Our implementation of vfs.CheckDeleteSticky was not consistent with Linux,
specifically not consistent with fs/linux.h:check_sticky().
One of the biggest differences was that the vfs implementation did not
allow the owner of the sticky directory to delete files inside it that belonged
to other users.
This change makes our implementation consistent with Linux.
Also adds an integration test to check for this. This bug is also present in
VFS1.
Updates #3027
PiperOrigin-RevId: 355557425
...and a bunch of other things as I worked through the rot. Notably:
- Upgrade to bazel 4.0.0
- Upgrade to Go 1.15.7
Remove go_branch stderr suppression; this made it quite difficult to see
what was failing while developing this patch.
PiperOrigin-RevId: 355257833
This makes it easier to add more tests that run on Ubuntu. We can now just
add a bash script and call that from integration_test without having to set up
another image.
PiperOrigin-RevId: 355000410
#5274 broke `make load-basic_fsstress` target. It works locally but for some
inconceivable reason it fails to build on Kokoro.
Error message:
```
Step 1/12 : FROM alpine
---> 1fca6fe4a1ec
Step 2/12 : RUN apk add git
---> Running in 109a5326259a
standard_init_linux.go:207: exec user process caused "no such file or directory"
The command '/bin/sh -c apk add git' returned a non-zero code: 1
make: *** [load-basic_fsstress] Error 1
tools/images.mk:149: recipe for target 'load-basic_fsstress' failed
```
Copied the approach from the following issue to achieve the same goal:
https://github.com/nodejs/docker-node/issues/586#issue-273737852.
PiperOrigin-RevId: 352602945
A few images were broken with respect to aarch64. We should now
be able to run push-all-images with ARCH=aarch64 as part of the
regular continuous integration builds, and add aarch64 smoke tests
(via user emulation for now) to the regular test suite (future).
PiperOrigin-RevId: 346685462
Recursive make is difficult to follow and debug. Drop this by using
internal functions, which, while difficult, are easier than trying to
following recursive invokations.
Further simplify the Makefile by collapsing the image bits and removing
the tools/vm directory, which is effectively unused.
Fixes#4952
PiperOrigin-RevId: 346569133
This has no effect on the continuous integration system, and simply
publishes a cached container image containing the agent and metrics
agent with known provenance.
PiperOrigin-RevId: 345274375
This change also simplifies and documents the build_cmd pipeline, and
reduces general noise for debugging Makefile issues.
It also drops the mapping for /etc/docker/daemon.json, which if it
does not exist initially will create this as a directory (causing lots
of confusion and breaks).
PiperOrigin-RevId: 343932456
This change allows Dockerfiles named Dockerfile.$(ARCH) and makes list-images
list only supported architectures.
Updates #2847
PiperOrigin-RevId: 336108293
- Skip `docker inspect`; `docker pull` is idempotent
- Remove unnecessary CMD directives in Dockerfiles
- Run bazel before building images to catch errors sooner
PiperOrigin-RevId: 331107815
Adds docs to nginx and refactors both Httpd and Nginx benchmarks.
Key changes:
- Add docs and make nginx tests the same as httpd (reverse, all docs, etc.).
- Make requests scale on c * b.N -> a request per thread. This works well
with both --test.benchtime=10m (do a run that lasts at least 10m) and
--test.benchtime=10x (do b.N = 10).
-- Remove a doc from both tests (1000Kb) as 1024Kb exists.
PiperOrigin-RevId: 329751091
This change:
- Ports the nginx benchmark.
- Switches the Httpd benchmark to use 'hey' as a client.
- Moves all parsers to their own package 'tools'.
Parsers are moved to their own package because 1) parsing output of a command
is often dependent on the format of the command (e.g. 'fio --json'), 2) to
enable easier reuse, and 3) clean up and simplify actual running benchmarks
(no TestParser functions and ugly sample output in benchmark files).
PiperOrigin-RevId: 324144165
9P2000.L is silent as to how readdir RPCs interact with directory mutation. The
most performant option is for Treaddir with offset=0 to restart iteration,
avoiding needing to walk+open+clunk a new directory fid between invocations of
getdents64(2), and the VFS2 gofer client assumes this is the case. Make this
actually true for the runsc fsgofer.
Fixes#3344, #3345, #3355
PiperOrigin-RevId: 324090384
Using "--no-cache-dir" flag in pip install ,make sure dowloaded packages
by pip don't cached on system . This is a best practise which make sure
to fetch ftom repo instead of using local cached one . Further , in case
of Docker Containers , by restricing caching , we can reduce image size.
In term of stats , it depends upon the number of python packages
multiplied by their respective size . e.g for heavy packages with a lot
of dependencies it reduce a lot by don't caching pip packages.
Further , more detail information can be found at
https://medium.com/sciforce/strategies-of-docker-images-optimization-2ca9cc5719b6
For some reason these tests were broken when run via the bazel docker
container. The mechanism used was a bit crazy (self-extracting bundle),
so convert them to use straight-forward starlark rules. This has the
added advantaged that they are now independent tests.
- Fixes some html validation issues.
- Fixes links on security basics blog post.
- Adds rel=noopener to links with target=_blank and adds a check to
htmlproofer.
- Add favicon check to htmlproofer.
Fixes#3286Fixes#3284
PiperOrigin-RevId: 321892602
Nicolas Lacasse
Ayush Ranjan
Andrei Vagin
Tamir Duberstein
gVisor bot
Andrei Vagin
Adin Scannell
Fabricio Voznika
Peter Johnston
Kevin Krakauer
Ian Lewis
Zach Koopmans
Zeling Feng
Jamie Liu
Pratik raj
Ting-Yu Wang