It never actually should have applied to environ (the relevant change in
Linux 4.2 is c2c0bb44620d "proc: fix PAGE_SIZE limit of
/proc/$PID/cmdline"), and we claim to be Linux 4.4 now anyway.
PiperOrigin-RevId: 231250661
Change-Id: I37f9c4280a533d1bcb3eebb7803373ac3c7b9f15
When file size changes outside the sandbox, page cache was not
refreshing file size which is required for cacheRemoteRevalidating.
In fact, cacheRemoteRevalidating should be skipping the cache
completely since it's not really benefiting from it. The cache is
cache is already bypassed for unstable attributes (see
cachePolicy.cacheUAttrs). And althought the cache is called to
map pages, they will always miss the cache and map directly from
the host.
Created a HostMappable struct that maps directly to the host and
use it for files with cacheRemoteRevalidating.
Closes#124
PiperOrigin-RevId: 230998440
Change-Id: Ic5f632eabe33b47241e05e98c95e9b2090ae08fc
In Container.Destroy(), we call c.stop() before calling
executeHooksBestEffort(), therefore, when we call
executeHooksBestEffort(c.Spec.Hooks.Poststop, c.State()) to execute
the poststop hook, it results in a nil pointer dereference since it
reads c.Sandbox.Pid in c.State() after the sandbox has been destroyed.
To fix this bug, we can change container's status to "stopped" before
executing the poststop hook.
Signed-off-by: ShiruRen <renshiru2000@gmail.com>
Change-Id: I4d835e430066fab7e599e188f945291adfc521ef
PiperOrigin-RevId: 230975505
Mounting lib and lib64 are not necessary anymore and simplifies the test.
PiperOrigin-RevId: 230971195
Change-Id: Ib91a3ffcec4b322cd3687c337eedbde9641685ed
The implementation of O_CLOEXEC is orthogonal to every property tested
by these tests; removing it significantly reduces the number of
redundant tests we run.
Also remove no-op calls to VecCat (calls with a single argument).
PiperOrigin-RevId: 230959537
Change-Id: I83fe7db24e481ef67ca1f1992228af423f640b5c
Lots of tests use /tmp for the tests. Force /tmp to be
mounted over fsgofer instead of tmpfs.
PiperOrigin-RevId: 230788985
Change-Id: Id6597ed88133232d15e808c48126bf77cb32673e
Otherwise, C++11-compliant compilers may select PosixErrorOr(const T&)
as the relevant constructor, and fail because std::vector<Mapping> is
not copyable (because Mapping is not copyable).
This is a C++11 defect that is fixed in C++14 (and in C++11 mode for
Clang, but not GCC). See DR 1579,
http://www.open-std.org/jtc1/sc22/wg21/docs/cwg_defects.html#1579.
PiperOrigin-RevId: 230767401
Change-Id: I65f481f5188d91db6cbbbd65ed0a60bc55df3401
netlink_autobind() sets a port id to a process ID, if this address is
available. Otherwise, it will set a port id to a random negative value.
