summaryrefslogtreecommitdiffhomepage
path: root/runsc
AgeCommit message (Collapse)Author
2020-05-01Merge release-20200422.0-8-g8962b78 (automated)gVisor bot
2020-04-30Enable FIFO QDisc by default in runsc.Bhasker Hariharan
Updates #231 PiperOrigin-RevId: 309339316
2020-04-30Merge release-20200422.0-7-gae15d90 (automated)gVisor bot
2020-04-30FIFO QDisc implementationBhasker Hariharan
Updates #231 PiperOrigin-RevId: 309323808
2020-04-29Merge release-20200413.0-22-gd5c34ba (automated)gVisor bot
2020-04-29Merge pull request #2487 from moricho:fix/bindmountgVisor bot
PiperOrigin-RevId: 309082540
2020-04-28Merge release-20200413.0-12-gceb3c0e (automated)gVisor bot
2020-04-28Merge pull request #2558 from prattmic:forward_signalgVisor bot
PiperOrigin-RevId: 308829800
2020-04-28Merge release-20200413.0-9-g316394e (automated)gVisor bot
2020-04-27Merge pull request #2544 from prattmic:runsc_do_cleanupgVisor bot
PiperOrigin-RevId: 308727526
2020-04-27Merge release-20200323.0-257-gad6ba20 (automated)gVisor bot
2020-04-27runsc: extend do network cleanupMichael Pratt
Previously we unconditionally failed to cleanup the networking files (hostname, resolve.conf, hosts), and failed to cleanup the netns, etc on partial setup failure. We can drop the iptables commands from cleanup, as the routes automatically go away when the device is deleted. Those commands were failing previously. Forward signals to the container, allowing it to exit normally when a signal is received, and then for runsc to run the cleanup. This doesn't cover cleanup when runsc is signalled before the container start, it covers the most common case. Fixes #2539 Fixes #2540
2020-04-27container: use sighandling packageMichael Pratt
Use the sighandling package for Container.ForwardSignals, for consistency with other signal forwarding. Fixes #2546
2020-04-27Update container.gokevin.xu
typo, should be `start` in comments
2020-04-26refactor and add test for bindmountmoricho
Signed-off-by: moricho <ikeda.morito@gmail.com>
2020-04-25Add container tests passing with VFS2Zach Koopmans
Several tests are passing after getting TestAppExitStatus (run /bin/true) changes. Make versions that run via VFS2 so that we know what is and isn't working. In addition, fix bug in VFSFile ReadFull. For the TestExePath test in container_test.go, the case "unmasked" will return 0 bytes read with no EOF err, causing the ReadFull call to spin. PiperOrigin-RevId: 308428126
2020-04-25add bind/rbind options for mountmoricho
Signed-off-by: moricho <ikeda.morito@gmail.com>
2020-04-25fix behavior of `getMountNameAndOptions` when options include either bind or ↵moricho
rbind Signed-off-by: moricho <ikeda.morito@gmail.com>
2020-04-25Merge release-20200323.0-248-g15a822a (automated)gVisor bot
2020-04-24VFS2: Get HelloWorld image tests to pass with VFS2Zach Koopmans
This change includes: - Modifications to loader_test.go to get TestCreateMountNamespace to pass with VFS2. - Changes necessary to get TestHelloWorld in image tests to pass with VFS2. This means runsc can run the hello-world container with docker on VSF2. Note: Containers that use sockets will not run with these changes. See "//test/image/...". Any tests here with sockets currently fail (which is all of them but HelloWorld). PiperOrigin-RevId: 308363072
2020-04-25Merge release-20200323.0-247-g4af39dd (automated)gVisor bot
2020-04-24Propagate PID limit from OCI to sandbox cgroupFabricio Voznika
Closes #2489 PiperOrigin-RevId: 308362434
2020-04-24Merge release-20200323.0-236-g632b104 (automated)gVisor bot
