diff --git a/.gcloudignore b/.gcloudignore index a1ac4bdf6..ec372978f 100644 --- a/.gcloudignore +++ b/.gcloudignore @@ -1,3 +1,5 @@ +bin/ public/ resources/ node_modules/ +upstream/ diff --git a/.gitignore b/.gitignore index 56919aaf9..ec372978f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +bin/ public/ resources/ node_modules/ diff --git a/Makefile b/Makefile index 7415fc653..af41e99d5 100644 --- a/Makefile +++ b/Makefile @@ -6,6 +6,7 @@ GCLOUD := gcloud GCP_PROJECT := gvisor-website # Source Go files, example: main.go, foo/bar.go. +GEN_SOURCE = $(wildcard cmd/generate-syscall-docs/*) APP_SOURCE = $(wildcard cmd/gvisor-website/*) # Target Go files, example: public/main.go, public/foo/bar.go. APP_TARGET = $(patsubst cmd/gvisor-website/%,public/%,$(APP_SOURCE)) @@ -40,7 +41,7 @@ content/docs/community/sigs: upstream/community $(wildcard upstream/community/si $(APP_TARGET): public $(APP_SOURCE) cp -a cmd/gvisor-website/$(patsubst public/%,%,$@) public/ -public/static: node_modules config.toml $(shell find archetypes assets content themes -type f | sed 's/ /\\ /g') +public/static: compatibility-docs node_modules config.toml $(shell find archetypes assets content themes -type f | sed 's/ /\\ /g') HUGO_ENV="production" $(HUGO) node_modules: package.json package-lock.json @@ -48,8 +49,19 @@ node_modules: package.json package-lock.json # See: https://github.com/npm/npm/issues/18286 $(NPM) ci +upstream/gvisor/bazel-bin/runsc/linux_amd64_pure_stripped/runsc: upstream-gvisor + cd upstream/gvisor && bazel build runsc + +bin/generate-syscall-docs: $(GEN_SOURCE) + mkdir -p bin/ + go build -o bin/generate-syscall-docs gvisor.dev/website/cmd/generate-syscall-docs + +.PHONY: compatibility-docs +compatibility-docs: bin/generate-syscall-docs upstream/gvisor/bazel-bin/runsc/linux_amd64_pure_stripped/runsc + ./upstream/gvisor/bazel-bin/runsc/linux_amd64_pure_stripped/runsc help syscalls -o json | ./bin/generate-syscall-docs -out ./content/docs/user_guide/compatibility/ + # Run a local content development server. Redirects will not be supported. -server: all-upstream +server: all-upstream compatibility-docs $(HUGO) server -FD --port 8080 .PHONY: server @@ -63,7 +75,7 @@ deploy: $(APP_TARGET) # Submit a build to Cloud Build manually. Used to test cloudbuild.yaml changes. cloud-build: - gcloud builds submit --config cloudbuild/cloudbuild.yaml . + gcloud builds submit --config cloudbuild.yaml . # Build and push the hugo Docker image used by Cloud Build. hugo-docker-image: @@ -78,5 +90,5 @@ htmlproofer-docker-image: .PHONY: htmlproofer-docker-image clean: - rm -rf public/ resources/ node_modules/ upstream/ + rm -rf public/ resources/ node_modules/ upstream/ content/docs/user_guide/compatibility/linux/ .PHONY: clean diff --git a/cloudbuild.yaml b/cloudbuild.yaml index 25944303a..f8bf38566 100644 --- a/cloudbuild.yaml +++ b/cloudbuild.yaml @@ -13,15 +13,62 @@ # limitations under the License. steps: + - name: 'bash' + args: ['bash', '-c', 'mkdir -p upstream/'] + # Clone the upstream repos + - name: 'gcr.io/cloud-builders/git' + args: ['clone', 'https://github.com/google/gvisor.git'] + dir: 'upstream' + - name: 'gcr.io/cloud-builders/git' + args: ['clone', 'https://gvisor.googlesource.com/community'] + dir: 'upstream' + # Build runsc + - name: 'gcr.io/cloud-builders/bazel' + args: + - 'build' + - '--show_timestamps' + - '--test_output=errors' + - '--keep_going' + - '--verbose_failures' + - 'runsc' + dir: 'upstream/gvisor' + # Build the compatibility doc generator tool + - name: 'golang' + env: ['GO111MODULE=on'] + args: + - 'go' + - 'build' + - '-o' + - 'bin/generate-syscall-docs' + - 'gvisor.dev/website/cmd/generate-syscall-docs' + # Generate compatibility docs. + - name: 'bash' + args: + - 'bash' + - '-c' + - > + ./upstream/gvisor/bazel-bin/runsc/linux_amd64_pure_stripped/runsc