netbird/gvisor
0
0
Fork 0
mirror of https://github.com/netbirdio/gvisor.git synced 2026-05-22 17:12:49 -07:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • 547c5f4ab7 Test send_to() when the local/remote address families are mismatched. Jeff Martin 2023-11-28 12:46:41 -08:00
  • bf26f37444 BPF optimizer: Make fewer passes when reducing return instructions. Etienne Perot 2023-11-28 11:37:05 -08:00
  • 77eff46290 Add an initial implementation for vfioDevice Open, which implements vfs.Device interface. Jing Chen 2023-11-28 11:21:26 -08:00
  • 60d6f0b291 Add a syscall test exercising getsockname on unbound TCP sockets gVisor bot 2023-11-28 07:58:52 -08:00
  • 94c0d777ab Merge pull request #9749 from profawk:clear-builtin gVisor bot 2023-11-27 21:05:41 -08:00
  • 0da79ed4bf erofs: support block based dirent lookup Tiwei Bie 2023-11-11 09:28:19 +08:00
  • 32be99569d Add GOARCH as config key to seccomp filter options. Etienne Perot 2023-11-27 20:26:55 -08:00
  • 3bcfd77929 erofs: cleanups and hardening Tiwei Bie 2023-11-11 08:28:52 +08:00
  • 7cf14b7c8b Add equality function for BPF instructions. Etienne Perot 2023-11-27 17:15:32 -08:00
  • 4d30f2c9ef use new clear builtin to clear bufs prof awk 2023-11-26 13:52:41 +02:00
  • 815dade355 Add vfioFD skeleton code for TPU v5e. Jing Chen 2023-11-25 00:37:35 -08:00
  • 722ddab51e Mount VFIO based TPU device directories in chroot. Jing Chen 2023-11-22 18:09:31 -08:00
  • e54bfde792 Use 16-byte secret for SHA2 Zeling Feng 2023-11-21 22:37:32 -08:00
  • 56109719c5 BPF optimizer: Coalesce jumps to identical return statements to minimize size. Etienne Perot 2023-11-21 18:52:32 -08:00
  • 82c7b2433e runsc: Use precompiled seccomp filters in the Sentry. Etienne Perot 2023-11-21 18:18:32 -08:00
  • 18a5701716 Introduce the restorer Fabricio Voznika 2023-11-21 16:59:39 -08:00
  • c16916e7d7 Move lockMountpoint to the beginning of pivot_root. Lucas Manning 2023-11-21 09:15:58 -08:00
  • 2bf4a4e331 g3doc: describe how to run docker containers in gVisor Andrei Vagin 2023-11-21 09:00:25 -08:00
  • f956b5ac17 Use cryptographic hash functions for TCP Zeling Feng 2023-11-20 21:43:33 -08:00
  • f221e212aa seccomp: Make SyscallRules.Copy do a deep copy. Etienne Perot 2023-11-20 17:23:12 -08:00
  • 9c6f50d59e Systrap: Wrap initSysmsgThreadPriority in sync.Once. Etienne Perot 2023-11-20 13:01:07 -08:00
  • 704543b8f3 Ensure empty VFSPipeFD.SpliceToNonPipe(/dev/null) returns ErrWouldBlock. Jamie Liu 2023-11-20 12:01:59 -08:00
  • 88d35cd8f1 segment.Set API improvements. Jamie Liu 2023-11-17 15:48:42 -08:00
  • 2ef56fee94 Seccomp filters: Add method to uniquely identify the seccomp configuration. Etienne Perot 2023-11-17 14:48:40 -08:00
  • 51318e8a91 Test for passing zero-length SCM_RIGHTS fd arrays gVisor bot 2023-11-17 14:33:34 -08:00
  • e184849c0c Add function to extract TPU v5's minor device number. Jing Chen 2023-11-17 14:24:27 -08:00
  • 6878f88aa4 Platform interface: Group seccomp-related information to a sub-interface. Etienne Perot 2023-11-17 14:09:25 -08:00
  • 2bc70b209b seccomp: Don't treat variables that are optimized away as unused. Etienne Perot 2023-11-16 18:01:52 -08:00
  • 7fd7e762f4 runsc/filter: Refactor syscall filter config out to sub-package. Etienne Perot 2023-11-16 17:33:07 -08:00
  • c96439ecd0 devpts: IterDirents has to check offset and return if it is out of range Andrei Vagin 2023-11-16 15:26:58 -08:00
