| Age | Commit message (Collapse) | Author |
|---|
|
Update the start benchmark on empty to only "Start" a container, not wait
for its completion.
TL:DR only measure the actual start call for the empty container.
Previously, we were measuring the completion of /bin/true in container
alpine AND the cleanup. This was fine until profiling started failing all
the time on ptrace. This is a cost that runc is not paying.
These changes will reduce the over all timing of the benchmark, but it will
give more sane results.
Instead, use "Spawn" which is similar to `docker run --detach alpine
/bin/sleep 100`. Call sleep so containers stick around long enough
for the profiler to read profile data from them.
PiperOrigin-RevId: 390705431
|
|
PiperOrigin-RevId: 390405182
|
|
PiperOrigin-RevId: 390399815
|
|
PiperOrigin-RevId: 390346783
|
|
Send buffer size in TCP indicates the amount of bytes available for the sender
to transmit. This change will allow TCP to update the send buffer size when
- TCP enters established state.
- ACK is received.
The auto tuning is disabled when the send buffer size is set with the
SO_SNDBUF option.
PiperOrigin-RevId: 390312274
|
|
PiperOrigin-RevId: 390284683
|
|
+ Do not check for CAP_NET_RAW on Fuchsia
Fuchsia does not support capabilities the same way Linux does. Instead
emulate the check for CAP_NET_RAW by checking if a packet socket may
be created.
Bug: https://fxbug.dev/79016, https://fxbug.dev/81592
PiperOrigin-RevId: 390263666
|
|
Allow creation and management of subcontainers through cgroupfs
directory syscalls. Also add a mechanism to specify a default root
container to start new jobs in.
This implements the filesystem support for subcontainers, but doesn't
implement hierarchical resource accounting or task migration.
PiperOrigin-RevId: 390254870
|
|
Previously, this check always failed because we did not provide MAP_SHARED
or MAP_PRIVATE.
PiperOrigin-RevId: 390251086
|
|
PiperOrigin-RevId: 390245901
|
|
Previous, this test was the same as OldnameIsEmpty. This CL makes the test check
what happens if the old name does not exist.
PiperOrigin-RevId: 390243070
|
|
+ Do not check for CAP_NET_RAW on Fuchsia
Fuchsia does not support capabilities the same way Linux does. Instead
emulate the check for CAP_NET_RAW by checking if a raw IP sockets may
be created.
PiperOrigin-RevId: 389663218
|
|
Reported-by: syzbot+63bde04529f701c76168@syzkaller.appspotmail.com
Reported-by: syzbot+69866b9a16ec29993e6a@syzkaller.appspotmail.com
PiperOrigin-RevId: 389084629
|
|
Msgqueue tests were using fork() to run create a separate thread of
execution for passing messages back and forth over a queue. However,
the child process after a fork() may only use async-signal-safe
functions, which at a minimum exclude gtest asserts.
Instead, use threads.
PiperOrigin-RevId: 389073744
|
|
For file-based mmap tests, the underlying file system may not support
mmaps depending on the sandbox configuration. This is case when
caching is disabled for goferfs.
PiperOrigin-RevId: 389052722
|
|
In this case, the task is already a subreaper, so setting this bit is a noop.
Updates #2323
PiperOrigin-RevId: 388828034
|
|
PiperOrigin-RevId: 388819374
|
|
This change makes these tests easier to run on systems that have their temp
directory in another location.
PiperOrigin-RevId: 388601202
|
|
PiperOrigin-RevId: 388497055
|
|
PiperOrigin-RevId: 388494554
|
|
Implement Queue.Copy and add more tests for it.
Updates #135
|
|
Add support for msgsnd and msgrcv and enable syscall tests.
Updates #135
|
|
Updates #135
|
|
Updates #135
|
|
This change will allow us to remove the default link in a packetimpact test so
we can reduce indeterministic behaviors as required in https://fxbug.dev/78430.
This will also help with testing #1388.
Updates #578, #1388.
