Age | Commit message (Collapse) | Author |
|
Fixes php runtime test ext/standard/tests/file/readfile_basic.phpt
Fixes #3516
fsgofers only want the access mode in the OpenFlags passed to Create(). If more
flags are supplied (like O_APPEND in this case), read/write from that fd will
fail with EBADF. See runsc/fsgofer/fsgofer.go:WriteAt()
VFS2 was providing more than just access modes. So filtering the flags using
p9.OpenFlagsModeMask == linux.O_ACCMODE fixes the issue.
Gofer in VFS1 also only extracts the access mode flags while making the create
RPC. See pkg/sentry/fs/gofer/path.go:Create()
Even in VFS2, when we open a handle, we extract out only the access mode flags
+ O_TRUNC.
See third_party/gvisor/pkg/sentry/fsimpl/gofer/handle.go:openHandle()
Added a test for this.
PiperOrigin-RevId: 326574829
|
|
Netstack's TIME-WAIT state for a TCP socket could be terminated prematurely if
the socket entered TIME-WAIT using shutdown(..., SHUT_RDWR) and then was closed
using close(). This fixes that bug and updates the tests to verify that Netstack
correctly honors TIME-WAIT under such conditions.
Fixes #3106
PiperOrigin-RevId: 326456443
|
|
Fixes php test ext/standard/tests/file/touch_variation5.phpt on vfs2.
Updates #3516
Also spotted a bug with O_EXCL, where we did not return EEXIST when we tried
to open the root of the filesystem with O_EXCL | O_CREAT.
Added some more tests for open() corner cases.
PiperOrigin-RevId: 326346863
|
|
IPPacketInfo.DestinationAddr should hold the destination of the IP
packet, not the source. This change fixes that bug.
PiperOrigin-RevId: 325910766
|
|
It was changed in the Linux kernel:
commit f0628c524fd188c3f9418e12478dfdfadacba815
Date: Fri Apr 24 16:06:16 2020 +0800
net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX
PiperOrigin-RevId: 325493859
|
|
PiperOrigin-RevId: 325472312
|
|
/proc/sys/net/ipv4/tcp_recovery is used to enable RACK loss
recovery in TCP.
PiperOrigin-RevId: 325157807
|
|
Updates #1479, #2923.
PiperOrigin-RevId: 324658826
|
|
PiperOrigin-RevId: 324657612
|
|
Before kernel version 4.16-rc6, fuse mount is protected by
capable(CAP_SYS_ADMIN). After this version, it uses
ns_capable(CAP_SYS_ADMIN) to protect. Before the 4.16 kernel,
it was not allowed to mount fuse file systems without the
global CAP_SYS_ADMIN.
Fixes #3360
|
|
A new network namespace has only the local route table.
PiperOrigin-RevId: 324303629
|
|
PiperOrigin-RevId: 324249991
|
|
Return on success should be 0, not size of the struct copied out.
PiperOrigin-RevId: 324029193
|
|
PiperOrigin-RevId: 324017310
|
|
Compare Linux's fs/eventpoll.c:do_epoll_ctl(). I don't know where EPOLLRDHUP
came from.
PiperOrigin-RevId: 323874419
|
|
PiperOrigin-RevId: 323715260
|
|
PiperOrigin-RevId: 323426851
|
|
PiperOrigin-RevId: 322904430
|
|
PiperOrigin-RevId: 322890087
|
|
Allow FUSE filesystems to be mounted using libfuse.
The appropriate flags and mount options are parsed and
understood by fusefs.
|
|
PiperOrigin-RevId: 322859907
|
|
Fixes #3334
PiperOrigin-RevId: 322846384
|
|
Helps in fixing open syscall tests: AppendConcurrentWrite and AppendOnly.
We also now update the file size for seekable special files (regular files)
which we were not doing earlier.
Updates #2923
PiperOrigin-RevId: 322670843
|
|
Updates #173
PiperOrigin-RevId: 322665518
|
|
Temporarily skip these, on bhaskherh@'s advice.
PiperOrigin-RevId: 322664955
|
|
Updates #173
PiperOrigin-RevId: 321690756
|
|
Packet sockets also seem to allow double binding and do not return an error on
linux. This was tested by running the syscall test in a linux namespace as root
and the current test DoubleBind fails@HEAD.
Passes after this change.
Updates #173
PiperOrigin-RevId: 321445137
|
|
gVisor incorrectly returns the wrong ARP type for SIOGIFHWADDR. This breaks
tcpdump as it tries to interpret the packets incorrectly.
Similarly, SIOCETHTOOL is used by tcpdump to query interface properties which
fails with an EINVAL since we don't implement it. For now change it to return
EOPNOTSUPP to indicate that we don't support the query rather than return
EINVAL.