  • 532dc59326 Add -x option to $DOCKER_RELOAD_COMMAND. Etienne Perot 2023-11-16 14:11:02 -08:00
  • 980de72deb Call FileDescription.OnClose() for newfd being replaced in dup2 and dup3. Ayush Ranjan 2023-11-16 13:34:50 -08:00
  • 77b137ffd8 Fix umount not unmounting all the mounts it is supposed to. Lucas Manning 2023-11-16 12:30:24 -08:00
  • 0a3bced479 Add tooling to compile seccomp-bpf programs at bazel build time. Etienne Perot 2023-11-16 11:53:46 -08:00
  • e60464fdfa Set disable_file_handle_sharing for NFS mounts. Ayush Ranjan 2023-11-16 11:48:52 -08:00
  • 7f5733ea38 Fix glob pattern to search for all TPU devices in /sys/devices. Ayush Ranjan 2023-11-16 11:36:43 -08:00
  • f154acfb7b Minor fixes in fd_table. Ayush Ranjan 2023-11-16 10:48:21 -08:00
  • 201a046299 seccomp: Enforce that Sentry filters match against reference program. Etienne Perot 2023-11-15 22:35:30 -08:00
  • 5c41509ff4 iptables: account for old kernel being old Kevin Krakauer 2023-11-15 20:57:27 -08:00
  • 6eed17ce4b seccomp: Add fuzz test for Sentry syscall filters. Etienne Perot 2023-11-15 20:29:22 -08:00
  • 59483ac4df Fix how mount options are consumed for bind mounts. Ayush Ranjan 2023-11-15 19:11:22 -08:00
  • ce3155f1dc Specify hottest syscalls for KVM and Systrap platforms on x86. Etienne Perot 2023-11-15 16:51:31 -08:00
  • e7e8d0f971 runsc: workaround for scraping nftables Kevin Krakauer 2023-11-15 16:50:43 -08:00
  • 9fd832da02 Plumb seccomp program options through the Sentry filter and Platform. Etienne Perot 2023-11-15 15:55:23 -08:00
  • 8d87a534c0 Fix up container ID after restore Fabricio Voznika 2023-11-15 15:41:30 -08:00
  • e6979cb4d6 seccomp: Reorder generated syscall rules for better efficiency. Etienne Perot 2023-11-15 14:29:35 -08:00
  • 1ac6325b3b iptables: support address-only and port-only nat Kevin Krakauer 2023-11-15 13:36:06 -08:00
  • 7bf7830078 BPF program builder: Cache map of label sources. Etienne Perot 2023-11-15 12:05:48 -08:00
  • 6262b00330 Change IPv4 ID generation algorithm. Nayana Bidari 2023-11-15 11:49:05 -08:00
  • ceb1b69e35 runsc: don't scrape iptables rules by default Kevin Krakauer 2023-11-14 22:22:07 -08:00
  • 3ab01aedb8 Refactor the umount algorithm. Lucas Manning 2023-11-14 15:05:08 -08:00
  • e671a64c47 seccomp: Add basic PerArg optimizations. Etienne Perot 2023-11-14 11:28:45 -08:00
  • e2f754086f Use the protocol specified by the Test Parameter in dualstack socket tests Jeff Martin 2023-11-14 09:27:37 -08:00
  • 7ae47fe37d Make sure we will always pick a valid CPU Tiwei Bie 2020-10-21 00:39:49 +08:00
  • 7ac1ecc9c5 Do not pass MS_REC with MS_BIND|MS_REMOUNT while setting up gofer rootfs. Ayush Ranjan 2023-11-13 19:27:14 -08:00
  • 03d35d400f Automated rollback of changelist 580649803 Kevin Krakauer 2023-11-13 15:26:56 -08:00
  • fc75579112 Add some hostarch.Addr methods. Jamie Liu 2023-11-13 14:56:48 -08:00
  • 8657560bd1 netstack: iptables DNAT revision 2 Kevin Krakauer 2023-11-13 13:53:58 -08:00
  • 7a918a4292 Chunkify p{read/write}v in hostfd package. Ayush Ranjan 2023-11-13 12:32:03 -08:00
  • 1e2be4b4f7 Move TPU device ownership to gofer process. Ayush Ranjan 2023-11-13 11:02:07 -08:00
  • 8cfc543a3f Fix reconnect of UDP socket. Nayana Bidari 2023-11-13 10:21:42 -08:00
