| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-10-08 | Merge release-20190806.1-250-ga357fe4 (automated) | gVisor bot | |
| 2019-10-08 | Remove stale TODO | Fabricio Voznika | |
| PiperOrigin-RevId: 273630282 | |||
| 2019-10-08 | Merge release-20190806.1-249-gb9cdbc2 (automated) | gVisor bot | |
| 2019-10-08 | Ignore mount options that are not supported in shared mounts | Fabricio Voznika | |
| Options that do not change mount behavior inside the Sentry are irrelevant and should not be used when looking for possible incompatibilities between master and slave mounts. PiperOrigin-RevId: 273593486 | |||
| 2019-10-08 | Merge release-20190806.1-247-g7c1587e (automated) | gVisor bot | |
| 2019-10-07 | Implement IP_TTL. | Ian Gudger | |
| Also change the default TTL to 64 to match Linux. PiperOrigin-RevId: 273430341 | |||
| 2019-10-07 | Add tests for $HOME | Ian Lewis | |
| Adds two tests. One to make sure that $HOME is set when starting a container via 'docker run' and one to make sure that $HOME is set for each container in a multi-container sandbox. Issue #701 PiperOrigin-RevId: 273395763 | |||
| 2019-10-07 | Merge release-20190806.1-244-g6a98237 (automated) | gVisor bot | |
| 2019-10-07 | Rename epsocket to netstack. | Kevin Krakauer | |
| PiperOrigin-RevId: 273365058 | |||
| 2019-10-01 | runsc: remove todo from the build file | Andrei Vagin | |
| b/135475885 was fixed by cl/271434565. PiperOrigin-RevId: 272320178 | |||
| 2019-10-01 | Merge release-20190806.1-220-g90e908f (automated) | gVisor bot | |
| 2019-10-01 | Merge pull request #917 from KentaTada:fix-clone-flags | gVisor bot | |
| PiperOrigin-RevId: 272262368 | |||
| 2019-10-01 | Merge release-20190806.1-218-g0b02c3d (automated) | gVisor bot | |
| 2019-10-01 | Prevent CAP_NET_RAW from appearing in exec | Fabricio Voznika | |
| 'docker exec' was getting CAP_NET_RAW even when --net-raw=false because it was not filtered out from when copying container's capabilities. PiperOrigin-RevId: 272260451 | |||
| 2019-09-27 | bazel: use rules_pkg from https://github.com/bazelbuild/ | Andrei Vagin | |
| BUILD:85:1: in _pkg_deb rule //runsc:runsc-debian: target '//runsc:runsc-debian' depends on deprecated target '@bazel_tools//tools/build_defs/pkg:make_deb': The internal version of make_deb is deprecated. Please use the replacement for pkg_deb from https://github.com/bazelbuild/rules_pkg/blob/master/pkg. PiperOrigin-RevId: 271590386 | |||
| 2019-09-27 | Merge release-20190806.1-198-g8337e4f (automated) | gVisor bot | |
| 2019-09-26 | Disallow opening of sockets if --fsgofer-host-uds=false | Fabricio Voznika | |
| Updates #235 PiperOrigin-RevId: 271475319 | |||
| 2019-09-26 | runsc: add the clone flag of cgroup namespace | Kenta Tada | |
| Signed-off-by: Kenta Tada <Kenta.Tada@sony.com> | |||
| 2019-09-25 | Merge release-20190806.1-195-gdd0e5ee (automated) | gVisor bot | |
| 2019-09-25 | Merge pull request #765 from trailofbits:uds_support | gVisor bot | |
| PiperOrigin-RevId: 271235134 | |||
| 2019-09-25 | Merge release-20190806.1-184-g129c67d (automated) | gVisor bot | |
| 2019-09-25 | Fix runsc log collection in kokoro | Fabricio Voznika | |
| PiperOrigin-RevId: 271207152 | |||
| 2019-09-25 | Merge release-20190806.1-183-g59ccbb1 (automated) | gVisor bot | |
| 2019-09-25 | Remove centralized registration of protocols. | Kevin Krakauer | |
| Also removes the need for protocol names. PiperOrigin-RevId: 271186030 | |||
| 2019-09-24 | Remove unecessary seccomp permission. | Robert Tonic | |
| This removes the F_DUPFD_CLOEXEC support for the gofer, previously required when depending on the STL net package. | |||
| 2019-09-24 | Refactor command line options and remove the allowed terminology for uds | Robert Tonic | |
| 2019-09-24 | Merge release-20190806.1-176-g91abeb1 (automated) | gVisor bot | |
| 2019-09-24 | Merge pull request #812 from lubinszARM:pr_dup3_arm | gVisor bot | |
| PiperOrigin-RevId: 270957224 | |||
