summaryrefslogtreecommitdiffhomepage
path: root/runsc
AgeCommit message (Collapse)Author
2019-09-12Merge pull request #843 from nlacasse:versiongVisor bot
PiperOrigin-RevId: 268772451
2019-09-10Fix `runsc --version` and add a test.Nicolas Lacasse
We need to include the `--stamp` flag in `tools/workspace_status.sh` for the version to be picked up by the linker. Not sure why. Also changes the VERSION string to STABLE_VERSION, which will cause the program to be re-linked if the string changes. Fixes #830
2019-09-06Remove reundant global tcpip.LinkEndpointID.Ian Gudger
PiperOrigin-RevId: 267709597
2019-09-05Ignore the root container when calculating oom_score_adj for the sandbox.Ian Lewis
This is done because the root container for CRI is the infrastructure (pause) container and always gets a low oom_score_adj. We do this to ensure that only the oom_score_adj of user containers is used to calculated the sandbox oom_score_adj. Implemented in runsc rather than the containerd shim as it's a bit cleaner to implement here (in the shim it would require overwriting the oomScoreAdj and re-writing out the config.json again). This processing is Kubernetes(CRI) specific but we are currently only supporting CRI for multi-container support anyway. PiperOrigin-RevId: 267507706
2019-09-05Apply go fmt to the fsgofer changes.Robert Tonic
2019-09-05Remove seccomp permissions, and clean up the Attach logic.Robert Tonic
2019-09-05Change syscall.Dup2 to syscall.Dup3Bin Lu
Signed-off-by: Bin Lu <bin.lu@arm.com>
2019-09-04Resolve flakes with TestMultiContainerDestroyFabricio Voznika
Some processes are reparented to the root container depending on the kill order and the root container would not reap in time. So some zombie processes were still present when the test checked. Fix it by running the second container inside a PID namespace. PiperOrigin-RevId: 267278591
2019-09-03Impose order on test scripts.Adin Scannell
The simple test script has gotten out of control. Shard this script into different pieces and attempt to impose order on overall test structure. This change helps lay some of the foundations for future improvements. * The runsc/test directories are moved into just test/. * The runsc/test/testutil package is split into logical pieces. * The scripts/ directory contains new top-level targets. * Each test is now responsible for building targets it requires. * The install functionality is moved into `runsc` itself for simplicity. * The existing kokoro run_tests.sh file now just calls all (can be split). After this change is merged, I will create multiple distinct workflows for Kokoro, one for each of the scripts currently targeted by `run_tests.sh` today, which should dramatically reduce the time-to-run for the Kokoro tests, and provides a better foundation for further improvements to the infrastructure. PiperOrigin-RevId: 267081397
2019-08-29Merge pull request #655 from praveensastry:feature/runsc-ref-chk-leakgVisor bot
PiperOrigin-RevId: 266226714
2019-08-29Don't log an error when stopping the container if it is not running.Nicolas Lacasse
This removes a lot of confusing messages from the test logs. PiperOrigin-RevId: 266164001
2019-08-27Mount volumes as super userFabricio Voznika
This used to be the case, but regressed after a recent change. Also made a few fixes around it and clean up the code a bit. Closes #720 PiperOrigin-RevId: 265717496
2019-08-27Restrict seccomp filters for UDS support.Robert Tonic
This commit further restricts the seccomp filters required for Gofer access ot Unix Domain Sockets (UDS).
2019-08-27First pass at implementing Unix Domain Socket support. No tests.Robert Tonic
This commit adds support for detecting the socket file type, connecting to a Unix Domain Socket, and providing bidirectional communication (without file descriptor transfer support).
2019-08-26fsgofer_test.go: a socket file path can't be longer than UNIX_MAX_PATH (108)Andrei Vagin
PiperOrigin-RevId: 265478578
2019-08-22Log message sent before logging is setupFabricio Voznika
Moved log message to after the log options have been read and log setup. PiperOrigin-RevId: 264964171
2019-08-22Send sandbox log to test logFabricio Voznika
This used to be the case, but when --alsologtostderr was added, it stopped logging. PiperOrigin-RevId: 264905640
2019-08-22Add log prefix for better claritypraveensastry
2019-08-21Use tcpip.Subnet in tcpip.RouteTamir Duberstein
This is the first step in replacing some of the redundant types with the standard library equivalents. PiperOrigin-RevId: 264706552
2019-08-13Fix file mode check in fsgofer AttachFabricio Voznika
PiperOrigin-RevId: 263189654
2019-08-13tests: print stack traces if test failed by timeoutAndrei Vagin
PiperOrigin-RevId: 263184083
2019-08-09Fix the Stringer for leak modepraveensastry
2019-08-08netstack: Don't start endpoint goroutines too soon on restore.Rahat Mahmood
Endpoint protocol goroutines were previously started as part of loading the endpoint. This is potentially too soon, as resources used by these goroutine may not have been loaded. Protocol goroutines may perform meaningful work as soon as they're started (ex: incoming connect) which can cause them to indirectly access resources that haven't been loaded yet. This CL defers resuming all protocol goroutines until the end of restore. PiperOrigin-RevId: 262409429
2019-08-07Set gofer's OOM score adjustmentFabricio Voznika
Updates #512 PiperOrigin-RevId: 262195448
2019-08-06Make loading container in a sandbox more robustFabricio Voznika
PiperOrigin-RevId: 262071646
2019-08-06Remove traces option for ref leak modepraveensastry
