summaryrefslogtreecommitdiffhomepage
path: root/runsc/cmd
AgeCommit message (Collapse)Author
2020-10-23Merge release-20201019.0-33-g293877cf6 (automated)gVisor bot
2020-10-22Load spec during "runsc start" to process flag overridesFabricio Voznika
Subcontainers are only configured when the container starts, however because start doesn't load the spec, flag annotations that may override flags were not getting applied to the configuration. Updates #3494 PiperOrigin-RevId: 338610953
2020-10-16Merge release-20201005.0-86-gfc40ead68 (automated)gVisor bot
2020-10-15`runsc do` fallback to internal network on failureFabricio Voznika
In case setting up network fails, log a warning and fallback to internal network. Closes #4498 PiperOrigin-RevId: 337442632
2020-09-17Merge release-20200907.0-125-gd796b100e (automated)gVisor bot
2020-09-17Merge release-20200907.0-123-gf0b1bd434 (automated)gVisor bot
2020-09-17Merge release-20200907.0-124-gda07e38f7 (automated)gVisor bot
2020-09-17Remove option to panic goferFabricio Voznika
Gofer panics are suppressed by p9 server and an error is returned to the caller, making it effectively the same as returning EROFS. PiperOrigin-RevId: 332282959
2020-09-01Merge release-20200818.0-102-g2eaf54dd5 (automated)gVisor bot
2020-09-01Refactor tty codebase to use master-replica terminology.Ayush Ranjan
Updates #2972 PiperOrigin-RevId: 329584905
2020-09-01Merge release-20200818.0-99-g71589b7f7 (automated)gVisor bot
2020-09-01Let flags be overriden from OCI annotationsFabricio Voznika
This allows runsc flags to be set per sandbox instance. For example, K8s pod annotations can be used to enable --debug for a single pod, making troubleshoot much easier. Similarly, features like --vfs2 can be enabled for experimentation without affecting other pods in the node. Closes #3494 PiperOrigin-RevId: 329542815
2020-08-20Merge release-20200810.0-69-gbe76c7ce6 (automated)gVisor bot
2020-08-19Move boot.Config to its own packageFabricio Voznika
Updates #3494 PiperOrigin-RevId: 327548511
2020-08-05Merge release-20200804.0-19-g190b1e6bd (automated)gVisor bot
2020-08-05Stop profiling when the sentry exitsFabricio Voznika
Also removes `--profile-goroutine` because it's equivalent to `debug --stacks`. PiperOrigin-RevId: 325061502
2020-07-14Merge release-20200622.1-153-g1bfb556cc (automated)gVisor bot
2020-07-14Prepare boot.Loader to support multi-container TTYFabricio Voznika
- Combine process creation code that is shared between root and subcontainer processes - Move root container information into a struct for clarity Updates #2714 PiperOrigin-RevId: 321204798
2020-07-13Merge pull request #2672 from amscanne:shim-integratedgVisor bot
PiperOrigin-RevId: 321053634
2020-07-09Merge release-20200622.1-87-ge506fcd93 (automated)gVisor bot
2020-07-09Add args and netns flag to runsc specIan Lewis
Adds a netns flag to runsc spec that allows users to specify a network namespace path when creating a sample config.json file. Also, adds the ability to specify the command arguments used when running the container. This will make it easier for new users to create sample OCI bundles without having to edit the config.json by hand. PiperOrigin-RevId: 320486267
2020-06-24Merge release-20200608.0-119-g364ac92ba (automated)gVisor bot
2020-06-23Support for saving pointers to fields in the state package.Adin Scannell
Previously, it was not possible to encode/decode an object graph which contained a pointer to a field within another type. This was because the encoder was previously unable to disambiguate a pointer to an object and a pointer within the object. This CL remedies this by constructing an address map tracking the full memory range object occupy. The encoded Refvalue message has been extended to allow references to children objects within another object. Because the encoding process may learn about object structure over time, we cannot encode any objects under the entire graph has been generated. This CL also updates the state package to use standard interfaces intead of reflection-based dispatch in order to improve performance overall. This includes a custom wire protocol to significantly reduce the number of allocations and take advantage of structure packing. As part of these changes, there are a small number of minor changes in other places of the code base: * The lists used during encoding are changed to use intrusive lists with the objectEncodeState directly, which required that the ilist Len() method is updated to work properly with the ElementMapper mechanism. * A bug is fixed in the list code wherein Remove() called on an element that is already removed can corrupt the list (removing the element if there's only a single element). Now the behavior is correct. * Standard error wrapping is introduced. * Compressio was updated to implement the new wire.Reader and wire.Writer inteface methods directly. The lack of a ReadByte and WriteByte caused issues not due to interface dispatch, but because underlying slices for a Read or Write call through an interface would always escape to the heap! * Statify has been updated to support the new APIs. See README.md for a description of how the new mechanism works. PiperOrigin-RevId: 318010298
