Age | Commit message (Collapse) | Author |
|
PiperOrigin-RevId: 268772451
|
|
We need to include the `--stamp` flag in `tools/workspace_status.sh` for
the version to be picked up by the linker. Not sure why.
Also changes the VERSION string to STABLE_VERSION, which will cause the
program to be re-linked if the string changes.
Fixes #830
|
|
PiperOrigin-RevId: 267709597
|
|
This is done because the root container for CRI is the infrastructure (pause)
container and always gets a low oom_score_adj. We do this to ensure that only
the oom_score_adj of user containers is used to calculated the sandbox
oom_score_adj.
Implemented in runsc rather than the containerd shim as it's a bit cleaner to
implement here (in the shim it would require overwriting the oomScoreAdj and
re-writing out the config.json again). This processing is Kubernetes(CRI)
specific but we are currently only supporting CRI for multi-container support
anyway.
PiperOrigin-RevId: 267507706
|
|
|
|
|
|
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
Some processes are reparented to the root container depending
on the kill order and the root container would not reap in time.
So some zombie processes were still present when the test checked.
Fix it by running the second container inside a PID namespace.
PiperOrigin-RevId: 267278591
|
|
The simple test script has gotten out of control. Shard this script into
different pieces and attempt to impose order on overall test structure. This
change helps lay some of the foundations for future improvements.
* The runsc/test directories are moved into just test/.
* The runsc/test/testutil package is split into logical pieces.
* The scripts/ directory contains new top-level targets.
* Each test is now responsible for building targets it requires.
* The install functionality is moved into `runsc` itself for simplicity.
* The existing kokoro run_tests.sh file now just calls all (can be split).
After this change is merged, I will create multiple distinct workflows for
Kokoro, one for each of the scripts currently targeted by `run_tests.sh` today,
which should dramatically reduce the time-to-run for the Kokoro tests, and
provides a better foundation for further improvements to the infrastructure.
PiperOrigin-RevId: 267081397
|
|
PiperOrigin-RevId: 266226714
|
|
This removes a lot of confusing messages from the test logs.
PiperOrigin-RevId: 266164001
|
|
This used to be the case, but regressed after a recent change.
Also made a few fixes around it and clean up the code a bit.
Closes #720
PiperOrigin-RevId: 265717496
|
|
This commit further restricts the seccomp filters required for Gofer
access ot Unix Domain Sockets (UDS).
|
|
This commit adds support for detecting the socket file type, connecting
to a Unix Domain Socket, and providing bidirectional communication
(without file descriptor transfer support).
|
|
PiperOrigin-RevId: 265478578
|
|
Moved log message to after the log options have
been read and log setup.
PiperOrigin-RevId: 264964171
|
|
This used to be the case, but when --alsologtostderr
was added, it stopped logging.
PiperOrigin-RevId: 264905640
|
|
|
|
This is the first step in replacing some of the redundant types with the
standard library equivalents.
PiperOrigin-RevId: 264706552
|
|
PiperOrigin-RevId: 263189654
|
|
PiperOrigin-RevId: 263184083
|
|
|
|
Endpoint protocol goroutines were previously started as part of
loading the endpoint. This is potentially too soon, as resources used
by these goroutine may not have been loaded. Protocol goroutines may
perform meaningful work as soon as they're started (ex: incoming
connect) which can cause them to indirectly access resources that
haven't been loaded yet.
This CL defers resuming all protocol goroutines until the end of
restore.
PiperOrigin-RevId: 262409429
|
|
Updates #512
PiperOrigin-RevId: 262195448
|
|
PiperOrigin-RevId: 262071646
|
|
|
|
|
|
This was done in commit 04cbb13ce9b151cf906f42e3f18ce3a875f01f63
PiperOrigin-RevId: 261414748
|
|
PiperOrigin-RevId: 261413396
|
|
Each gofer now has a goroutine that polls on the FDs used
to communicate with the sandbox. The respective gofer is
destroyed if any of the FDs is closed.
Closes #601
PiperOrigin-RevId: 261383725
|
|
We can get the mount namespace from the CreateProcessArgs in all cases where we
need it. This also gets rid of kernel.Destroy method, since the only thing it
was doing was DecRefing the mounts.
Removing the need to call kernel.SetRootMountNamespace also allowed for some
more simplifications in the container fs setup code.
PiperOrigin-RevId: 261357060
|
|
Set /proc/self/oom_score_adj based on oomScoreAdj specified in the OCI bundle.
When new containers are added to the sandbox oom_score_adj for the sandbox and
all other gofers are adjusted so that oom_score_adj is equal to the lowest
oom_score_adj of all containers in the sandbox.
Fixes #512
PiperOrigin-RevId: 261242725
|
|
PiperOrigin-RevId: 260824989
|
|
syscall.POLL is not supported on arm64, using syscall.PPOLL
to support both the x86 and arm64. refs #63
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
Change-Id: I2c81a063d3ec4e7e6b38fe62f17a0924977f505e
COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/543 from xiaobo55x:master ba598263fd3748d1addd48e4194080aa12085164
PiperOrigin-RevId: 260752049
|
|
PiperOrigin-RevId: 260577765
|
|
PiperOrigin-RevId: 260239119
|
|
PiperOrigin-RevId: 260220279
|
|
By following the directions in the README file, these Dockerfiles can be
built and used to run native language tests for their respective runtimes.
PiperOrigin-RevId: 260174430
|
|
PiperOrigin-RevId: 260047477
|
|
The different containers in a sandbox used only one pid
namespace before. This results in that a container can see
the processes in another container in the same sandbox.
This patch use different pid namespace for different containers.
Signed-off-by: chris.zn <chris.zn@antfin.com>
|
|
This keeps all container filesystem completely separate from eachother
(including from the root container filesystem), and allows us to get rid of the
"__runsc_containers__" directory.
It also simplifies container startup/teardown as we don't have to muck around
in the root container's filesystem.
PiperOrigin-RevId: 259613346
|
|
This change has the listTests() function return
a string slice of all the tests. Originally, I
planned not to modify the listTests() function
and instead capture the output of it and then
iterate through the captured output. I decided
against this approach as most of the test binaries
already produce a slice as they collect tests
through filepath.Walk(). Now I use this slice
and return it so that I can iterate through in
runAllTests() and also when printing out the tests.
PiperOrigin-RevId: 259599782
|
|
This is the first version of a testing program to be used by gVisor for
including language testing into their presubmits. It works when ran in
the same manor the image and integration tests are ran in as described in
their README file.
PiperOrigin-RevId: 259392416
|
|
Repeated code is planned to be factored out to improve clarity and readability.
PiperOrigin-RevId: 259059978
|
|
Otherwise this process can be killed before it prints the test message.
PiperOrigin-RevId: 258448204
|
|
PiperOrigin-RevId: 257855777
|
|
PiperOrigin-RevId: 257041876
|
|
PiperOrigin-RevId: 257037608
|
|
PiperOrigin-RevId: 256494243
|
|
This renames FDMap to FDTable and drops the kernel.FD type, which had an entire
package to itself and didn't serve much use (it was freely cast between types,
and served as more of an annoyance than providing any protection.)
Based on BenchmarkFDLookupAndDecRef-12, we can expect 5-10 ns per lookup
operation, and 10-15 ns per concurrent lookup operation of savings.
This also fixes two tangential usage issues with the FDMap. Namely, non-atomic
use of NewFDFrom and associated calls to Remove (that are both racy and fail to
drop the reference on the underlying file.)
PiperOrigin-RevId: 256285890
|