help syscalls -o json | + ./bin/generate-syscall-docs -out ./content/docs/user_guide/compatibility/ + # Pull npm dependencies for scss + - name: 'gcr.io/cloud-builders/npm' + args: ['ci'] # Generate the website. - name: 'gcr.io/gvisor-website/hugo:0.53' - args: ["make"] + env: ['HUGO_ENV=production'] + args: ["hugo"] # Test the HTML for issues. - name: 'gcr.io/gvisor-website/html-proofer:3.10.2' - args: ["htmlproofer", "--disable-external", "--check-html", "public/static"] + args: + - "htmlproofer" + - "--disable-external" + - "--check-html" + - "public/static" # Deploy to App Engine only for master branch. - name: 'gcr.io/cloud-builders/gcloud' entrypoint: 'bash' - args: + args: - '-c' - - 'if [[ "$PROJECT_ID" == "gvisor-website" && "$BRANCH_NAME" == "master" ]]; then gcloud app deploy public/app.yaml; fi' + - > + if [[ "$PROJECT_ID" == "gvisor-website" && "$BRANCH_NAME" == "master" ]]; then + gcloud app deploy public/app.yaml; + fi diff --git a/cmd/generate-syscall-docs/main.go b/cmd/generate-syscall-docs/main.go new file mode 100644 index 000000000..006bd1ce5 --- /dev/null +++ b/cmd/generate-syscall-docs/main.go @@ -0,0 +1,203 @@ +// Copyright 2019 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package main + +import ( + "bufio" + "encoding/json" + "flag" + "fmt" + "io" + "os" + "path/filepath" + "sort" + "strings" + "text/template" +) + +type CompatibilityInfo map[string]map[string]ArchInfo + +// ArchInfo is compatbility doc for an architecture. +type ArchInfo struct { + // Syscalls maps syscall number for the architecture to the doc. + Syscalls map[uintptr]SyscallDoc `json:"syscalls"` +} + +// SyscallDoc represents a single item of syscall documentation. +type SyscallDoc struct { + Name string `json:"name"` + Support string `json:"support"` + Note string `json:"note,omitempty"` + URLs []string `json:"urls,omitempty"` +} + +var mdTemplate = template.Must(template.New("out").Parse(` ++++ +title = "{{.OS}}/{{.Arch}}" +description = "Syscall Compatibility Reference Documentation for {{.OS}}/{{.Arch}}" +weight = {{.Weight}} ++++ + +This table is a reference of {{.OS}} syscalls for the {{.Arch}} architecture and +their compatibility status in gVisor. gVisor does not support all syscalls and +some syscalls may have a partial implementation. + +Of {{.Total}} syscalls, {{.Supported}} syscalls have a full or partial +implementation. There are currently {{.Unsupported}} unsupported +syscalls. {{if .Undocumented}}{{.Undocumented}} syscalls are not yet documented.{{end}} + +
# | +Name | +Support | +Notes | +
---|---|---|---|
{{.Number}} | +{{.Name}} | +{{.Support}} | +{{.Note}} {{range $i, $url := .URLs}} See: {{.}}{{end}} |
+
# | -Name | -Support | -GitHub Issue | -Notes | -
---|---|---|---|---|
68 | -msgget | -Unimplemented | -- | Returns ENOSYS | -
69 | -msgsnd | -Unimplemented | -- | Returns ENOSYS | -
70 | -msgrcv | -Unimplemented | -- | Returns ENOSYS | -
71 | -msgctl | -Unimplemented | -- | Returns ENOSYS | -
122 | -setfsuid | -Unimplemented | -- | Returns ENOSYS | -
123 | -setfsgid | -Unimplemented | -- | Returns ENOSYS | -
134 | -uselib | -Unimplemented | -- | Returns ENOSYS; Obsolete | -
135 | -personality | -Partial | -- | Returns EINVAL; Unable to change personality | -
136 | -ustat | -Unimplemented | -- | Returns ENOSYS; Needs filesystem support | -
139 | -sysfs | -Unimplemented | -- | Returns ENOSYS | -
142 | -sched_setparam | -Partial | -- | Returns EPERM or ENOSYS; Returns EPERM if the process does not have cap_sys_nice; ENOSYS otherwise | -
148 | -sched_rr_get_interval | -Partial | -- | Returns EPERM | -
153 | -vhangup | -Partial | -- | Returns EPERM | -
154 | -modify_ldt | -Partial | -- | Returns EPERM | -
155 | -pivot_root | -Partial | -- | Returns EPERM | -
