summaryrefslogtreecommitdiffhomepage
path: root/runsc
AgeCommit message (Collapse)Author
2018-11-01First crictl integration tests.Kevin Krakauer
More tests will come, but it's worth getting what's done so far reviewed. PiperOrigin-RevId: 219734531 Change-Id: If15ca6e6855e3d1cc28c83b5f9c3a72cb65b2e59
2018-11-01Use spec with clean paths for goferFabricio Voznika
Otherwise the gofer's attach point may be different from sandbox when there symlinks in the path. PiperOrigin-RevId: 219730492 Change-Id: Ia9c4c2d16228c6a1a9e790e0cb673fd881003fe1
2018-11-01Add new log format that is compatible with KubernetesFabricio Voznika
Fluentd configuration uses 'log' for the log message while containerd uses 'msg'. Since we can't have a single JSON format for both, add another log format and make debug log configurable. PiperOrigin-RevId: 219729658 Change-Id: I2a6afc4034d893ab90bafc63b394c4fb62b2a7a0
2018-11-01Make error messages a bit more user friendly.Ian Lewis
Updated error messages so that it doesn't print full Go struct representations when running a new container in a sandbox. For example, this occurs frequently when commands are not found when doing a 'kubectl exec'. PiperOrigin-RevId: 219729141 Change-Id: Ic3a7bc84cd7b2167f495d48a1da241d621d3ca09
2018-11-01Close http.Response.Body after Get request.Kevin Krakauer
From https://golang.org/pkg/net/http/#Get: "When err is nil, resp always contains a non-nil resp.Body. Caller should close resp.Body when done reading from it." PiperOrigin-RevId: 219658052 Change-Id: I556e88ac4f2c90cd36ab16cd3163d1a52afc32b7
2018-10-31Make lazy open the mode of operation for fsgoferFabricio Voznika
With recent changes to 9P server, path walks are now safe inside open, create, rename and setattr calls. To simplify the code, remove the lazyopen=false mode that was used for bind mounts, and converge all mounts to using lazy open. PiperOrigin-RevId: 219508628 Change-Id: I073e7e1e2e9a9972d150eaf4cb29e553997a9b76
2018-10-30kvm: use private futexes.Adin Scannell
Use private futexes for performance and to align with other runtime uses. PiperOrigin-RevId: 219422634 Change-Id: Ief2af5e8302847ea6dc246e8d1ee4d64684ca9dd
2018-10-29Removes outdated TODO.Kevin Krakauer
PiperOrigin-RevId: 219151173 Change-Id: I73014ea648ae485692ea0d44860c87f4365055cb
2018-10-26Order feature strings by blockMichael Pratt
PiperOrigin-RevId: 218894181 Change-Id: I97d0c74175f4aa528363f768a0a85d6953ea0bfd
2018-10-25Uninstall() should not fail if a cgroup directory doesn't existAndrei Vagin
It can be occurred if two controllers are mounted together or if Uninstall() is called on a error path. PiperOrigin-RevId: 218723886 Change-Id: I69d7a3c0685a7da38527ea8b7b301dbe96268285
2018-10-24Re-enable TestPythonHello now that ptrace seccomp issue is resolved.Nicolas Lacasse
PiperOrigin-RevId: 218636184 Change-Id: I44deac3f32276d06955c5fb1e28c5970bb08f5fd
2018-10-23Track paths and provide a rename hook.Adin Scannell
This change also adds extensive testing to the p9 package via mocks. The sanity checks and type checks are moved from the gofer into the core package, where they can be more easily validated. PiperOrigin-RevId: 218296768 Change-Id: I4fc3c326e7bf1e0e140a454cbacbcc6fd617ab55
2018-10-21Updated cleanup code to be more explicit about ignoring errors.Ian Lewis
Errors are shown as being ignored by assigning to the blank identifier. PiperOrigin-RevId: 218103819 Change-Id: I7cc7b9d8ac503a03de5504ebdeb99ed30a531cf2
2018-10-20Add more unimplemented syscall eventsFabricio Voznika
Added events for *ctl syscalls that may have multiple different commands. For runsc, each syscall event is only logged once. For *ctl syscalls, use the cmd as identifier, not only the syscall number. PiperOrigin-RevId: 218015941 Change-Id: Ie3c19131ae36124861e9b492a7dbe1765d9e5e59
2018-10-19Use correct company name in copyright headerIan Gudger
PiperOrigin-RevId: 217951017 Change-Id: Ie08bf6987f98467d07457bcf35b5f1ff6e43c035
2018-10-18Resolve mount paths while setting up root fs mountFabricio Voznika
