gvisor - Container Runtime Sandbox

Age	Commit message (Collapse)	Author
2019-07-01	Use new location of python-hello image in tests.	Nicolas Lacasse
	PiperOrigin-RevId: 256062988
2019-06-13	Update canonical repository.	Adin Scannell
	This can be merged after: https://github.com/google/gvisor-website/pull/77 or https://github.com/google/gvisor-website/pull/78 PiperOrigin-RevId: 253132620
2019-05-13	gvisor/runsc/tests: set timeout for http.Get()	Andrei Vagin
	WaitForHTTP tries GET requests on a port until the call succeeds or timeout. But we want to be sure that one of our attempts will not stuck for the whole timeout. All timeouts are increased to 30 seconds, because test cases with smaller timeouts fail sometimes even for the native container runtime (runc). PiperOrigin-RevId: 247888467 Change-Id: I03cfd3275286bc686a78fd26da43231d20667851
2019-05-03	Fix runsc restore to be compatible with docker start --checkpoint ...	Andrei Vagin
	Change-Id: I02b30de13f1393df66edf8829fedbf32405d18f8 PiperOrigin-RevId: 246621192
2019-05-03	Increase timeout to wait for port to become available	Fabricio Voznika
	TestHttpd fails sporadically waiting for the port on slow machines. PiperOrigin-RevId: 246525277 Change-Id: Ie0ea71e3c4664d24f580eabd8f7461e47079f734
2019-04-29	Change copyright notice to "The gVisor Authors"	Michael Pratt
	Based on the guidelines at https://opensource.google.com/docs/releasing/authors/. 1. $ rg -l "Google LLC" \| xargs sed -i 's/Google LLC.*/The gVisor Authors./' 2. Manual fixup of "Google Inc" references. 3. Add AUTHORS file. Authors may request to be added to this file. 4. Point netstack AUTHORS to gVisor AUTHORS. Drop CONTRIBUTORS. Fixes #209 PiperOrigin-RevId: 245823212 Change-Id: I64530b24ad021a7d683137459cafc510f5ee1de9
2019-01-16	Prevent internal tmpfs mount to override files in /tmp	Fabricio Voznika
	Runsc wants to mount /tmp using internal tmpfs implementation for performance. However, it risks hiding files that may exist under /tmp in case it's present in the container. Now, it only mounts over /tmp iff: - /tmp was not explicitly asked to be mounted - /tmp is empty If any of this is not true, then /tmp maps to the container's image /tmp. Note: checkpoint doesn't have sentry FS mounted to check if /tmp is empty. It simply looks for explicit mounts right now. PiperOrigin-RevId: 229607856 Change-Id: I10b6dae7ac157ef578efc4dfceb089f3b94cde06
2018-10-19	Use correct company name in copyright header	Ian Gudger
	PiperOrigin-RevId: 217951017 Change-Id: Ie08bf6987f98467d07457bcf35b5f1ff6e43c035
2018-10-17	runsc: Support job control signals for the root container.	Nicolas Lacasse
	Now containers run with "docker run -it" support control characters like ^C and ^Z. This required refactoring our signal handling a bit. Signals delivered to the "runsc boot" process are turned into loader.Signal calls with the appropriate delivery mode. Previously they were always sent directly to PID 1. PiperOrigin-RevId: 217566770 Change-Id: I5b7220d9a0f2b591a56335479454a200c6de8732
2018-10-17	Bump Pause/Resume integration test timeout in attempt to deflake Kokoro.	Nicolas Lacasse
	This is one of the many tests that fails periodically, making Kokoro unstable. PiperOrigin-RevId: 217528257 Change-Id: I2508ecf4d74d71b91feff1183544d61d7bd16995
2018-10-11	Sandbox cgroup tests	Fabricio Voznika
	Verify that cgroup is being properly set. PiperOrigin-RevId: 216736137 Change-Id: I0e27fd604eca67e7dd2e3548dc372ca9cc416309
2018-10-10	Add sandbox to cgroup	Fabricio Voznika
	Sandbox creation uses the limits and reservations configured in the OCI spec and set cgroup options accordinly. Then it puts both the sandbox and gofer processes inside the cgroup. It also allows the cgroup to be pre-configured by the caller. If the cgroup already exists, sandbox and gofer processes will join the cgroup but it will not modify the cgroup with spec limits. PiperOrigin-RevId: 216538209 Change-Id: If2c65ffedf55820baab743a0edcfb091b89c1019
2018-10-03	Fix sandbox chroot	Fabricio Voznika
	Sandbox was setting chroot, but was not chaging the working dir. Added test to ensure this doesn't happen in the future. PiperOrigin-RevId: 215676270 Change-Id: I14352d3de64a4dcb90e50948119dc8328c9c15e1
2018-09-28	Made a few changes to make testutil.Docker easier to use	Fabricio Voznika
	PiperOrigin-RevId: 215023376 Change-Id: I139569bd15c013e5dd0f60d0c98a64eaa0ba9e8e
2018-09-05	Use container's capabilities in exec	Fabricio Voznika
	When no capabilities are specified in exec, use the container's capabilities to match runc's behavior. PiperOrigin-RevId: 211735186 Change-Id: Icd372ed64410c81144eae94f432dffc9fe3a86ce
2018-08-09	Fix runsc integration_test when using --network=host	Fabricio Voznika
	inethost doesn't support netlink and 'ifconfig' call to retrieve IP address fails. Look up IP address in /etc/hosts instead. PiperOrigin-RevId: 208135641 Change-Id: I3c2ce15db6fc7c3306a45e4bfb9cc5d4423ffad3
2018-08-08	Resend packets back to netstack if destined to itself	Fabricio Voznika
	Add option to redirect packet back to netstack if it's destined to itself. This fixes the problem where connecting to the local NIC address would not work, e.g.: echo bar \| nc -l -p 8080 & echo foo \| nc 192.168.0.2 8080 PiperOrigin-RevId: 207995083 Change-Id: I17adc2a04df48bfea711011a5df206326a1fb8ef
2018-08-07	Fix build break in test	Fabricio Voznika
	integration_test runs manually and breakage wasn't detected. Added test to kokoro to ensure breakages are detected in the future. PiperOrigin-RevId: 207772835 Change-Id: Iada81b579b558477d4db3516b38366ef6a2e933d
2018-07-11	Created runsc and docker integration tests.	Justine Olshan
	Moved some of the docker image functions to testutil.go. Test runsc commands create, start, stop, pause, and resume. PiperOrigin-RevId: 204138452 Change-Id: Id00bc58d2ad230db5e9e905eed942187e68e7c7b