156 | -sysctl | -Partial | -- | Returns EPERM | -
159 | -adjtimex | -Partial | -- | Returns EPERM or ENOSYS; Returns EPERM if the process does not have cap_sys_time; ENOSYS otherwise | -
163 | -acct | -Partial | -- | Returns EPERM or ENOSYS; Returns EPERM if the process does not have cap_sys_pacct; ENOSYS otherwise | -
164 | -settimeofday | -Partial | -- | Returns EPERM or ENOSYS; Returns EPERM if the process does not have cap_sys_time; ENOSYS otherwise | -
167 | -swapon | -Partial | -- | Returns EPERM or ENOSYS; Returns EPERM if the process does not have cap_sys_admin; ENOSYS otherwise | -
168 | -swapoff | -Partial | -- | Returns EPERM or ENOSYS; Returns EPERM if the process does not have cap_sys_admin; ENOSYS otherwise | -
169 | -reboot | -Partial | -- | Returns EPERM or ENOSYS; Returns EPERM if the process does not have cap_sys_boot; ENOSYS otherwise | -
172 | -iopl | -Partial | -- | Returns EPERM or ENOSYS; Returns EPERM if the process does not have cap_sys_rawio; ENOSYS otherwise | -
173 | -ioperm | -Partial | -- | Returns EPERM or ENOSYS; Returns EPERM if the process does not have cap_sys_rawio; ENOSYS otherwise | -
174 | -create_module | -Partial | -- | Returns EPERM or ENOSYS; Returns EPERM if the process does not have cap_sys_module; ENOSYS otherwise | -
175 | -init_module | -Partial | -- | Returns EPERM or ENOSYS; Returns EPERM if the process does not have cap_sys_module; ENOSYS otherwise | -
176 | -delete_module | -Partial | -- | Returns EPERM or ENOSYS; Returns EPERM if the process does not have cap_sys_module; ENOSYS otherwise | -
177 | -get_kernel_syms | -Unimplemented | -- | Returns ENOSYS; Not supported in > 2.6 | -
178 | -query_module | -Unimplemented | -- | Returns ENOSYS; Not supported in > 2.6 | -
179 | -quotactl | -Partial | -- | Returns EPERM or ENOSYS; Returns EPERM if the process does not have cap_sys_admin; ENOSYS otherwise | -
180 | -nfsservctl | -Unimplemented | -- | Returns ENOSYS; Does not exist > 3.1 | -
181 | -getpmsg | -Unimplemented | -- | Returns ENOSYS; Not implemented in Linux | -
182 | -putpmsg | -Unimplemented | -- | Returns ENOSYS; Not implemented in Linux | -
183 | -afs_syscall | -Unimplemented | -- | Returns ENOSYS; Not implemented in Linux | -
184 | -tuxcall | -Unimplemented | -- | Returns ENOSYS; Not implemented in Linux | -
185 | -security | -Unimplemented | -- | Returns ENOSYS; Not implemented in Linux | -
187 | -readahead | -Unimplemented | -- | Returns ENOSYS | -
188 | -setxattr | -Partial | -- | Returns ENOTSUP; Requires filesystem support | -
189 | -lsetxattr | -Partial | -- | Returns ENOTSUP; Requires filesystem support | -
190 | -fsetxattr | -Partial | -- | Returns ENOTSUP; Requires filesystem support | -
191 | -getxattr | -Partial | -- | Returns ENOTSUP; Requires filesystem support | -
192 | -lgetxattr | -Partial | -- | Returns ENOTSUP; Requires filesystem support | -
193 | -fgetxattr | -Partial | -- | Returns ENOTSUP; Requires filesystem support | -
194 | -listxattr | -Partial | -- | Returns ENOTSUP; Requires filesystem support | -
195 | -llistxattr | -Partial | -- | Returns ENOTSUP; Requires filesystem support | -
196 | -flistxattr | -Partial | -- | Returns ENOTSUP; Requires filesystem support | -
197 | -removexattr | -Partial | -- | Returns ENOTSUP; Requires filesystem support | -
198 | -lremovexattr | -Partial | -- | Returns ENOTSUP; Requires filesystem support | -
199 | -fremovexattr | -Partial | -- | Returns ENOTSUP; Requires filesystem support | -
205 | -set_thread_area | -Unimplemented | -- | Returns ENOSYS; Expected to return ENOSYS on 64-bit | -
211 | -get_thread_area | -Unimplemented | -- | Returns ENOSYS; Expected to return ENOSYS on 64-bit | -
212 | -lookup_dcookie | -Partial | -- | Returns EPERM or ENOSYS; Returns EPERM if the process does not have cap_sys_admin; ENOSYS otherwise | -