It's hard to resolve symlinks inside the sandbox because rootfs and mounts may be read-only, forcing us to create mount points inside lower layer of an overlay, **before** the volumes are mounted. Since the destination must already be resolved outside the sandbox when creating mounts, take this opportunity to rewrite the spec with paths resolved. "runsc boot" will use the "resolved" spec to load mounts. In addition, symlink traversals were disabled while mounting containers inside the sandbox. It haven't been able to write a good test for it. So I'm relying on manual tests for now. PiperOrigin-RevId: 217749904 Change-Id: I7ac434d5befd230db1488446cda03300cc0751a9
2018-10-18Skip TestPythonHello on ptrace platform while we debug the issue.Nicolas Lacasse
PiperOrigin-RevId: 217743078 Change-Id: I47fabd88139b968b6183bcc0340065fdbbc1d40d
2018-10-17Close the gofer socket gracefully in boot:boot_test.Nicolas Lacasse
We were closing the FD directly. If the test then created a new socket pair with the same FD, in-flight RPCs would get directed to the new socket and break the test. Instead, we should use unet.Socket.Close(), which allows any in-flight RPCs to finish. PiperOrigin-RevId: 217608491 Change-Id: I8c5a76638899ba30f33ca976e6fac967fa0aadbf
2018-10-17Relativize all socket paths in tests.Nicolas Lacasse
Otherwise they may exceed the maximum. PiperOrigin-RevId: 217584658 Change-Id: I869e400d3409599c0d3b85c6590702c052f49550
2018-10-17runsc: Support job control signals for the root container.Nicolas Lacasse
Now containers run with "docker run -it" support control characters like ^C and ^Z. This required refactoring our signal handling a bit. Signals delivered to the "runsc boot" process are turned into loader.Signal calls with the appropriate delivery mode. Previously they were always sent directly to PID 1. PiperOrigin-RevId: 217566770 Change-Id: I5b7220d9a0f2b591a56335479454a200c6de8732
2018-10-17Remove incorrect TODO.Kevin Krakauer
PiperOrigin-RevId: 217548429 Change-Id: Ie640c881fdc4fc70af58c8ca834df1ac531e519a
2018-10-17runsc: Add --pid flag to runsc kill.Kevin Krakauer
--pid allows specific processes to be signalled rather than the container root process or all processes in the container. containerd needs to SIGKILL exec'd processes that timeout and check whether processes are still alive. PiperOrigin-RevId: 217547636 Change-Id: I2058ebb548b51c8eb748f5884fb88bad0b532e45
2018-10-17Attempt to deflake TestPythonHelloFabricio Voznika
It has timed out running with kokoro a few times. I passes consistently on my machine (200+ runsc). Increase the timeout to see if it helps. Failure: image_test.go:212: WaitForHTTP() timeout: Get http://localhost:32785/: dial tcp [::1]:32785: connect: connection refused PiperOrigin-RevId: 217532428 Change-Id: Ibf860aecf537830bef832e436f2e804b3fc12f2d
2018-10-17Bump Pause/Resume integration test timeout in attempt to deflake Kokoro.Nicolas Lacasse
This is one of the many tests that fails periodically, making Kokoro unstable. PiperOrigin-RevId: 217528257 Change-Id: I2508ecf4d74d71b91feff1183544d61d7bd16995
2018-10-17Make removing cgroups retry up to 5 seconds.Nicolas Lacasse
Sometimes if we try to remove the cgroup directory too soon after killing the sandbox we EBUSY. This CL adds a retry (up to 5 seconds) for removing. Deflakes ChrootTest. PiperOrigin-RevId: 217526909 Change-Id: I749bb172117e2298c9888ecad094072393b94810
2018-10-16Bump sandbox start and stop timeouts.Nicolas Lacasse
PiperOrigin-RevId: 217433699 Change-Id: Icef08285728c23ee7dd650706aaf18da51c25dff
2018-10-15Never send boot process stdio to application stdio.Nicolas Lacasse
We treat handle the boot process stdio separately from the application stdio (which gets passed via flags), but we were still sending both to same place. As a result, some logs that are written directly to os.Stderr by the boot process were ending up in the application logs. This CL starts sendind boot process stdio to the null device (since we don't have any better options). The boot process is already configured to send all logs (and panics) to the log file, so we won't miss anything important. PiperOrigin-RevId: 217173020 Change-Id: I5ab980da037f34620e7861a3736ba09c18d73794
