From 9984138abee51d6145469f9298bfeb8a98589709 Mon Sep 17 00:00:00 2001 From: Zhaozhong Ni Date: Fri, 7 Dec 2018 17:03:06 -0800 Subject: sentry: turn "dynamically-created" procfs files into static creation. PiperOrigin-RevId: 224600982 Change-Id: I547253528e24fb0bb318fc9d2632cb80504acb34 --- pkg/sentry/fs/proc/proc.go | 33 +++++++++++++-------------------- runsc/boot/controller.go | 4 ++++ 2 files changed, 17 insertions(+), 20 deletions(-) diff --git a/pkg/sentry/fs/proc/proc.go b/pkg/sentry/fs/proc/proc.go index b658cd328..70e549c31 100644 --- a/pkg/sentry/fs/proc/proc.go +++ b/pkg/sentry/fs/proc/proc.go @@ -85,8 +85,6 @@ func New(ctx context.Context, msrc *fs.MountSource) (*fs.Inode, error) { p := &proc{k: k, pidns: pidns} p.InitDir(ctx, map[string]*fs.Inode{ - // Note that these are just the static members. There are - // dynamic members populated in Readdir and Lookup below. "filesystems": seqfile.NewSeqFileInode(ctx, &filesystemsData{}, msrc), "loadavg": seqfile.NewSeqFileInode(ctx, &loadavgData{}, msrc), "meminfo": seqfile.NewSeqFileInode(ctx, &meminfoData{k}, msrc), @@ -96,12 +94,23 @@ func New(ctx context.Context, msrc *fs.MountSource) (*fs.Inode, error) { }, fs.RootOwner, fs.FilePermsFromMode(0555)) p.AddChild(ctx, "cpuinfo", p.newCPUInfo(ctx, msrc)) + // If we're using rpcinet we will let it manage /proc/net. + if _, ok := p.k.NetworkStack().(*rpcinet.Stack); ok { + p.AddChild(ctx, "net", newRPCInetProcNet(ctx, msrc)) + } else { + p.AddChild(ctx, "net", p.newNetDir(ctx, msrc)) + } + p.AddChild(ctx, "self", p.newSelf(ctx, msrc)) + p.AddChild(ctx, "sys", p.newSysDir(ctx, msrc)) + p.AddChild(ctx, "thread-self", p.newThreadSelf(ctx, msrc)) p.AddChild(ctx, "uptime", p.newUptime(ctx, msrc)) return newFile(p, msrc, fs.SpecialDirectory, nil), nil } // self is a magical link. +// +// +stateify savable type self struct { ramfs.Symlink @@ -146,6 +155,8 @@ func (s *self) Readlink(ctx context.Context, inode *fs.Inode) (string, error) { } // threadSelf is more magical than "self" link. +// +// +stateify savable type threadSelf struct { ramfs.Symlink @@ -169,29 +180,11 @@ func (s *threadSelf) Readlink(ctx context.Context, inode *fs.Inode) (string, err // Lookup loads an Inode at name into a Dirent. func (p *proc) Lookup(ctx context.Context, dir *fs.Inode, name string) (*fs.Dirent, error) { - // Is it one of the static ones? dirent, walkErr := p.Dir.Lookup(ctx, dir, name) if walkErr == nil { return dirent, nil } - // Is it a dynamic element? - nfs := map[string]func() *fs.Inode{ - "net": func() *fs.Inode { - // If we're using rpcinet we will let it manage /proc/net. - if _, ok := p.k.NetworkStack().(*rpcinet.Stack); ok { - return newRPCInetProcNet(ctx, dir.MountSource) - } - return p.newNetDir(ctx, dir.MountSource) - }, - "self": func() *fs.Inode { return p.newSelf(ctx, dir.MountSource) }, - "sys": func() *fs.Inode { return p.newSysDir(ctx, dir.MountSource) }, - "thread-self": func() *fs.Inode { return p.newThreadSelf(ctx, dir.MountSource) }, - } - if nf, ok := nfs[name]; ok { - return fs.NewDirent(nf(), name), nil - } - // Try to lookup a corresponding task. tid, err := strconv.ParseUint(name, 10, 64) if err != nil { diff --git a/runsc/boot/controller.go b/runsc/boot/controller.go index 7a1f42119..05d4f3a5b 100644 --- a/runsc/boot/controller.go +++ b/runsc/boot/controller.go @@ -30,6 +30,7 @@ import ( "gvisor.googlesource.com/gvisor/pkg/sentry/state" "gvisor.googlesource.com/gvisor/pkg/sentry/time" "gvisor.googlesource.com/gvisor/pkg/sentry/watchdog" + "gvisor.googlesource.com/gvisor/pkg/tcpip/stack" "gvisor.googlesource.com/gvisor/pkg/urpc" ) @@ -356,6 +357,9 @@ func (cm *containerManager) Restore(o *RestoreOpts, _ *struct{}) error { if err != nil { return fmt.Errorf("failed to create network: %v", err) } + if eps, ok := networkStack.(*epsocket.Stack); ok { + stack.StackFromEnv = eps.Stack // FIXME + } info, err := o.FilePayload.Files[0].Stat() if err != nil { return err -- cgit v1.2.3