2020-06-09Merge release-20200522.0-105-g0ae5bd24d (automated)gVisor bot
2020-06-09Mount root and volumes as read-only if --overlay is enabledFabricio Voznika
PiperOrigin-RevId: 315583963
2020-06-01Merge release-20200522.0-53-g12f74bd6 (automated)gVisor bot
2020-06-01Include runtime goroutines in panicsMichael Pratt
SetTraceback("all") does not include all goroutines in panics (you didn't think it was that simple, did you?). It includes all _user_ goroutines; those started by the runtime (such as GC workers) are excluded. Switch to "system" to additionally include runtime goroutines, which are useful to track down bugs in the runtime itself. PiperOrigin-RevId: 314204473
2020-06-01Merge release-20200522.0-48-g16100d18 (automated)gVisor bot
2020-06-01Make gofer mount readonly when overlay is enabledFabricio Voznika
No writes are expected to the underlying filesystem when using --overlay. PiperOrigin-RevId: 314171457
2020-05-29Merge release-20200522.0-36-gf498e46e (automated)gVisor bot
2020-05-27Merge release-20200518.0-45-g0bc022b7 (automated)gVisor bot
2020-05-24Add cwd option to spec cmdMikael Mello
2020-05-16Merge release-20200511.0-251-g420b791 (automated)gVisor bot
2020-05-15Minor formatting updates for gvisor.dev.Adin Scannell
* Aggregate architecture Overview in "What is gVisor?" as it makes more sense in one place. * Drop "user-space kernel" and use "application kernel". The term "user-space kernel" is confusing when some platform implementation do not run in user-space (instead running in guest ring zero). * Clear up the relationship between the Platform page in the user guide and the Platform page in the architecture guide, and ensure they are cross-linked. * Restore the call-to-action quick start link in the main page, and drop the GitHub link (which also appears in the top-right). * Improve image formatting by centering all doc and blog images, and move the image captions to the alt text. PiperOrigin-RevId: 311845158
2020-05-06Merge release-20200422.0-37-g279f1eb (automated)gVisor bot
2020-05-06Fix runsc syscall documentation generation.Adin Scannell
We can register any number of tables with any number of architectures, and need not limit the definitions to the architecture in question. This allows runsc to generate documentation for all architectures simultaneously. Similarly, this simplifies the VFSv2 patching process. PiperOrigin-RevId: 310224827
2020-04-28Merge release-20200413.0-9-g316394e (automated)gVisor bot
2020-04-27runsc: extend do network cleanupMichael Pratt
Previously we unconditionally failed to cleanup the networking files (hostname, resolve.conf, hosts), and failed to cleanup the netns, etc on partial setup failure. We can drop the iptables commands from cleanup, as the routes automatically go away when the device is deleted. Those commands were failing previously. Forward signals to the container, allowing it to exit normally when a signal is received, and then for runsc to run the cleanup. This doesn't cover cleanup when runsc is signalled before the container start, it covers the most common case. Fixes #2539 Fixes #2540
2020-04-23Simplify Docker test infrastructure.Adin Scannell
This change adds a layer of abstraction around the internal Docker APIs, and eliminates all direct dependencies on Dockerfiles in the infrastructure. A subsequent change will automated the generation of local images (with efficient caching). Note that this change drops the use of bazel container rules, as that experiment does not seem to be viable. PiperOrigin-RevId: 308095430
2020-04-23Merge release-20200323.0-215-g0c58694 (automated)gVisor bot
2020-04-22Specify a memory file in platform.New().Andrei Vagin
PiperOrigin-RevId: 307941984
2020-04-17Add test name to boot and gofer log filesFabricio Voznika
This is to make easier to find corresponding logs in case test fails. PiperOrigin-RevId: 307104283
2020-04-09Merge release-20200323.0-97-g6dd5a1f (automated)gVisor bot
2020-04-08Clean up TODOsFabricio Voznika
PiperOrigin-RevId: 305592245
2020-03-20Merge release-20200219.0-210-g069f1ed (automated)gVisor bot
2020-03-19Improve error message when pivot_root failsFabricio Voznika
PiperOrigin-RevId: 301949722
2020-03-12Merge release-20200219.0-157-gf2e4b5a (automated)gVisor bot
2020-03-12Kill sandbox process when parent process terminatesFabricio Voznika
When the sandbox runs in attached more, e.g. runsc do, runsc run, the sandbox lifetime is controlled by the parent process. This wasn't working in all cases because PR_GET_PDEATHSIG doesn't propagate through execve when the process changes uid/gid. So it was getting dropped when the sandbox execve's to change to user nobody. PiperOrigin-RevId: 300601247
2020-03-06Merge release-20200219.0-109-g6367963 (automated)gVisor bot
2020-02-26add profile optionmoricho