2020-04-24Plumb context.Context into kernfs.Inode.Open().Dean Deng
PiperOrigin-RevId: 308304793
2020-04-24Merge release-20200323.0-234-g1b88c63 (automated)gVisor bot
2020-04-24Move hostfs mount to Kernel struct.Dean Deng
This is needed to set up host fds passed through a Unix socket. Note that the host package depends on kernel, so we cannot set up the hostfs mount directly in Kernel.Init as we do for sockfs and pipefs. Also, adjust sockfs to make its setup look more like hostfs's and pipefs's. PiperOrigin-RevId: 308274053
2020-04-23Merge release-20200323.0-225-g5042ea7 (automated)gVisor bot
2020-04-23Add vfs.MkdirOptions.ForSyntheticMountpoint.Jamie Liu
PiperOrigin-RevId: 308143529
2020-04-23Merge release-20200323.0-220-g1481499 (automated)gVisor bot
2020-04-23Simplify Docker test infrastructure.Adin Scannell
This change adds a layer of abstraction around the internal Docker APIs, and eliminates all direct dependencies on Dockerfiles in the infrastructure. A subsequent change will automated the generation of local images (with efficient caching). Note that this change drops the use of bazel container rules, as that experiment does not seem to be viable. PiperOrigin-RevId: 308095430
2020-04-23Merge release-20200323.0-216-ge69a871 (automated)gVisor bot
2020-04-22Move user home detection to its own library.Nicolas Lacasse
PiperOrigin-RevId: 307977689
2020-04-23Merge release-20200323.0-215-g0c58694 (automated)gVisor bot
2020-04-22Specify a memory file in platform.New().Andrei Vagin
PiperOrigin-RevId: 307941984
2020-04-20Add a functional vm_test for root_test.Adin Scannell
This change renames the tools/images directory to tools/vm for clarity, and adds a functional vm_test. Sharding is also added to the same test, and some documentation added around key flags & variables to describe how they work. Subsequent changes will add vm_tests for other cases, such as the runtime tests. PiperOrigin-RevId: 307492245
2020-04-17Merge release-20200323.0-180-ga80cd43 (automated)gVisor bot
2020-04-17Add test name to boot and gofer log filesFabricio Voznika
This is to make easier to find corresponding logs in case test fails. PiperOrigin-RevId: 307104283
2020-04-17Merge release-20200323.0-177-g12bde95 (automated)gVisor bot
2020-04-17Get /bin/true to run on VFS2Zach Koopmans
Included: - loader_test.go RunTest and TestStartSignal VFS2 - container_test.go TestAppExitStatus on VFS2 - experimental flag added to runsc to turn on VFS2 Note: shared mounts are not yet supported. PiperOrigin-RevId: 307070753
2020-04-16Merge release-20200323.0-166-g5a8ee1b (automated)gVisor bot
2020-04-16Preserve log FD after execveFabricio Voznika
PiperOrigin-RevId: 306908296
2020-04-14Merge release-20200323.0-152-gac9b32c (automated)gVisor bot
2020-04-14Merge pull request #2212 from aaronlu:dup_stdioFDsgVisor bot
PiperOrigin-RevId: 306477639
2020-04-11Merge release-20200323.0-130-gdaf3322 (automated)gVisor bot
2020-04-10Add logging message for noNewPrivileges OCI option.Ian Lewis
noNewPrivileges is ignored if set to false since gVisor assumes that PR_SET_NO_NEW_PRIVS is always enabled. PiperOrigin-RevId: 305991947
2020-04-10Merge release-20200323.0-128-g96f9142 (automated)gVisor bot
2020-04-10Use O_CLOEXEC when dup'ing FDsFabricio Voznika
The sentry doesn't allow execve, but it's a good defense in-depth measure. PiperOrigin-RevId: 305958737
2020-04-10Merge release-20200323.0-119-g7812661 (automated)gVisor bot
2020-04-09Merge pull request #2253 from amscanne:nogogVisor bot
PiperOrigin-RevId: 305807868
2020-04-10Merge release-20200323.0-111-g2a28e3e (automated)gVisor bot