PiperOrigin-RevId: 387896847
|
|
PiperOrigin-RevId: 387885663
|
|
For comparison:
```
$ docker run --rm -it ubuntu:focal bash -c 'cat /proc/self/status'
Name: cat
Umask: 0022
State: R (running)
Tgid: 1
Ngid: 0
Pid: 1
PPid: 0
TracerPid: 0
Uid: 0 0 0 0
Gid: 0 0 0 0
FDSize: 64
Groups:
NStgid: 1
NSpid: 1
NSpgid: 1
NSsid: 1
VmPeak: 2660 kB
VmSize: 2660 kB
VmLck: 0 kB
VmPin: 0 kB
VmHWM: 528 kB
VmRSS: 528 kB
...
$ docker run --runtime=runsc-vfs2 --rm -it ubuntu:focal bash -c 'cat /proc/self/status'
Name: cat
State: R (running)
Tgid: 1
Pid: 1
PPid: 0
TracerPid: 0
Uid: 0 0 0 0
Gid: 0 0 0 0
FDSize: 4
Groups:
VmSize: 10708 kB
VmRSS: 3124 kB
VmData: 316 kB
...
```
Fixes #6374
PiperOrigin-RevId: 387465655
|
|
PiperOrigin-RevId: 387431049
|
|
|
|
PiperOrigin-RevId: 386988406
|
|
PiperOrigin-RevId: 386533065
|
|
Reported-by: syzbot+beb099a67f670386a367@syzkaller.appspotmail.com
PiperOrigin-RevId: 386521361
|
|
PiperOrigin-RevId: 386511209
|
|
The self-admittedly arbitrary threshold of 20% of alarms being sent to the main
thread was being breached. I saw a run of of ~20-23% [1]. We should allow for a
little more breathing room.
1 - https://buildkite.com/gvisor/pipeline/builds/7400
PiperOrigin-RevId: 386503482
|
|
The benchmark check fails if any of the socket syscalls fail with
EINTR. We see this manifest in S/R lifecycles since S/R has a high
probability of aborting these syscalls with EINTR.
PiperOrigin-RevId: 386480365
|
|
...and rename the library to socket_util.
PiperOrigin-RevId: 386348306
|
|
PiperOrigin-RevId: 386323389
|
|
PiperOrigin-RevId: 385944428
|
|
PiperOrigin-RevId: 385940836
|
|
PiperOrigin-RevId: 385937353
|
|
The gofer session is killed when a gofer backed volume is unmounted. The
gofer monitor catches the disconnect and kills the container. This changes
the gofer monitor to only care about the rootfs connections, which cannot
be unmounted.
Fixes #6259
PiperOrigin-RevId: 385929039
|
|
PiperOrigin-RevId: 385894869
|
|
TCP is fully supported. As with SO_RCVBUF, other transport protocols perform
no-ops per DefaultSocketOptionsHandler.OnSetReceiveBufferSize.
PiperOrigin-RevId: 385023239
|
|
PiperOrigin-RevId: 384823097
|
|
Tested via:
```
bazel test \
//test/syscalls:socket_ipv4_udp_unbound_loopback_nogotsan_test_runsc_ptrace
--runs_per_test=2000
```
PiperOrigin-RevId: 384773477
|
|
PiperOrigin-RevId: 384586164
|
|
Add support for msgget, and msgctl(IPC_RMID), and enable msgqueue
syscall tests.
Updates #135
|
|
Updates #135
|
|
Instead, roll the output scraping into the main runner. Pass a perf flag to
the runner in order to control leak checking, apply tags via the macro and
appropriately disable logging. This may be removed in the future.
PiperOrigin-RevId: 384348035
|
|
Set stdio ownership based on the container's user to ensure the
user can open/read/write to/from stdios.
1. stdios in the host are changed to have the owner be the same
uid/gid of the process running the sandbox. This ensures that the
sandbox has full control over it.
2. stdios owner owner inside the sandbox is changed to match the
container's user to give access inside the container and make it
behave the same as runc.
Fixes #6180
PiperOrigin-RevId: 384347009
|
