Automated rollback of changelist 225089593
PiperOrigin-RevId: 227595007 Change-Id: If14cc5aab869c5fd7a4ebd95929c887ab690e94c
This commit is contained in:
parent
8e586db162
commit
33191e1cc4
|
@ -200,15 +200,8 @@ type Config struct {
|
||||||
|
|
||||||
// PanicSignal registers signal handling that panics. Usually set to
|
// PanicSignal registers signal handling that panics. Usually set to
|
||||||
// SIGUSR2(12) to troubleshoot hangs. -1 disables it.
|
// SIGUSR2(12) to troubleshoot hangs. -1 disables it.
|
||||||
//
|
|
||||||
// PanicSignal takes precedence over TraceSignal.
|
|
||||||
PanicSignal int
|
PanicSignal int
|
||||||
|
|
||||||
// TraceSignal registers signal handling that logs a traceback of all
|
|
||||||
// goroutines. Usually set to SIGUSR2(12) to troubleshoot hangs. -1
|
|
||||||
// disables it.
|
|
||||||
TraceSignal int
|
|
||||||
|
|
||||||
// TestOnlyAllowRunAsCurrentUserWithoutChroot should only be used in
|
// TestOnlyAllowRunAsCurrentUserWithoutChroot should only be used in
|
||||||
// tests. It allows runsc to start the sandbox process as the current
|
// tests. It allows runsc to start the sandbox process as the current
|
||||||
// user, and without chrooting the sandbox process. This can be
|
// user, and without chrooting the sandbox process. This can be
|
||||||
|
@ -235,7 +228,6 @@ func (c *Config) ToFlags() []string {
|
||||||
"--strace-log-size=" + strconv.Itoa(int(c.StraceLogSize)),
|
"--strace-log-size=" + strconv.Itoa(int(c.StraceLogSize)),
|
||||||
"--watchdog-action=" + c.WatchdogAction.String(),
|
"--watchdog-action=" + c.WatchdogAction.String(),
|
||||||
"--panic-signal=" + strconv.Itoa(c.PanicSignal),
|
"--panic-signal=" + strconv.Itoa(c.PanicSignal),
|
||||||
"--trace-signal=" + strconv.Itoa(c.TraceSignal),
|
|
||||||
}
|
}
|
||||||
if c.TestOnlyAllowRunAsCurrentUserWithoutChroot {
|
if c.TestOnlyAllowRunAsCurrentUserWithoutChroot {
|
||||||
// Only include if set since it is never to be used by users.
|
// Only include if set since it is never to be used by users.
|
||||||
|
|
|
@ -309,14 +309,10 @@ func New(args Args) (*Loader, error) {
|
||||||
// Handle signals by forwarding them to the root container process
|
// Handle signals by forwarding them to the root container process
|
||||||
// (except for panic signal, which should cause a panic).
|
// (except for panic signal, which should cause a panic).
|
||||||
l.startSignalForwarding = sighandling.PrepareHandler(func(sig linux.Signal) {
|
l.startSignalForwarding = sighandling.PrepareHandler(func(sig linux.Signal) {
|
||||||
// Tracing signals should cause their respective actions.
|
// Panic signal should cause a panic.
|
||||||
if args.Conf.PanicSignal != -1 && sig == linux.Signal(args.Conf.PanicSignal) {
|
if args.Conf.PanicSignal != -1 && sig == linux.Signal(args.Conf.PanicSignal) {
|
||||||
panic("Signal-induced panic")
|
panic("Signal-induced panic")
|
||||||
}
|
}
|
||||||
if args.Conf.TraceSignal != -1 && sig == linux.Signal(args.Conf.TraceSignal) {
|
|
||||||
log.TracebackAll("Signal-induced traceback")
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// Otherwise forward to root container.
|
// Otherwise forward to root container.
|
||||||
deliveryMode := DeliverToProcess
|
deliveryMode := DeliverToProcess
|
||||||
|
|
|
@ -62,8 +62,7 @@ var (
|
||||||
fileAccess = flag.String("file-access", "exclusive", "specifies which filesystem to use for the root mount: exclusive (default), shared. Volume mounts are always shared.")
|
fileAccess = flag.String("file-access", "exclusive", "specifies which filesystem to use for the root mount: exclusive (default), shared. Volume mounts are always shared.")
|
||||||
overlay = flag.Bool("overlay", false, "wrap filesystem mounts with writable overlay. All modifications are stored in memory inside the sandbox.")
|
overlay = flag.Bool("overlay", false, "wrap filesystem mounts with writable overlay. All modifications are stored in memory inside the sandbox.")
|
||||||
watchdogAction = flag.String("watchdog-action", "log", "sets what action the watchdog takes when triggered: log (default), panic.")
|
watchdogAction = flag.String("watchdog-action", "log", "sets what action the watchdog takes when triggered: log (default), panic.")
|
||||||
panicSignal = flag.Int("panic-signal", -1, "register signal handling that panics. Usually set to SIGUSR2(12) to troubleshoot hangs. -1 disables it. This takes precendence over -trace-signal.")
|
panicSignal = flag.Int("panic-signal", -1, "register signal handling that panics. Usually set to SIGUSR2(12) to troubleshoot hangs. -1 disables it.")
|
||||||
traceSignal = flag.Int("trace-signal", -1, "register signal handling that logs a traceback of all goroutines. Usually set to SIGUSR2(12) to troubleshoot hangs. -1 disables it.")
|
|
||||||
|
|
||||||
testOnlyAllowRunAsCurrentUserWithoutChroot = flag.Bool("TESTONLY-unsafe-nonroot", false, "TEST ONLY; do not ever use! This skips many security measures that isolate the host from the sandbox.")
|
testOnlyAllowRunAsCurrentUserWithoutChroot = flag.Bool("TESTONLY-unsafe-nonroot", false, "TEST ONLY; do not ever use! This skips many security measures that isolate the host from the sandbox.")
|
||||||
)
|
)
|
||||||
|
@ -147,7 +146,6 @@ func main() {
|
||||||
StraceLogSize: *straceLogSize,
|
StraceLogSize: *straceLogSize,
|
||||||
WatchdogAction: wa,
|
WatchdogAction: wa,
|
||||||
PanicSignal: *panicSignal,
|
PanicSignal: *panicSignal,
|
||||||
TraceSignal: *traceSignal,
|
|
||||||
TestOnlyAllowRunAsCurrentUserWithoutChroot: *testOnlyAllowRunAsCurrentUserWithoutChroot,
|
TestOnlyAllowRunAsCurrentUserWithoutChroot: *testOnlyAllowRunAsCurrentUserWithoutChroot,
|
||||||
}
|
}
|
||||||
if len(*straceSyscalls) != 0 {
|
if len(*straceSyscalls) != 0 {
|
||||||
|
|
Loading…
Reference in New Issue