change-Id: I49cbcce3c17883b7aa918ba76203dfd6d1b03cc8
|
|
$ dpkg -s runsc
Package: runsc
Status: install ok installed
Priority: optional
Section: contrib/devel
Maintainer: The gVisor Authors <gvisor-dev@googlegroups.com>
Architecture: amd64
Version: 20190304.1-123-g861434f612ce-dirty
Description: gVisor is a user-space kernel, written in Go, that
implements a substantial portion of the Linux system surface. It
includes an Open Container Initiative (OCI) runtime called runsc that
provides an isolation boundary between the application and the host
kernel. The runsc runtime integrates with Docker and Kubernetes,
making it simple to run sandboxed containers.
Homepage: https://gvisor.dev/
Built-Using: Bazel
Change-Id: I6f161de8fba649f12272a87b99529ccfd22e499a
PiperOrigin-RevId: 246546294
|
|
PiperOrigin-RevId: 241421671
Change-Id: Ic0cebfe3efd458dc42c49f7f812c13318705199a
|
|
This is a prereq for running the sandbox process as user "nobody", when it may
not have permissions to open these files.
Instead, we must open then before starting the sandbox process, and pass them
by FD.
The specutils.ReadSpecFromFile method was fixed to always seek to the beginning
of the file before reading. This allows Files from the same FD to be read
multiple times, as we do in the boot command when the apply-caps flag is set.
Tested with --network=host.
PiperOrigin-RevId: 211570647
Change-Id: I685be0a290aa7f70731ebdce82ebc0ebcc9d475c
|
|
PiperOrigin-RevId: 211147521
Change-Id: I9b8b67df50a3ba084c07a48c72a874d7e2007f23
|
|
runsc and runsc-race need the same deps.
PiperOrigin-RevId: 211103766
Change-Id: Ib0c97078a469656c1e5b019648589a1d07915625
|
|
GoCompile: missing strict dependencies:
/tmpfs/tmp/bazel/sandbox/linux-sandbox/1744/execroot/__main__/runsc/main.go:
import of "gvisor.googlesource.com/gvisor/runsc/specutils"
This was broken in 210995199.
PiperOrigin-RevId: 211086595
Change-Id: I166b9a2ed8e4d6e624def944b720190940d7537c
|
|
PiperOrigin-RevId: 210422178
Change-Id: I984dd348d467908bc3180a20fc79b8387fcca05e
|
|
(Why not?)
PiperOrigin-RevId: 206401282
Change-Id: Iadcb7fb8472de7aef7c4bf5182e9a1d339e4d259
|
|
Common code to setup and run sandbox is moved to testutil. Also, don't
link "boot" and "gofer" commands with test binary. Instead, use runsc
binary from the build. This not only make the test setup simpler, but
also resolves a dependency issue with sandbox_tests not depending on
container package.
PiperOrigin-RevId: 199164478
Change-Id: I27226286ca3f914d4d381358270dd7d70ee8372f
|
|
Change-Id: I9737cc680968033ba82c95bb04cc482fcaa12642
PiperOrigin-RevId: 196192683
|
|
PiperOrigin-RevId: 194583126
Change-Id: Ica1d8821a90f74e7e745962d71801c598c652463
|