Age | Commit message (Collapse) | Author |
|
prlimit was erroneously comparing UIDs and GIDs when getting/setting a process'
own limits. From the manpage:
To set or get the resources of a process other than itself, the caller must have
the CAP_SYS_RESOURCE capability, or the real, effective, and saved set user IDs
of the target process must match the real user ID of the caller and the real,
effective, and saved set group IDs of the target process must match the real
group ID of the caller.
PiperOrigin-RevId: 307127266
|
|
PiperOrigin-RevId: 307069884
|
|
Updates #1035
PiperOrigin-RevId: 306968644
|
|
When the listening socket is read shutdown, we need to reset all pending
and incoming connections. Ensure that the endpoint is not cleaned up
from the demuxer and subsequent bind to same port does not go through.
PiperOrigin-RevId: 306958038
|
|
Removed the TODO to use netlink.
PiperOrigin-RevId: 306721468
|
|
Attempt to redeliver TCP segments that are enqueued into a closing
TCP endpoint. This was being done for Established endpoints but not
for those that are listening or performing connection handshake.
Fixes #2417
PiperOrigin-RevId: 306598155
|
|
PiperOrigin-RevId: 306432289
|
|
PiperOrigin-RevId: 306348346
|
|
The work being done in these threads is not asynchronous with respect to
the test; that is, it is equivalent to issue non-blocking `connect`
calls serially, since the work is done asynchronously with respect to
the caller. Futhermore, this test was added to test closing a listener
with completed but not delivered connections, which never required
threading in the first place.
PiperOrigin-RevId: 306339486
|
|
PiperOrigin-RevId: 306306809
|
|
PiperOrigin-RevId: 306306494
|
|
PiperOrigin-RevId: 306303148
|
|
As in VFS1, we only support the user.* namespace. Plumbing is added to tmpfs
and goferfs.
Note that because of the slightly different order of checks between VFS2 and
Linux, one of the xattr tests needs to be relaxed slightly.
Fixes #2363.
PiperOrigin-RevId: 305985121
|
|
It was added in cl/201419897 to deflake
socket_ip_tcp_loopback_non_blocking_test_gvisor.
It seems we don't need this hack, because the origin issue isn't
reproducible without this hack.
PiperOrigin-RevId: 305871748
|
|
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
Change-Id: I5bb8fa7d580d173b1438d6465e1adb442216c8fa
|
|
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
Change-Id: I033692bcf4f8139df29e369a12b150d10fccbe32
|
|
Block and drain requests in io_destroy(2).
Note the reason to create read-only mapping.
PiperOrigin-RevId: 305786312
|
|
PiperOrigin-RevId: 305782490
|
|
PiperOrigin-RevId: 305749697
|
|
The Linux does the same.
Reported-by: syzbot+e81716e8956e92e9d56b@syzkaller.appspotmail.com
PiperOrigin-RevId: 305625439
|
|
PiperOrigin-RevId: 305604557
|
|
PiperOrigin-RevId: 305592245
|
|
Determine system time from within the sentry rather than relying on the remote
filesystem to prevent inconsistencies.
Resolve related TODOs; the time discrepancies in question don't exist anymore.
PiperOrigin-RevId: 305557099
|
|
PiperOrigin-RevId: 305546584
|
|
Updates #164
PiperOrigin-RevId: 305544029
|
|
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
SO_REUSEPORT is not properly restored:
https://github.com/google/gvisor/issues/873
PiperOrigin-RevId: 305422775
|
|
PiperOrigin-RevId: 305328184
|
|
gofer operations accumulate dentries touched in a slice to call
checkCachingLocked on them when the operation is over. In case
the same dentry is touched multiple times during the operation,
checkCachingLocked, and consequently destroyLocked, may be called
more than once for the same dentry.
Updates #1198
PiperOrigin-RevId: 305276819
|
|
Running the test 1000x almost always produces 1+ test failures where
the sample count is slightly more than 60.
PiperOrigin-RevId: 305051754
|
|
PiperOrigin-RevId: 304684417
|
|
PiperOrigin-RevId: 304659346
|
|
PiperOrigin-RevId: 304641990
|
|
PiperOrigin-RevId: 304508083
|
|
The test is flaky in cooperative S/R mode because TCP timers are not restored
across a S/R. This can cause the TCPLinger2 timer to not fire. This change
disables S/R before setting the TCP_LINGER2 timeout.
PiperOrigin-RevId: 304430536
|
|
A socket mount where anonymous sockets will reside is added to the
VirtualFilesystem. Socketfs is built on top of kernfs.
Updates #1476, #1478, #1484, #1485.
PiperOrigin-RevId: 304095251
|
|
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
Change-Id: I8008c0375fc7e23225a21026f359e78e691729e5
|
|
PiperOrigin-RevId: 303158421
|
|
PiperOrigin-RevId: 302987344
|
|
The only test failing now requires socket which is not
available in VFS2 yet.
Updates #1198
PiperOrigin-RevId: 302976572
|
|
In cl/302130790, we started using a temp directory which is provided by bazel.
By default, a test process has enough permissions to open it, but there is not
any guarantee that it still will be able to do this after changing credentials.
PiperOrigin-RevId: 302702337
|
|
Fixes #506
PiperOrigin-RevId: 302540404
|
|
Fixes #2058
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
Change-Id: I05750d238a6425d3a47fae15720901f4dd924a32
|
|
PiperOrigin-RevId: 301208471
|
|
- When setting up the virtual filesystem, mount a host.filesystem to contain
all files that need to be imported.
- Make read/preadv syscalls to the host in cases where preadv2 may not be
supported yet (likewise for writing).
- Make save/restore functions in kernel/kernel.go return early if vfs2 is
enabled.
PiperOrigin-RevId: 300922353
|
|
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
Change-Id: Ibc926c917d98b31fc92bbf8d82d6818c39b0f93c
|
|
PiperOrigin-RevId: 300626011
|
|
PiperOrigin-RevId: 300362789
|
|
Issue #1833
PiperOrigin-RevId: 299998105
|
|
From RFC 793 s3.9 p61 Event Processing:
CLOSE Call during TIME-WAIT: return with "error: connection closing"
Fixes #1603
PiperOrigin-RevId: 299401353
|