- Change proc to return envp on overwrite of argv with limitations from
upstream.
- Add unit tests
- Change layout of argv/envp on the stack so that end of argv is contiguous with
beginning of envp.
PiperOrigin-RevId: 232506107
Change-Id: I993880499ab2c1220f6dc456a922235c49304dec
Multiple tests were creating the same directory before removing it, making it
possible for concurrent tests to fail because the directory already exists.
PiperOrigin-RevId: 232389814
Change-Id: I35d409fff4b3fd864b30fee742cb587b14975c23
Dirty should be set only when the attribute is changed in the cache
only. Instances where the change was also sent to the backing file
doesn't need to dirty the attribute.
Also remove size update during WriteOut as writing dirty page would
naturaly grow the file if needed.
RELNOTES: relnotes is needed for the parent CL.
PiperOrigin-RevId: 232068978
Change-Id: I00ba54693a2c7adc06efa9e030faf8f2e8e7f188
This changed required making fsutil.HostMappable use
a backing file to ensure the correct FD would be used
for read/write operations.
RELNOTES: relnotes is needed for the parent CL.
PiperOrigin-RevId: 231836164
Change-Id: I8ae9639715529874ea7d80a65e2c711a5b4ce254
Nothing reads them and they can simply get stale.
Generated with:
$ sed -i "s/licenses(\(.*\)).*/licenses(\1)/" **/BUILD
PiperOrigin-RevId: 231818945
Change-Id: Ibc3f9838546b7e94f13f217060d31f4ada9d4bf0
quoting what "rscheff@gmx.at" pointed out over email.
"IsLost in RFC3517 is defined as >= (DupThresh * SMSS) while
RFC6675 improves upon this, and defines IsLost as >
((DupThresh - 1) * SMSS + 1).
The latter addresses situations where partial segments (size < MSS)
are sent (eg. last segment of a http protocol message sent with PSH
being less than MSS is common)."
PiperOrigin-RevId: 231512331
Change-Id: I1addd4a92e3e7baeb0bdda46463ebfae435da958
stdout can be (and, in automated testing, often is) a host pipe or
similar resource shared between multiple parallel tests, such that it
can become transiently full during testing.
PiperOrigin-RevId: 231413569
Change-Id: Id14991b5f71e53c894695899e65e1be4dd228cc6
This should reduce the number of syscalls required to process packets
significantly and improve throughputs.
PiperOrigin-RevId: 231366886
Change-Id: I8b38077262bf9c53176bc4a94b530188d3d7c0ca
We were modifying InodeSimpleAttributes.Unstable.AccessTime without holding
the necessary lock. Luckily for us, InodeSimpleAttributes already has a
NotifyAccess method that will do the update while holding the lock.
In addition, we were holding dfo.dir.mu.Lock while setting AccessTime, which
is unnecessary, so that lock has been removed.
PiperOrigin-RevId: 231278447
Change-Id: I81ed6d3dbc0b18e3f90c1df5e5a9c06132761769
It never actually should have applied to environ (the relevant change in
Linux 4.2 is c2c0bb44620d "proc: fix PAGE_SIZE limit of
/proc/$PID/cmdline"), and we claim to be Linux 4.4 now anyway.
PiperOrigin-RevId: 231250661
Change-Id: I37f9c4280a533d1bcb3eebb7803373ac3c7b9f15
When file size changes outside the sandbox, page cache was not
refreshing file size which is required for cacheRemoteRevalidating.
In fact, cacheRemoteRevalidating should be skipping the cache
completely since it's not really benefiting from it. The cache is
cache is already bypassed for unstable attributes (see
cachePolicy.cacheUAttrs). And althought the cache is called to
map pages, they will always miss the cache and map directly from
the host.
Created a HostMappable struct that maps directly to the host and
use it for files with cacheRemoteRevalidating.
Closes#124
PiperOrigin-RevId: 230998440
Change-Id: Ic5f632eabe33b47241e05e98c95e9b2090ae08fc
In Container.Destroy(), we call c.stop() before calling
executeHooksBestEffort(), therefore, when we call
executeHooksBestEffort(c.Spec.Hooks.Poststop, c.State()) to execute
the poststop hook, it results in a nil pointer dereference since it
reads c.Sandbox.Pid in c.State() after the sandbox has been destroyed.
To fix this bug, we can change container's status to "stopped" before
executing the poststop hook.
Signed-off-by: ShiruRen <renshiru2000@gmail.com>
Change-Id: I4d835e430066fab7e599e188f945291adfc521ef
PiperOrigin-RevId: 230975505
Mounting lib and lib64 are not necessary anymore and simplifies the test.
PiperOrigin-RevId: 230971195
Change-Id: Ib91a3ffcec4b322cd3687c337eedbde9641685ed
The implementation of O_CLOEXEC is orthogonal to every property tested
by these tests; removing it significantly reduces the number of
redundant tests we run.
Also remove no-op calls to VecCat (calls with a single argument).