2018-10-12Added spec command to create OCI spec config.jsonIan Lewis
The spec command is analygous to the 'runc spec' command and allows for the convenient creation of a config.json file for users that don't have runc handy. Change-Id: Ifdfec37e023048ea461c32da1a9042a45b37d856 PiperOrigin-RevId: 216907826
2018-10-11Make the gofer process enter namespacesFabricio Voznika
This is done to further isolate the gofer from the host. PiperOrigin-RevId: 216790991 Change-Id: Ia265b77e4e50f815d08f743a05669f9d75ad7a6f
2018-10-11Fix reference leak in tests.Nicolas Lacasse
PiperOrigin-RevId: 216780438 Change-Id: Ide637fe36f8d2a61fea9e5b16d1b3401f2540416
2018-10-11Make Wait() return the sandbox exit status if the sandbox has exited.Nicolas Lacasse
It's possible for Start() and Wait() calls to race, if the sandboxed application is short-lived. If the application finishes before (or during) the Wait RPC, then Wait will fail. In practice this looks like "connection refused" or "EOF" errors when waiting for an RPC response. This race is especially bad in tests, where we often run "true" inside a sandbox. This CL does a best-effort fix, by returning the sandbox exit status as the container exit status. In most cases, these are the same. This fixes the remaining flakes in runsc/container:container_test. PiperOrigin-RevId: 216777793 Change-Id: I9dfc6e6ec885b106a736055bc7a75b2008dfff7a
2018-10-11Make debug log file name configurableFabricio Voznika
This is a breaking change if you're using --debug-log-dir. The fix is to replace it with --debug-log and add a '/' at the end: --debug-log-dir=/tmp/runsc ==> --debug-log=/tmp/runsc/ PiperOrigin-RevId: 216761212 Change-Id: I244270a0a522298c48115719fa08dad55e34ade1
2018-10-11Sandbox cgroup testsFabricio Voznika
Verify that cgroup is being properly set. PiperOrigin-RevId: 216736137 Change-Id: I0e27fd604eca67e7dd2e3548dc372ca9cc416309
2018-10-11Add bare bones unsupported syscall loggingFabricio Voznika
This change introduces a new flags to create/run called --user-log. Logs to this files are visible to users and are meant to help debugging problems with their images and containers. For now only unsupported syscalls are sent to this log, and only minimum support was added. We can build more infrastructure around it as needed. PiperOrigin-RevId: 216735977 Change-Id: I54427ca194604991c407d49943ab3680470de2d0
2018-10-10Removes irrelevant TODO.Kevin Krakauer
PiperOrigin-RevId: 216616873 Change-Id: I4d974ab968058eadd01542081e18a987ef08f50a
2018-10-10runsc: Pass controlling TTY by FD in the *new* process, not current process.Nicolas Lacasse
When setting Cmd.SysProcAttr.Ctty, the FD must be the FD of the controlling TTY in the new process, not the current process. The ioctl call is made after duping all FDs in Cmd.ExtraFiles, which may stomp on the old TTY FD. This fixes the "bad address" flakes in runsc/container:container_test, although some other flakes remain. PiperOrigin-RevId: 216594394 Change-Id: Idfd1677abb866aa82ad7e8be776f0c9087256862
2018-10-10Support for older Linux kernels without getrandomJonathan Giannuzzi
Change-Id: I1fb9f5b47a264a7617912f6f56f995f3c4c5e578 PiperOrigin-RevId: 216591484
2018-10-10Enforce message size limits and avoid host calls with too many iovecsMichael Pratt
Currently, in the face of FileMem fragmentation and a large sendmsg or recvmsg call, host sockets may pass > 1024 iovecs to the host, which will immediately cause the host to return EMSGSIZE. When we detect this case, use a single intermediate buffer to pass to the kernel, copying to/from the src/dst buffer. To avoid creating unbounded intermediate buffers, enforce message size checks and truncation w.r.t. the send buffer size. The same functionality is added to netstack unix sockets for feature parity. PiperOrigin-RevId: 216590198 Change-Id: I719a32e71c7b1098d5097f35e6daf7dd5190eff7