PiperOrigin-RevId: 230631956
Change-Id: I11692e4fe9421e77d9406627b4e7772e4d9b105a
Compilation of this test fails in kokoro:
In file included from /usr/include/linux/netdevice.h:28:0,
from /usr/include/linux/if_arp.h:26,
from ./test/syscalls/linux/socket_netlink_util.h:18,
from test/syscalls/linux/socket_netdevice.cc:24:
/usr/include/linux/if.h:143:8: error: redefinition of 'struct ifmap'
struct ifmap {
^~~~~
In file included from test/syscalls/linux/socket_netdevice.cc:18:0:
/usr/include/net/if.h:111:8: note: previous definition of 'struct ifmap'
struct ifmap
^~~~~
In file included from /usr/include/linux/netdevice.h:28:0,
from /usr/include/linux/if_arp.h:26,
from ./test/syscalls/linux/socket_netlink_util.h:18,
from test/syscalls/linux/socket_netdevice.cc:24:
/usr/include/linux/if.h:177:8: error: redefinition of 'struct ifreq'
struct ifreq {
^~~~~
In file included from test/syscalls/linux/socket_netdevice.cc:18:0:
/usr/include/net/if.h:126:8: note: previous definition of 'struct ifreq'
struct ifreq
^~~~~
In file included from /usr/include/linux/netdevice.h:28:0,
from /usr/include/linux/if_arp.h:26,
from ./test/syscalls/linux/socket_netlink_util.h:18,
from test/syscalls/linux/socket_netdevice.cc:24:
/usr/include/linux/if.h:226:8: error: redefinition of 'struct ifconf'
struct ifconf {
^~~~~~
In file included from test/syscalls/linux/socket_netdevice.cc:18:0:
/usr/include/net/if.h:176:8: note: previous definition of 'struct ifconf'
struct ifconf
PiperOrigin-RevId: 230381931
Change-Id: I3c422c53e50cf2b90022778599d3a8a4a61fd1a3
Removed "error" and "failed to" prefix that don't add value
from messages. Adjusted a few other messages. In particular,
when the container fail to start, the message returned is easier
for humans to read:
$ docker run --rm --runtime=runsc alpine foobar
docker: Error response from daemon: OCI runtime start failed: <path> did not terminate sucessfully: starting container: starting root container [foobar]: starting sandbox: searching for executable "foobar", cwd: "/", $PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin": no such file or directory
Closes#77
PiperOrigin-RevId: 230022798
Change-Id: I83339017c70dae09e4f9f8e0ea2e554c4d5d5cd1
In addition, it fixes a race condition in TestMultiContainerGoferStop.
There are two scripts copy the same set of files into the same directory
and sometime one of this command fails with EXIST.
PiperOrigin-RevId: 230011247
Change-Id: I9289f72e65dc407cdcd0e6cd632a509e01f43e9c
Most of the entries are stubbed out at the moment, but even those were
only displayed if IPv6 support was enabled. The entries should be
displayed with IPv4-support only, and with only loopback devices.
PiperOrigin-RevId: 229946441
Change-Id: I18afaa3af386322787f91bf9d168ab66c01d5a4c
We no longer need to depend on master, since v1.2.2 contains a commit to work
around "malformed input path" bug:
27c6449c2c
PiperOrigin-RevId: 229790405
Change-Id: Ia93b66959e6433bf096d6742be6064c1d7ed8b18
Runsc wants to mount /tmp using internal tmpfs implementation for
performance. However, it risks hiding files that may exist under
/tmp in case it's present in the container. Now, it only mounts
over /tmp iff:
- /tmp was not explicitly asked to be mounted
- /tmp is empty
If any of this is not true, then /tmp maps to the container's
image /tmp.
Note: checkpoint doesn't have sentry FS mounted to check if /tmp
is empty. It simply looks for explicit mounts right now.
PiperOrigin-RevId: 229607856
Change-Id: I10b6dae7ac157ef578efc4dfceb089f3b94cde06
syscall test split testcase via shard count, reset
high bound as begin of next subslice, cause the slice
is half-open range.
Change-Id: I1954f57c93cbfd9be518153315da305a2de377a0
PiperOrigin-RevId: 229405199
More helper structs have been added to the fsutil package to make it easier to
implement fs.InodeOperations and fs.FileOperations.
PiperOrigin-RevId: 229305982
Change-Id: Ib6f8d3862f4216745116857913dbfa351530223b
test/syscalls/linux/wait.cc:626:8: warning: lambda capture 'this' is not
used
302
[this, stack] { ASSERT_THAT(FreeStack(stack), SyscallSucceeds()); });
303
^~~~~
test/syscalls/linux/priority.cc:195:17: warning: lambda capture
'kParentPriority' is not required to be captured for this use
273
ScopedThread([kParentPriority, kChildPriority]() {
274
^~~~~~~~~~~~~~~~
PiperOrigin-RevId: 229275900
Change-Id: I6f0c88efc7891c6c729378a2fa70f70b1b9046a7
In this case, new mounts are not created in the host mount namspaces, so
tearDownChroot isn't needed, because chroot will be destroyed with a
sandbox mount namespace.
