When writing a trace point fails, the remote checker can retry with
configurable exponential backoff. After the number of retries is
exceeded, the point is dropped. The number of dropped events are
reported in the message header and also in `runsc trace list`
command.
Updates #4805
PiperOrigin-RevId: 456662539
Added a raw syscall points to all syscalls. Added schematized syscall
points to the following syscalls:
- Chdir
- Fchdir
- Setgid
- Setuid
- Setsid
- Setresuid
- Setresgid
PiperOrigin-RevId: 451001973
The use of protobuf.Any is convenient, but adds to proto serialization
time and number of memory allocations required to send a message.
Instead, we now use an enum to indentify the message and use it to
determine how to unmarshall the message on the receiveing end. It
also speeds up event consuption by not requiring a map from string
(proto names) to callbacks.
BenchmarkProtoAny-6 115.9 ns/op 210 B/op 4 allocs/op
BenchmarkProtoEnum-6 58.3 ns/op 2 B/op 1 allocs/op
Updates #4805
PiperOrigin-RevId: 446879057
Added a raw syscall points to all syscalls. Added schematized syscall
points to the following syscalls:
- read
- close
- socket
- connect
- execve
- creat
- openat
- execveat
Updates #4805
PiperOrigin-RevId: 446008358
Added new flag `--pod-init-config` that allows custom configuration
steps to be specified when a pod is being created. For now, the only
step supported is to configure a seccheck session, but more can be
added in the future, e.g. startup hook.
In seccheck, metadata was added for all Points and sinks (aka Checkers)
so that an external configuration files can reference them. In addition,
infrastructure to read and configure sessions from a file has been
added. Only a single session ("Default") is supported for now.
Updates #4805
PiperOrigin-RevId: 444705708
gVisor bot
Andrei Vagin
Adin Scannell
Fabricio Voznika
Shambhavi Srivastava