| 2019-09-24 | Merge release-20190806.1-172-gf2ea8e6 (automated) | gVisor bot | |
| 2019-09-23 | Always set HOME env var with `runsc exec`. | Nicolas Lacasse | |
| We already do this for `runsc run`, but need to do the same for `runsc exec`. PiperOrigin-RevId: 270793459 | |||
| 2019-09-19 | Update InstallUDSFilters documentation to be accurate to functionality. | Robert Tonic | |
| 2019-09-19 | Fix documentation, clean up seccomp filter installation, rename helpers. | Robert Tonic | |
| Filter installation has been streamlined and functions renamed. Documentation has been fixed to be standards compliant, and missing documentation added. gofmt has also been applied to modified files. | |||
| 2019-09-19 | Place the host UDS mounting behind --fsgofer-host-uds-allowed. | Robert Tonic | |
| This commit allows the use of the `--fsgofer-host-uds-allowed` flag to enable mounting sockets and add the appropriate seccomp filters. | |||
| 2019-09-18 | Shard the runtime tests. | Nicolas Lacasse | |
| Default of 20 shards was arbitrary and will need fine-tuning in later CLs. PiperOrigin-RevId: 269922871 | |||
| 2019-09-16 | Merge release-20190806.1-146-g010b093 (automated) | gVisor bot | |
| 2019-09-16 | Bring back to life features lost in recent refactor | Fabricio Voznika | |
| - Sandbox logs are generated when running tests - Kokoro uploads the sandbox logs - Supports multiple parallel runs - Revive script to install locally built runsc with docker PiperOrigin-RevId: 269337274 | |||
| 2019-09-13 | Merge release-20190806.1-143-ga8834fc (automated) | gVisor bot | |
| 2019-09-12 | Update p9 to support flipcall. | Adin Scannell | |
| PiperOrigin-RevId: 268845090 | |||
| 2019-09-12 | Merge release-20190806.1-140-g78cfbbd (automated) | gVisor bot | |
| 2019-09-12 | Merge pull request #843 from nlacasse:version | gVisor bot | |
| PiperOrigin-RevId: 268772451 | |||
| 2019-09-10 | Fix `runsc --version` and add a test. | Nicolas Lacasse | |
| We need to include the `--stamp` flag in `tools/workspace_status.sh` for the version to be picked up by the linker. Not sure why. Also changes the VERSION string to STABLE_VERSION, which will cause the program to be re-linked if the string changes. Fixes #830 | |||
| 2019-09-07 | Merge fe1f5210 (automated) | gVisor bot | |
| 2019-09-06 | Remove reundant global tcpip.LinkEndpointID. | Ian Gudger | |
| PiperOrigin-RevId: 267709597 | |||
| 2019-09-06 | Merge 0bfffbcb (automated) | gVisor bot | |
| 2019-09-05 | Ignore the root container when calculating oom_score_adj for the sandbox. | Ian Lewis | |
| This is done because the root container for CRI is the infrastructure (pause) container and always gets a low oom_score_adj. We do this to ensure that only the oom_score_adj of user containers is used to calculated the sandbox oom_score_adj. Implemented in runsc rather than the containerd shim as it's a bit cleaner to implement here (in the shim it would require overwriting the oomScoreAdj and re-writing out the config.json again). This processing is Kubernetes(CRI) specific but we are currently only supporting CRI for multi-container support anyway. PiperOrigin-RevId: 267507706 | |||
| 2019-09-05 | Apply go fmt to the fsgofer changes. | Robert Tonic | |
| 2019-09-05 | Remove seccomp permissions, and clean up the Attach logic. | Robert Tonic | |
| 2019-09-05 | Change syscall.Dup2 to syscall.Dup3 | Bin Lu | |
| Signed-off-by: Bin Lu <bin.lu@arm.com> | |||
| 2019-09-05 | Merge fbbb2f7e (automated) | gVisor bot | |
| 2019-09-04 | Resolve flakes with TestMultiContainerDestroy | Fabricio Voznika | |
| Some processes are reparented to the root container depending on the kill order and the root container would not reap in time. So some zombie processes were still present when the test checked. Fix it by running the second container inside a PID namespace. PiperOrigin-RevId: 267278591 | |||
 |
index : gvisor | |
| Container Runtime Sandbox |
| summaryrefslogtreecommitdiffhomepage |