214 | -epoll_ctl_old | -Unimplemented | -- | Returns ENOSYS; Deprecated | -
215 | -epoll_wait_old | -Unimplemented | -- | Returns ENOSYS; Deprecated | -
216 | -remap_file_pages | -Unimplemented | -- | Returns ENOSYS; Deprecated | -
220 | -semtimedop | -Unimplemented | -- | Returns ENOSYS | -
236 | -vserver | -Unimplemented | -- | Returns ENOSYS; Not implemented by Linux | -
237 | -mbind | -Partial | -- | Returns EPERM or ENOSYS; Returns EPERM if the process does not have cap_sys_nice; ENOSYS otherwise | -
240 | -mq_open | -Unimplemented | -- | Returns ENOSYS | -
241 | -mq_unlink | -Unimplemented | -- | Returns ENOSYS | -
242 | -mq_timedsend | -Unimplemented | -- | Returns ENOSYS | -
243 | -mq_timedreceive | -Unimplemented | -- | Returns ENOSYS | -
244 | -mq_notify | -Unimplemented | -- | Returns ENOSYS | -
245 | -mq_getsetattr | -Unimplemented | -- | Returns ENOSYS | -
248 | -add_key | -Partial | -- | Returns EACCES; Not available to user | -
249 | -request_key | -Partial | -- | Returns EACCES; Not available to user | -
250 | -keyctl | -Partial | -- | Returns EACCES; Not available to user | -
251 | -ioprio_set | -Partial | -- | Returns EPERM or ENOSYS; Returns EPERM if the process does not have cap_sys_admin; ENOSYS otherwise | -
252 | -ioprio_get | -Partial | -- | Returns EPERM or ENOSYS; Returns EPERM if the process does not have cap_sys_admin; ENOSYS otherwise | -
256 | -migrate_pages | -Partial | -- | Returns EPERM or ENOSYS; Returns EPERM if the process does not have cap_sys_nice; ENOSYS otherwise | -
273 | -set_robust_list | -Unimplemented | -- | Returns ENOSYS; Obsolete | -
274 | -get_robust_list | -Unimplemented | -- | Returns ENOSYS; Obsolete | -
275 | -splice | -Unimplemented | -- | Returns ENOSYS | -
276 | -tee | -Unimplemented | -- | Returns ENOSYS | -
278 | -vmsplice | -Unimplemented | -- | Returns ENOSYS | -
279 | -move_pages | -Partial | -- | Returns EPERM or ENOSYS; Returns EPERM if the process does not have cap_sys_nice; ENOSYS otherwise | -
282 | -signalfd | -Unimplemented | -- | Returns ENOSYS | -
289 | -signalfd4 | -Unimplemented | -- | Returns ENOSYS | -
298 | -perf_event_open | -Partial | -- | Returns ENODEV; No support for perf counters | -
300 | -fanotify_init | -Unimplemented | -- | Returns ENOSYS; Needs CONFIG_FANOTIFY | -
301 | -fanotify_mark | -Unimplemented | -- | Returns ENOSYS; Needs CONFIG_FANOTIFY | -
303 | -name_to_handle_at | -Partial | -- | Returns EOPNOTSUPP; Needs filesystem support | -
304 | -open_by_handle_at | -Partial | -- | Returns EOPNOTSUPP; Needs filesystem support | -
305 | -clock_adjtime | -Partial | -- | Returns EPERM or ENOSYS; Returns EPERM if the process does not have cap_sys_module; ENOSYS otherwise | -
308 | -setns | -Unimplemented | -- | Returns ENOSYS | -
310 | -process_vm_readv | -Unimplemented | -- | Returns ENOSYS | -
311 | -process_vm_writev | -Unimplemented | -- | Returns ENOSYS | -
312 | -kcmp | -Partial | -- | Returns EPERM or ENOSYS; Requires cap_sys_ptrace | -
313 | -finit_module | -Partial | -- | Returns EPERM or ENOSYS; Returns EPERM if the process does not have cap_sys_module; ENOSYS otherwise | -
314 | -sched_setattr | -Unimplemented | -- | Returns ENOSYS | -
315 | -sched_getattr | -Unimplemented | -- | Returns ENOSYS | -
316 | -renameat2 | -Unimplemented | -- | Returns ENOSYS | -
319 | -memfd_create | -Unimplemented | -- | Returns ENOSYS | -
321 | -bpf | -Partial | -- | Returns EPERM or ENOSYS; Returns EPERM if the process does not have cap_sys_boot; ENOSYS otherwise | -
322 | -execveat | -Unimplemented | -- | Returns ENOSYS | -
323 | -userfaultfd | -Unimplemented | -- | Returns ENOSYS | -
324 | -membarrier | -Unimplemented | -- | Returns ENOSYS | -
326 | -copy_file_range | -Unimplemented | -- | Returns ENOSYS | -