In additional, pivot_root can't be called instead of chroot.
PiperOrigin-RevId: 229250871
Change-Id: I765bdb587d0b8287a6a8efda8747639d37c7e7b6
- Fix a few cases where async-signal-unsafe code is executed in a forked
process pre-execve.
- Ensure that the return value of fork() is always checked.
PiperOrigin-RevId: 228949310
Change-Id: I3096cb7d7394b8d9ab81b0e0245f2060713ef589
And we need to wait a gofer process before cgroup.Uninstall,
because it is running in the sandbox cgroups.
PiperOrigin-RevId: 228904020
Change-Id: Iaf8826d5b9626db32d4057a1c505a8d7daaeb8f9
Removing check to RLIMIT_NOFILE in select call.
Adding unit test to select suite to document behavior.
Moving setrlimit class from mlock to a util file for reuse.
Fixing flaky test based on comments from Jamie.
PiperOrigin-RevId: 228726131
Change-Id: Ie9dbe970bbf835ba2cca6e17eec7c2ee6fadf459
- Call MemoryEvents.done.Add(1) outside of MemoryEvents.run() so that if
MemoryEvents.Stop() => MemoryEvents.done.Wait() is called before the
goroutine starts running, it still waits for the goroutine to stop.
- Use defer to call MemoryEvents.done.Done() in MemoryEvents.run() so that it's
called even if the goroutine panics.
PiperOrigin-RevId: 228623307
Change-Id: I1b0459e7999606c1a1a271b16092b1ca87005015
Instead just find the syscall_test_runner binary in the shell script.
PiperOrigin-RevId: 228621230
Change-Id: I274ee0874e47d53f59474b1ac730ee45e3dff977
The static local variable `enabled` in CooperativeSaveEnabled() is not
initialized until the first call to CooperativeSaveEnabled(), per the
C++14 standard, section 6.7 ("Declaration statement"), paragraph 4. This
initialization is thread-safe as of C++11, but it is *not* required to
be async-signal-safe. Use a namespace-scope variable instead, since this
is guaranteed to be zero-initialized before main() by section 3.6.2
("Initialization of non-local variables").
getenv() is technically not async-signal-safe either, hence the hedging
in the change summary line. However, glibc's implementation of getenv()
appears to be async-signal-safe in the absence of calls to setenv().
PiperOrigin-RevId: 228588617
Change-Id: I669f555d1c91352d55c606970bb237ec888fa7ca
overlayFileOperations.Readdir was holding overlay.copyMu while calling
DirentReaddir, which then attempts to take take the corresponding Dirent.mu,
causing a lock order violation. (See lock order documentation in
fs/copy_up.go.)
We only actually need to hold copyMu during readdirEntries(), so holding the
lock is moved in there, thus avoiding the lock order violation.
A new lock was added to protect overlayFileOperations.dirCache. We were
inadvertently relying on copyMu to protect this. There is no reason it should
not have its own lock.
PiperOrigin-RevId: 228542473
Change-Id: I03c3a368c8cbc0b5a79d50cc486fc94adaddc1c2
The original code assumed that it was safe to join and not restore cgroup,
but Container.Run will not exit after calling start, making cgroup cleanup
fail because there were still processes inside the cgroup.
PiperOrigin-RevId: 228529199
Change-Id: I12a48d9adab4bbb02f20d71ec99598c336cbfe51
See modified comment in auth.NewUserCredentials(); compare to the
behavior of setresuid(2) as implemented by
//pkg/sentry/kernel/task_identity.go:kernel.Task.setKUIDsUncheckedLocked().
PiperOrigin-RevId: 228381765
Change-Id: I45238777c8f63fcf41b99fce3969caaf682fe408