NOTE: ARPHRD types for link endpoints are distinct from NIC capabilities
and NIC flags. In Linux all 3 exist eg. ARPHRD types are stored in dev->type
field while NIC capabilities are more like the device features which can be
queried using SIOCETHTOOL but not modified and NIC Flags are fields that can
be modified from user space. eg. NIC status (UP/DOWN/MULTICAST/BROADCAST) etc.
Updates #2746
PiperOrigin-RevId: 321436525
|
|
PiperOrigin-RevId: 321411758
|
|
Updates #2746
PiperOrigin-RevId: 320757963
|
|
Updates #2746
Fixes #3158
PiperOrigin-RevId: 320497190
|
|
This change gates all FUSE commands (by gating /dev/fuse) behind a runsc
flag. In order to use FUSE commands, use the --fuse flag with the --vfs2
flag. Check if FUSE is enabled by running dmesg in the sandbox.
|
|
- Only use MAXSYMLINKS/2+1 symlinks for each of the interpreter and script
paths in SymlinkLimitRefreshedForInterpreter to tolerate cases where the
original paths (/tmp, /bin, or /bin/echo) themselves contain symlinks.
- Ensure that UnshareFiles performs execve immediately after clone(CLONE_VFORK)
(no heap allocation for ExecveArray/RunfilesPath).
- Use lstat() rather than stat() for the existence check in fs_util's Exists;
the latter will fail if the symlink target does not exist, even if the
symlink does.
PiperOrigin-RevId: 320110156
|
|
RFC 6864 imposes various restrictions on the uniqueness of the IPv4
Identification field for non-atomic datagrams, defined as an IP datagram that
either can be fragmented (DF=0) or is already a fragment (MF=1 or positive
fragment offset). In order to be compliant, the ID field is assigned for all
non-atomic datagrams.
Add a TCP unit test that induces retransmissions and checks that the IPv4
ID field is unique every time. Add basic handling of the IP_MTU_DISCOVER
socket option so that the option can be used to disable PMTU discovery,
effectively setting DF=0. Attempting to set the sockopt to anything other
than disabled will fail because PMTU discovery is currently not implemented,
and the default behavior matches that of disabled.
PiperOrigin-RevId: 320081842
|
|
This change fixes a few things:
- creating sockets using mknod(2) is supported via vfs2
- fsgofer can create regular files via mknod(2)
- mode = 0 for mknod(2) will be interpreted as regular file in vfs2 as well
Updates #2923
PiperOrigin-RevId: 320074267
|
|
Updates #2746
PiperOrigin-RevId: 319887810
|
|
PiperOrigin-RevId: 319827554
|
|
We do not support RWF_SYNC/RWF_DSYNC and probably shouldn't silently accept
them, since the user may incorrectly believe that we are synchronizing I/O.
Remove the pwritev2 test verifying that we support these flags.
gvisor.dev/issue/2601 is the tracking bug for deciding which RWF_.* flags
we need and supporting them.
Updates #2923, #2601.
PiperOrigin-RevId: 319351286
|
|
After we change credentials, it is possible that we no longer have access to
the sticky directory where we are trying to delete files. Use an open fd so
this is not an issue.
PiperOrigin-RevId: 319306255
|
|
PiperOrigin-RevId: 319283715
|
|
- Support FIOASYNC, FIO{SET,GET}OWN, SIOC{G,S}PGRP (refactor getting/setting
owner in the process).
- Unset signal recipient when setting owner with pid == 0 and
valid owner type.
Updates #2923.
PiperOrigin-RevId: 319231420
|
|
-Waddress-of-packed-member warns on inet_aton() being used with a packed struct
member. This was added in cl/291990716.
PiperOrigin-RevId: 319111253
|
|
This includes the provisional style guide in the website and fixes the broken
link from CONTRIBUTING.md. The style guide will be located under the "Community"
category as it's related to contributing to the project.
Also, add missing includes that were causing some presubmits to fail.
PiperOrigin-RevId: 319061410
|
|
Closes #2768
|
|
Bring udp_socket_test into complianc by:
- Eliminating IsRunningOnGvisor() invocations.
- Wrapping sockets in RAII FileDescriptor objects.
- Creating a Bind() method so that the first bind happens on port 0.
PiperOrigin-RevId: 318909396
|
|
Also make some fixes to vfs1's F_SETOWN. The fcntl test now entirely passes
on vfs2.
Fixes #2920.
PiperOrigin-RevId: 318669529
|
|
Updates #2923.
PiperOrigin-RevId: 318648128
|
|
PiperOrigin-RevId: 318585377
|
|
IPv6 raw sockets never include the IPv6 header.
PiperOrigin-RevId: 318582989
|
|
SO_NO_CHECK is used to skip the UDP checksum generation on a TX socket
(UDP checksum is optional on IPv4).
Test:
- TestNoChecksum
- SoNoCheckOffByDefault (UdpSocketTest)
- SoNoCheck (UdpSocketTest)
Fixes #3055
PiperOrigin-RevId: 318575215
|