2018-10-10Add sandbox to cgroupFabricio Voznika
Sandbox creation uses the limits and reservations configured in the OCI spec and set cgroup options accordinly. Then it puts both the sandbox and gofer processes inside the cgroup. It also allows the cgroup to be pre-configured by the caller. If the cgroup already exists, sandbox and gofer processes will join the cgroup but it will not modify the cgroup with spec limits. PiperOrigin-RevId: 216538209 Change-Id: If2c65ffedf55820baab743a0edcfb091b89c1019
2018-10-09Add tests to verify gofer is chroot'edFabricio Voznika
PiperOrigin-RevId: 216472439 Change-Id: Ic4cb86c8e0a9cb022d3ceed9dc5615266c307cf9
2018-10-09Add new netstack metrics to the sentryIan Gudger
PiperOrigin-RevId: 216431260 Change-Id: Ia6e5c8d506940148d10ff2884cf4440f470e5820
2018-10-08Job control signals must be sent to all processes in the FG process group.Nicolas Lacasse
We were previously only sending to the originator of the process group. Integration test was changed to test this behavior. It fails without the corresponding code change. PiperOrigin-RevId: 216297263 Change-Id: I7e41cfd6bdd067f4b9dc215e28f555fb5088916f
2018-10-08Uncapitalize errorMichael Pratt
PiperOrigin-RevId: 216281263 Change-Id: Ie0c189e7f5934b77c6302336723bc1181fd2866c
2018-10-04Capture boot panics in debug log.Nicolas Lacasse
Docker and Containerd both eat the boot processes stderr, making it difficult to track down panics (which are always written to stderr). This CL makes the boot process dup its debug log FD to stderr, so that panics will be captured in the debug log, which is better than nothing. This is the 3rd try at this CL. Previous attempts were foiled because Docker expects the 'create' command to pass its stdio directly to the container, so duping stderr in 'create' caused the applications stderr to go to the log file, which breaks many applications (including our mysql test). I added a new image_test that makes sure stdout and stderr are handled correctly. PiperOrigin-RevId: 215767328 Change-Id: Icebac5a5dcf39b623b79d7a0e2f968e059130059
2018-10-03Fix sandbox chrootFabricio Voznika
Sandbox was setting chroot, but was not chaging the working dir. Added test to ensure this doesn't happen in the future. PiperOrigin-RevId: 215676270 Change-Id: I14352d3de64a4dcb90e50948119dc8328c9c15e1
2018-10-03Automated rollback of changelist 215585559Nicolas Lacasse
PiperOrigin-RevId: 215633475 Change-Id: I7bc471e3b9a2c725fb5e15b3bbcba2ee1ea574b1
2018-10-03runsc: Allow state transition from Creating to Stopped.Nicolas Lacasse
This can happen if an error is encountered during Create() which causes the container to be destroyed and set to state Stopped. Without this transition, errors during Create get hidden by the later panic. PiperOrigin-RevId: 215599193 Change-Id: Icd3f42e12c685cbf042f46b3929bccdf30ad55b0
2018-10-03Fix arithmetic error in multi_container_test.Nicolas Lacasse
We add an additional (2^3)-1=7 processes, but the code was only waiting for 3. I switched back to Math.Pow format to make the arithmetic easier to inspect. PiperOrigin-RevId: 215588140 Change-Id: Iccad4d6f977c1bfc5c4b08d3493afe553fe25733
2018-10-03runsc: Dup debug log file to stderr, so sentry panics don't get lost.Nicolas Lacasse
Docker and containerd do not expose runsc's stderr, so tracking down sentry panics can be painful. If we have a debug log file, we should send panics (and all stderr data) to the log file. PiperOrigin-RevId: 215585559 Change-Id: I3844259ed0cd26e26422bcdb40dded302740b8b6
2018-10-03runsc: Pass root container's stdio via FD.Nicolas Lacasse
We were previously using the sandbox process's stdio as the root container's stdio. This makes it difficult/impossible to distinguish output application output from sandbox output, such as panics, which are always written to stderr. Also close the console socket when we are done with it. PiperOrigin-RevId: 215585180 Change-Id: I980b8c69bd61a8b8e0a496fd7bc90a06446764e0