Age | Commit message (Collapse) | Author |
|
|
|
Updates #231
PiperOrigin-RevId: 309339316
|
|
|
|
Updates #231
PiperOrigin-RevId: 309323808
|
|
|
|
PiperOrigin-RevId: 309082540
|
|
|
|
PiperOrigin-RevId: 308829800
|
|
|
|
PiperOrigin-RevId: 308727526
|
|
|
|
Previously we unconditionally failed to cleanup the networking files
(hostname, resolve.conf, hosts), and failed to cleanup the netns, etc on
partial setup failure.
We can drop the iptables commands from cleanup, as the routes
automatically go away when the device is deleted. Those commands were
failing previously.
Forward signals to the container, allowing it to exit normally when a
signal is received, and then for runsc to run the cleanup. This doesn't
cover cleanup when runsc is signalled before the container start, it
covers the most common case.
Fixes #2539
Fixes #2540
|
|
Use the sighandling package for Container.ForwardSignals, for
consistency with other signal forwarding.
Fixes #2546
|
|
typo, should be `start` in comments
|
|
Signed-off-by: moricho <ikeda.morito@gmail.com>
|
|
Several tests are passing after getting TestAppExitStatus (run /bin/true)
changes. Make versions that run via VFS2 so that we know what is and isn't
working.
In addition, fix bug in VFSFile ReadFull. For the TestExePath test in
container_test.go, the case "unmasked" will return 0 bytes read with no
EOF err, causing the ReadFull call to spin.
PiperOrigin-RevId: 308428126
|
|
Signed-off-by: moricho <ikeda.morito@gmail.com>
|
|
rbind
Signed-off-by: moricho <ikeda.morito@gmail.com>
|
|
|
|
This change includes:
- Modifications to loader_test.go to get TestCreateMountNamespace to
pass with VFS2.
- Changes necessary to get TestHelloWorld in image tests to pass with
VFS2. This means runsc can run the hello-world container with docker
on VSF2.
Note: Containers that use sockets will not run with these changes.
See "//test/image/...". Any tests here with sockets currently fail
(which is all of them but HelloWorld).
PiperOrigin-RevId: 308363072
|
|
|
|
Closes #2489
PiperOrigin-RevId: 308362434
|
|
|
|
PiperOrigin-RevId: 308304793
|
|
|
|
This is needed to set up host fds passed through a Unix socket. Note that
the host package depends on kernel, so we cannot set up the hostfs mount
directly in Kernel.Init as we do for sockfs and pipefs.
Also, adjust sockfs to make its setup look more like hostfs's and pipefs's.
PiperOrigin-RevId: 308274053
|
|
|
|
PiperOrigin-RevId: 308143529
|
|
|
|
This change adds a layer of abstraction around the internal Docker APIs,
and eliminates all direct dependencies on Dockerfiles in the infrastructure.
A subsequent change will automated the generation of local images (with
efficient caching). Note that this change drops the use of bazel container
rules, as that experiment does not seem to be viable.
PiperOrigin-RevId: 308095430
|
|
|
|
PiperOrigin-RevId: 307977689
|
|
|
|
PiperOrigin-RevId: 307941984
|
|
This change renames the tools/images directory to tools/vm for clarity, and
adds a functional vm_test. Sharding is also added to the same test, and some
documentation added around key flags & variables to describe how they work.
Subsequent changes will add vm_tests for other cases, such as the runtime tests.
PiperOrigin-RevId: 307492245
|
|
|
|
This is to make easier to find corresponding logs in
case test fails.
PiperOrigin-RevId: 307104283
|
|
|
|
Included:
- loader_test.go RunTest and TestStartSignal VFS2
- container_test.go TestAppExitStatus on VFS2
- experimental flag added to runsc to turn on VFS2
Note: shared mounts are not yet supported.
PiperOrigin-RevId: 307070753
|
|
|
|
PiperOrigin-RevId: 306908296
|
|
|
|
PiperOrigin-RevId: 306477639
|
|
|
|
noNewPrivileges is ignored if set to false since gVisor assumes that
PR_SET_NO_NEW_PRIVS is always enabled.
PiperOrigin-RevId: 305991947
|
|
|
|
The sentry doesn't allow execve, but it's a good defense
in-depth measure.
PiperOrigin-RevId: 305958737
|
|
|
|
PiperOrigin-RevId: 305807868
|
|
|