- Combine process creation code that is shared between
root and subcontainer processes
- Move root container information into a struct for
clarity
Updates #2714
PiperOrigin-RevId: 321204798
When --debug is enabled, the following log messages are
printed every second filling up the log:
D0430 18:04:42.823775 129561 parameters.go:238] Clock(Monotonic): error: 46 ns, adjusted frequency from 3591713733 Hz to 3591714196 Hz
D0430 18:04:42.823870 129561 parameters.go:238] Clock(Realtime): error: 36 ns, adjusted frequency from 3591714003 Hz to 3591714169 Hz
D0430 18:04:42.823892 129561 timekeeper.go:209] Updating VDSO parameters: {monotonicReady:1 monotonicBaseCycles:15758797714254696 monotonicBaseRef:29000233837 monotonicFrequency:3591714196 realtimeReady:1 realtimeBaseCycles:15758797714610880 realtimeBaseRef:1588269882823867374 realtimeFrequency:3591714169}
Info and warning messages for larger changes are kept the same.
PiperOrigin-RevId: 321048523
Add a conditional to avoid running the issue reviver on forks. It will
always cause errors since bug references in the source code don't match
issue IDs in forked repos.
PiperOrigin-RevId: 321042060
This rule isn't restored when the Kokoro VM is restarted, so it's not doing
anything. And the problem it was meant to solved is instead addressed by
https://github.com/google/gvisor/pull/3207.
PiperOrigin-RevId: 321026846
For accessing metadata fields:
- If metadataMu is locked, we can access without atomics
- If metadataMu is unlocked, we should use atomics
For mutating metadata fields:
- Always lock metadataMu and use atomics.
There were some instances of inconsistencies which have been fixed.
PiperOrigin-RevId: 321022895
Earlier we were docker exec-ing each test at a time. However invoking the test
framework has a fixed overhead which made it infeasible to make the runtime
tests run as presubmits. This change now executes tests in batches of 50 (can
be altered). This really speeds up testing process.
With this change, the following tests can be run in reasonable times:
- Go
- Nodejs
- Php
- Python
PiperOrigin-RevId: 320763916
Split the kvm ut test cases to pass unit-tests on Arm64.
I will add the tls and full-context test cases for Arm64 later.
Signed-off-by: Bin Lu <bin.lu@arm.com>
RFC-1122 (and others) specify that UDP should not receive
datagrams that have a source address that is a multicast address.
Packets should never be received FROM a multicast address.
See also, RFC 768: 'User Datagram Protocol'
J. Postel, ISI, 28 August 1980
A UDP datagram received with an invalid IP source address
(e.g., a broadcast or multicast address) must be discarded
by UDP or by the IP layer (see rfc 1122 Section 3.2.1.3).
This CL does not address TCP or broadcast which is more complicated.
Also adds a test for both ipv6 and ipv4 UDP.
Fixes#3154
PiperOrigin-RevId: 320547674
The go.mod dependency tree for the shim was somehow contradictory. After
resolving these issues (e.g. explicitly imported k8s 1.14, pulling a
specific dbus version), and adding all dependencies, the shim can now be
build as part of the regular bazel tree.
As part of this process, minor cleanup was done in all the source files:
headers were standardized (and include "The gVisor Authors" in addition
to the "The containerd Authors" if originally derived from containerd
sources), and comments were cleaned up to meet coding standards.
This change makes the containerd installation dynamic, so that multiple
versions can be tested, and drops the static installer for the VM image
itself.
This change also updates test/root/crictl_test.go and related utilities,
so that the containerd tests can be run on any version (and in cases
where it applies, they can be run on both v1 and v2 as parameterized
tests).
Adds a netns flag to runsc spec that allows users to specify a network
namespace path when creating a sample config.json file. Also, adds the ability
to specify the command arguments used when running the container.
This will make it easier for new users to create sample OCI bundles without
having to edit the config.json by hand.
PiperOrigin-RevId: 320486267
Fixed an issue with the runtime test runner which enables us to run tests in
shards. We had to touch the status file as indicated by an env var.
PiperOrigin-RevId: 320236205
- Only use MAXSYMLINKS/2+1 symlinks for each of the interpreter and script
paths in SymlinkLimitRefreshedForInterpreter to tolerate cases where the
original paths (/tmp, /bin, or /bin/echo) themselves contain symlinks.
- Ensure that UnshareFiles performs execve immediately after clone(CLONE_VFORK)
(no heap allocation for ExecveArray/RunfilesPath).
- Use lstat() rather than stat() for the existence check in fs_util's Exists;
the latter will fail if the symlink target does not exist, even if the
symlink does.
PiperOrigin-RevId: 320110156
RFC 6864 imposes various restrictions on the uniqueness of the IPv4
Identification field for non-atomic datagrams, defined as an IP datagram that
either can be fragmented (DF=0) or is already a fragment (MF=1 or positive
fragment offset). In order to be compliant, the ID field is assigned for all
non-atomic datagrams.
Add a TCP unit test that induces retransmissions and checks that the IPv4
ID field is unique every time. Add basic handling of the IP_MTU_DISCOVER
socket option so that the option can be used to disable PMTU discovery,
effectively setting DF=0. Attempting to set the sockopt to anything other
than disabled will fail because PMTU discovery is currently not implemented,
and the default behavior matches that of disabled.
PiperOrigin-RevId: 320081842
The current convention is when a header is set to pkt.XxxHeader field, it
gets removed from pkt.Data. ICMP does not currently follow this convention.
PiperOrigin-RevId: 320078606
This change fixes a few things:
- creating sockets using mknod(2) is supported via vfs2
- fsgofer can create regular files via mknod(2)
- mode = 0 for mknod(2) will be interpreted as regular file in vfs2 as well
Updates #2923
PiperOrigin-RevId: 320074267
The fdnotifier package provides an API to a thread that continually epolls
arbitrary host FDs. The set of events polled for each host FD is (intended to
be) all events for which a waiter.Entry has expressed interest, as returned by
waiter.Queue.Events() for the waiter.Queue registered to the given host FD.
When the set of events changes (due to a change in the set of registered
waiter.Entries), the mutator must call fdnotifier.UpdateFD() to recalculate the
new event set and propagate it to the epoll FD.
PiperOrigin-RevId: 319924719
Fabricio Voznika
Jay Zhuang
Ting-Yu Wang
gVisor bot
Ian Lewis
Ayush Ranjan
Dean Deng
Kevin Krakauer
Zach Koopmans
Adin Scannell
Ghanan Gowripalan
Bhasker Hariharan
Bin Lu
Michael Pratt
Tamir Duberstein
Jamie Liu
Tony Gong
Wietse Venema