PiperOrigin-RevId: 230959537
Change-Id: I83fe7db24e481ef67ca1f1992228af423f640b5c
Lots of tests use /tmp for the tests. Force /tmp to be
mounted over fsgofer instead of tmpfs.
PiperOrigin-RevId: 230788985
Change-Id: Id6597ed88133232d15e808c48126bf77cb32673e
Otherwise, C++11-compliant compilers may select PosixErrorOr(const T&)
as the relevant constructor, and fail because std::vector<Mapping> is
not copyable (because Mapping is not copyable).
This is a C++11 defect that is fixed in C++14 (and in C++11 mode for
Clang, but not GCC). See DR 1579,
http://www.open-std.org/jtc1/sc22/wg21/docs/cwg_defects.html#1579.
PiperOrigin-RevId: 230767401
Change-Id: I65f481f5188d91db6cbbbd65ed0a60bc55df3401
netlink_autobind() sets a port id to a process ID, if this address is
available. Otherwise, it will set a port id to a random negative value.
PiperOrigin-RevId: 230631956
Change-Id: I11692e4fe9421e77d9406627b4e7772e4d9b105a
Compilation of this test fails in kokoro:
In file included from /usr/include/linux/netdevice.h:28:0,
from /usr/include/linux/if_arp.h:26,
from ./test/syscalls/linux/socket_netlink_util.h:18,
from test/syscalls/linux/socket_netdevice.cc:24:
/usr/include/linux/if.h:143:8: error: redefinition of 'struct ifmap'
struct ifmap {
^~~~~
In file included from test/syscalls/linux/socket_netdevice.cc:18:0:
/usr/include/net/if.h:111:8: note: previous definition of 'struct ifmap'
struct ifmap
^~~~~
In file included from /usr/include/linux/netdevice.h:28:0,
from /usr/include/linux/if_arp.h:26,
from ./test/syscalls/linux/socket_netlink_util.h:18,
from test/syscalls/linux/socket_netdevice.cc:24:
/usr/include/linux/if.h:177:8: error: redefinition of 'struct ifreq'
struct ifreq {
^~~~~
In file included from test/syscalls/linux/socket_netdevice.cc:18:0:
/usr/include/net/if.h:126:8: note: previous definition of 'struct ifreq'
struct ifreq
^~~~~
In file included from /usr/include/linux/netdevice.h:28:0,
from /usr/include/linux/if_arp.h:26,
from ./test/syscalls/linux/socket_netlink_util.h:18,
from test/syscalls/linux/socket_netdevice.cc:24:
/usr/include/linux/if.h:226:8: error: redefinition of 'struct ifconf'
struct ifconf {
^~~~~~
In file included from test/syscalls/linux/socket_netdevice.cc:18:0:
/usr/include/net/if.h:176:8: note: previous definition of 'struct ifconf'
struct ifconf
PiperOrigin-RevId: 230381931
Change-Id: I3c422c53e50cf2b90022778599d3a8a4a61fd1a3
Removed "error" and "failed to" prefix that don't add value
from messages. Adjusted a few other messages. In particular,
when the container fail to start, the message returned is easier
for humans to read:
$ docker run --rm --runtime=runsc alpine foobar
docker: Error response from daemon: OCI runtime start failed: <path> did not terminate sucessfully: starting container: starting root container [foobar]: starting sandbox: searching for executable "foobar", cwd: "/", $PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin": no such file or directory
Closes#77
PiperOrigin-RevId: 230022798
Change-Id: I83339017c70dae09e4f9f8e0ea2e554c4d5d5cd1
In addition, it fixes a race condition in TestMultiContainerGoferStop.
There are two scripts copy the same set of files into the same directory
and sometime one of this command fails with EXIST.
PiperOrigin-RevId: 230011247
Change-Id: I9289f72e65dc407cdcd0e6cd632a509e01f43e9c
Most of the entries are stubbed out at the moment, but even those were
only displayed if IPv6 support was enabled. The entries should be
displayed with IPv4-support only, and with only loopback devices.
PiperOrigin-RevId: 229946441
Change-Id: I18afaa3af386322787f91bf9d168ab66c01d5a4c
We no longer need to depend on master, since v1.2.2 contains a commit to work
around "malformed input path" bug:
27c6449c2c
PiperOrigin-RevId: 229790405
Change-Id: Ia93b66959e6433bf096d6742be6064c1d7ed8b18
Runsc wants to mount /tmp using internal tmpfs implementation for
performance. However, it risks hiding files that may exist under
/tmp in case it's present in the container. Now, it only mounts
over /tmp iff:
- /tmp was not explicitly asked to be mounted
- /tmp is empty
If any of this is not true, then /tmp maps to the container's
image /tmp.
Note: checkpoint doesn't have sentry FS mounted to check if /tmp
is empty. It simply looks for explicit mounts right now.
PiperOrigin-RevId: 229607856
Change-Id: I10b6dae7ac157ef578efc4dfceb089f3b94cde06