| Age | Commit message (Collapse) | Author |
|---|
|
|
|
PiperOrigin-RevId: 407392578
|
|
|
|
PiperOrigin-RevId: 407177936
|
|
|
|
It's safe to call SetAttr and Allocate on fsgofer because the
file path is not used to open the file, if needed.
Fixes #3654
PiperOrigin-RevId: 407149393
|
|
copy and setup PERMANENT (static) ARP entries
from CNI namespace to the sandbox
Fixes #3301
|
|
This is part of cgroupv2 patch set. Here we add a Cgroup interface that
both v1 and v2 need to conform to, and port cgroupv1 to use that first.
Signed-off-by: Daniel Dao <dqminh89@gmail.com>
|
|
|
|
PiperOrigin-RevId: 406027220
|
|
|
|
vfs.NewDisconnectedMount has no error paths. Its much prettier without the
error return value.
Also simplify MountDisconnected which would immediately drop the refs taken by
NewDisconnectedMount. Instead make it directly call newMount.
PiperOrigin-RevId: 405767966
|
|
|
|
PiperOrigin-RevId: 404901660
|
|
|
|
This change enables VFS2 by default. VFS2 is much faster than the previous
implementation and it's also more compatible. VFS1 is no longer supported and
will be deleted from the code.
Use `--vfs2=false` if you need to disable it. Make sure to report a bug if you
have the need to disable VFS2 or something is not working for you.
Closes #1035
PiperOrigin-RevId: 404898135
|
|
|
|
PiperOrigin-RevId: 404635832
|
|
|
|
Now that we use x/sys/unix beyond https://golang.org/cl/313690 we always use
accept4 in place of accept.
PiperOrigin-RevId: 404265340
|
|
|
|
Updates #1035
PiperOrigin-RevId: 404043283
|
|
|
|
Updates #1035
PiperOrigin-RevId: 404017795
|
|
|
|
gVisor was previously reporting the lower of cgroup limit or 2GB as total
memory. This may cause applications to make bad decisions based on amount
of memory available to them when more than 2GB is required.
This change makes the lower of cgroup limit or the host total memory to be
reported inside the sandbox. This also is more inline with docker which always
reports host total memory. Note that reporting cgroup limit is strictly better
than host total memory when there is a limit set.
Fixes #5608
PiperOrigin-RevId: 403241608
|
|
|
|
Before cl/402392291 and cl/402614820, it worked without any problem.
In this case, we just ignore a cgroup configuration. We do the same thing,
when we don't have permissions to create new cgroups on cgroupV1.
PiperOrigin-RevId: 402913129
|
|
|
|
- Don't attempt to create directory is controller is not
present in the system
- Ensure that all files being written exist in cgroupfs
- Attempt to delete directories during Uninstall even if
other deletions have failed
Fixes #6446
PiperOrigin-RevId: 402614820
|
|
|
|
Tools (e.g. cAdvisor) watches for changes inside /sys/fs/cgroup to detect
when containers are created and deleted. With gVisor, container cgroups were
not created because the containers are not visible to the host.
This change enables the creation of [empty] subcontainer cgroups that can
be used by tools to detect creation/deletion of subcontainers. This change
required a new annotation to be added so that the shim can communicate the
pod cgroup path to runsc, so pod and container cgroups can be identified,
Fixes #6500
PiperOrigin-RevId: 402392291
|
|
|
|
PiperOrigin-RevId: 401296116
|
|
|
|
|
|
|
|
Fixes #6643
PiperOrigin-RevId: 400218778
|
|
|
|
Go 1.18 (as of golang.org/cl/324129) uses per-thread timers created and set
with timer_create/timer_settime for more accurate CPU pprof profiling.
Add these syscalls to the allowed syscall filters.
PiperOrigin-RevId: 399941561
|
|
Updates #136
|
|
|
|
PiperOrigin-RevId: 399295737
|
|
|
|
Most usages of `runsc spec`+`runsc run` do not expect stdios to be a terminal.
Updates #6619
PiperOrigin-RevId: 398288237
|
|
|
|
Introduces RPC methods in lisafs. Makes that gofer client use lisafs RPCs
instead of p9 when lisafs is enabled.
Implements the handlers for those methods in fsgofer.
Fixes #5465
PiperOrigin-RevId: 398080310
|
|
|
|
lisafs is only supported in VFS2. Added a runsc flag which enables lisafs.
When the flag is enabled, the gofer process and the client communicate using
lisafs protocol instead of 9P.
Added a filesystem option in fsimpl/gofer which indicates if lisafs is being
used. That will be used to gate lisafs on the gofer client.
Note that this change does not make the gofer client use lisafs just yet.
Updates #5465
PiperOrigin-RevId: 397917844
|
|
|