2019-08-06Add option to configure reference leak checkingpraveensastry
2019-08-02Remove stale TODOFabricio Voznika
This was done in commit 04cbb13ce9b151cf906f42e3f18ce3a875f01f63 PiperOrigin-RevId: 261414748
2019-08-02Plumbing for iptables sockopts.Kevin Krakauer
PiperOrigin-RevId: 261413396
2019-08-02Stops container if gofer is killedFabricio Voznika
Each gofer now has a goroutine that polls on the FDs used to communicate with the sandbox. The respective gofer is destroyed if any of the FDs is closed. Closes #601 PiperOrigin-RevId: 261383725
2019-08-02Remove kernel.mounts.Nicolas Lacasse
We can get the mount namespace from the CreateProcessArgs in all cases where we need it. This also gets rid of kernel.Destroy method, since the only thing it was doing was DecRefing the mounts. Removing the need to call kernel.SetRootMountNamespace also allowed for some more simplifications in the container fs setup code. PiperOrigin-RevId: 261357060
2019-08-01Set sandbox oom_score_adjIan Lewis
Set /proc/self/oom_score_adj based on oomScoreAdj specified in the OCI bundle. When new containers are added to the sandbox oom_score_adj for the sandbox and all other gofers are adjusted so that oom_score_adj is equal to the lowest oom_score_adj of all containers in the sandbox. Fixes #512 PiperOrigin-RevId: 261242725
2019-07-30Remove unused const variablesIan Lewis
PiperOrigin-RevId: 260824989
2019-07-30Change syscall.POLL to syscall.PPOLL.Haibo Xu
syscall.POLL is not supported on arm64, using syscall.PPOLL to support both the x86 and arm64. refs #63 Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: I2c81a063d3ec4e7e6b38fe62f17a0924977f505e COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/543 from xiaobo55x:master ba598263fd3748d1addd48e4194080aa12085164 PiperOrigin-RevId: 260752049
2019-07-29Move runtimes tests to appropriate directory.Samantha Sample
PiperOrigin-RevId: 260577765
2019-07-26runsc: propagate the alsologtostderr to sub-commandsAndrei Vagin
PiperOrigin-RevId: 260239119
2019-07-26Merge pull request #452 from zhangningdlut:chris_test_pidnsgVisor bot
PiperOrigin-RevId: 260220279
2019-07-26Publish Dockerfiles and test-runner binaries for running language tests.Samantha Sample
By following the directions in the README file, these Dockerfiles can be built and used to run native language tests for their respective runtimes. PiperOrigin-RevId: 260174430
2019-07-25Automated rollback of changelist 255679453Fabricio Voznika
PiperOrigin-RevId: 260047477
2019-07-24Use different pidns among different containerschris.zn
The different containers in a sandbox used only one pid namespace before. This results in that a container can see the processes in another container in the same sandbox. This patch use different pid namespace for different containers. Signed-off-by: chris.zn <chris.zn@antfin.com>
2019-07-23Give each container a distinct MountNamespace.Nicolas Lacasse
This keeps all container filesystem completely separate from eachother (including from the root container filesystem), and allows us to get rid of the "__runsc_containers__" directory. It also simplifies container startup/teardown as we don't have to muck around in the root container's filesystem. PiperOrigin-RevId: 259613346
2019-07-23Make runAllTests() consistent with listTests().Brett Landau
This change has the listTests() function return a string slice of all the tests. Originally, I planned not to modify the listTests() function and instead capture the output of it and then iterate through the captured output. I decided against this approach as most of the test binaries already produce a slice as they collect tests through filepath.Walk(). Now I use this slice and return it so that I can iterate through in runAllTests() and also when printing out the tests. PiperOrigin-RevId: 259599782
2019-07-22Prototype integration of runtime language tests for Node.js into gVisor.Samantha Sample
This is the first version of a testing program to be used by gVisor for including language testing into their presubmits. It works when ran in the same manor the image and integration tests are ran in as described in their README file. PiperOrigin-RevId: 259392416
2019-07-19Create the initial binary for each of the 5 runtime's test-runner.Brett Landau
Repeated code is planned to be factored out to improve clarity and readability. PiperOrigin-RevId: 259059978
2019-07-16test/integration: wait a background processAndrei Vagin
Otherwise this process can be killed before it prints the test message. PiperOrigin-RevId: 258448204
2019-07-12Take a reference on the already-mounted inode before re-mounting it.Nicolas Lacasse
PiperOrigin-RevId: 257855777
2019-07-08Merge pull request #375 from jmgao:mastergVisor bot
PiperOrigin-RevId: 257041876
2019-07-08Don't try to execute a file that is not regular.Nicolas Lacasse
PiperOrigin-RevId: 257037608
2019-07-03Avoid importing platforms from many source filesAndrei Vagin
PiperOrigin-RevId: 256494243
2019-07-02Remove map from fd_map, change to fd_table.Adin Scannell
This renames FDMap to FDTable and drops the kernel.FD type, which had an entire package to itself and didn't serve much use (it was freely cast between types, and served as more of an annoyance than providing any protection.) Based on BenchmarkFDLookupAndDecRef-12, we can expect 5-10 ns per lookup operation, and 10-15 ns per concurrent lookup operation of savings. This also fixes two tangential usage issues with the FDMap. Namely, non-atomic use of NewFDFrom and associated calls to Remove (that are both racy and fail to drop the reference on the underlying file.) PiperOrigin-RevId: 256285890