go
/
gvisor
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Automated rollback of changelist 225089593 

PiperOrigin-RevId: 227595007
Change-Id: If14cc5aab869c5fd7a4ebd95929c887ab690e94c
This commit is contained in:
Michael Pratt 2019-01-02 15:46:40 -08:00 committed by Shentubot
parent 8e586db162
commit 33191e1cc4
3 changed files with 2 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
runsc/boot/config.go
View File

@ -200,15 +200,8 @@ type Config struct {
// PanicSignal registers signal handling that panics. Usually set to // PanicSignal registers signal handling that panics. Usually set to
// SIGUSR2(12) to troubleshoot hangs. -1 disables it. // SIGUSR2(12) to troubleshoot hangs. -1 disables it.
//
// PanicSignal takes precedence over TraceSignal.
PanicSignal int PanicSignal int
// TraceSignal registers signal handling that logs a traceback of all
// goroutines. Usually set to SIGUSR2(12) to troubleshoot hangs. -1
// disables it.
TraceSignal int
// TestOnlyAllowRunAsCurrentUserWithoutChroot should only be used in // TestOnlyAllowRunAsCurrentUserWithoutChroot should only be used in
// tests. It allows runsc to start the sandbox process as the current // tests. It allows runsc to start the sandbox process as the current
// user, and without chrooting the sandbox process. This can be // user, and without chrooting the sandbox process. This can be
@ -235,7 +228,6 @@ func (c *Config) ToFlags() []string {
"--strace-log-size=" + strconv.Itoa(int(c.StraceLogSize)), "--strace-log-size=" + strconv.Itoa(int(c.StraceLogSize)),
"--watchdog-action=" + c.WatchdogAction.String(), "--watchdog-action=" + c.WatchdogAction.String(),
"--panic-signal=" + strconv.Itoa(c.PanicSignal), "--panic-signal=" + strconv.Itoa(c.PanicSignal),
"--trace-signal=" + strconv.Itoa(c.TraceSignal),
} }
if c.TestOnlyAllowRunAsCurrentUserWithoutChroot { if c.TestOnlyAllowRunAsCurrentUserWithoutChroot {
// Only include if set since it is never to be used by users. // Only include if set since it is never to be used by users.

6
runsc/boot/loader.go
View File

@ -309,14 +309,10 @@ func New(args Args) (*Loader, error) {
// Handle signals by forwarding them to the root container process // Handle signals by forwarding them to the root container process
// (except for panic signal, which should cause a panic). // (except for panic signal, which should cause a panic).
l.startSignalForwarding = sighandling.PrepareHandler(func(sig linux.Signal) { l.startSignalForwarding = sighandling.PrepareHandler(func(sig linux.Signal) {
// Tracing signals should cause their respective actions. // Panic signal should cause a panic.
if args.Conf.PanicSignal != -1 && sig == linux.Signal(args.Conf.PanicSignal) { if args.Conf.PanicSignal != -1 && sig == linux.Signal(args.Conf.PanicSignal) {
panic("Signal-induced panic") panic("Signal-induced panic")
} }
if args.Conf.TraceSignal != -1 && sig == linux.Signal(args.Conf.TraceSignal) {
log.TracebackAll("Signal-induced traceback")
return
}
// Otherwise forward to root container. // Otherwise forward to root container.
deliveryMode := DeliverToProcess deliveryMode := DeliverToProcess

4
runsc/main.go
View File

@ -62,8 +62,7 @@ var (
fileAccess = flag.String("file-access", "exclusive", "specifies which filesystem to use for the root mount: exclusive (default), shared. Volume mounts are always shared.") fileAccess = flag.String("file-access", "exclusive", "specifies which filesystem to use for the root mount: exclusive (default), shared. Volume mounts are always shared.")
overlay = flag.Bool("overlay", false, "wrap filesystem mounts with writable overlay. All modifications are stored in memory inside the sandbox.") overlay = flag.Bool("overlay", false, "wrap filesystem mounts with writable overlay. All modifications are stored in memory inside the sandbox.")
watchdogAction = flag.String("watchdog-action", "log", "sets what action the watchdog takes when triggered: log (default), panic.") watchdogAction = flag.String("watchdog-action", "log", "sets what action the watchdog takes when triggered: log (default), panic.")
panicSignal = flag.Int("panic-signal", -1, "register signal handling that panics. Usually set to SIGUSR2(12) to troubleshoot hangs. -1 disables it. This takes precendence over -trace-signal.") panicSignal = flag.Int("panic-signal", -1, "register signal handling that panics. Usually set to SIGUSR2(12) to troubleshoot hangs. -1 disables it.")
traceSignal = flag.Int("trace-signal", -1, "register signal handling that logs a traceback of all goroutines. Usually set to SIGUSR2(12) to troubleshoot hangs. -1 disables it.")
testOnlyAllowRunAsCurrentUserWithoutChroot = flag.Bool("TESTONLY-unsafe-nonroot", false, "TEST ONLY; do not ever use! This skips many security measures that isolate the host from the sandbox.") testOnlyAllowRunAsCurrentUserWithoutChroot = flag.Bool("TESTONLY-unsafe-nonroot", false, "TEST ONLY; do not ever use! This skips many security measures that isolate the host from the sandbox.")
) )
@ -147,7 +146,6 @@ func main() {
StraceLogSize: *straceLogSize, StraceLogSize: *straceLogSize,
WatchdogAction: wa, WatchdogAction: wa,
PanicSignal: *panicSignal, PanicSignal: *panicSignal,
TraceSignal: *traceSignal,
TestOnlyAllowRunAsCurrentUserWithoutChroot: *testOnlyAllowRunAsCurrentUserWithoutChroot, TestOnlyAllowRunAsCurrentUserWithoutChroot: *testOnlyAllowRunAsCurrentUserWithoutChroot,
} }
if len(*straceSyscalls) != 0 { if len(*straceSyscalls) != 0 {