  • 8c52800156 Add a syscall test exercising dualstack address family mismatches Jeff Martin 2023-11-13 04:49:21 -08:00
  • c46ffacf2f Separate out rule optimizers from main syscall rendering. Etienne Perot 2023-11-12 00:44:32 -08:00
  • a69a4835f2 netstack: iptables DNAT revision 1 support Kevin Krakauer 2023-11-11 06:58:22 -08:00
  • 62175dea49 seccomp.BuildProgram: Add ProgramOptions struct. Etienne Perot 2023-11-11 00:42:06 -08:00
  • b4bf726395 netstack: add iptables DNAT revision 0 support Kevin Krakauer 2023-11-10 23:48:57 -08:00
  • b9fe44808b netstack: support snat revision 2 targets Kevin Krakauer 2023-11-10 22:34:41 -08:00
  • cb86d3ea02 netstack: support snat target rev 1 for both IPv4 and IPv6 Kevin Krakauer 2023-11-10 21:24:27 -08:00
  • 2f4419a668 seccomp: Don't check sysno equality if it's already been established. Etienne Perot 2023-11-10 20:10:25 -08:00
  • 98980253fc seccomp: Reorder BST to put syscall rules inline with their BST node. Etienne Perot 2023-11-10 19:01:28 -08:00
  • da215762f3 seccomp: Make PerArg.String more human-friendly. Etienne Perot 2023-11-10 18:35:35 -08:00
  • 090cda8125 bpf program fragment: Add support for checking possible return values. Etienne Perot 2023-11-10 18:24:55 -08:00
  • 4a4e42f34d iptables: return the proper revision number Kevin Krakauer 2023-11-10 16:30:40 -08:00
  • dbf8cbbe83 Remove MM.privateRefs. Jamie Liu 2023-11-10 14:59:43 -08:00
  • 4b00385927 tests: don't change malloc for tests Andrei Vagin 2023-11-10 14:36:39 -08:00
  • a5e93550c1 Move GPU device ownership to gofer process. Ayush Ranjan 2023-11-10 14:13:03 -08:00
  • 5d2bf25468 Change IPv6 fragment ID generation algorithm. Nayana Bidari 2023-11-10 14:08:08 -08:00
  • cbdb2c61b1 Randomize TCP source port selection Zeling Feng 2023-11-10 12:19:27 -08:00
  • b042aeefb7 Cache pgalloc.MemoryFile in mm.MemoryManager. Jamie Liu 2023-11-10 11:25:33 -08:00
  • cf9d55bb6e Add device gofer connection. Ayush Ranjan 2023-11-10 10:20:15 -08:00
  • 83c032ae46 update the iptables test image to get a newer iptables binary Kevin Krakauer 2023-11-10 08:56:06 -08:00
  • 56be4a9921 seccomp: Add method to ValueMatcher to generate fuzz test cases. Etienne Perot 2023-11-10 00:32:52 -08:00
  • a1be003b6f Add a panic for no sufficient virtual memory space. Jing Chen 2023-11-10 00:21:37 -08:00
  • 9a454b63f5 seccomp: Introduce HalfValueMatcher type that matches a 32-bit value. Etienne Perot 2023-11-09 23:53:14 -08:00
  • 2475303d89 Move mm.vma save/restore to save_restore.go. Jamie Liu 2023-11-09 17:53:51 -08:00
  • 5a78e12e2f netstack: put snat targets in their own file Kevin Krakauer 2023-11-09 17:45:22 -08:00
  • 36a3cc2b00 Email gVisor team if release pipeline fails. Zach Koopmans 2023-11-09 17:03:50 -08:00
  • b80e856de3 netstack: move Linux ABI struct into abi/linux Kevin Krakauer 2023-11-09 15:56:31 -08:00
  • 3ec902d1a6 Merge pull request #9486 from btw616:erofs-CR-and-rootfs-support gVisor bot 2023-11-09 15:09:54 -08:00
  • 917bee5b6d Add a size limit to outputQueueTransformer.transform. Etienne Perot 2023-11-09 14:57:32 -08:00
  • e92c89c33f systrap: don't use cputick from the runtime module Andrei Vagin 2023-11-09 13:38:24 -08:00
  • 4e94fff110 Merge pull request #9669 from thundergolfer:master gVisor bot 2023-11-09 09:31:14 -08:00
  • 0c99e86f01 provide (read only) /proc/sys/kernel/overflowuid and overflowgid Jonathon Belotti 2023-11-09 04:02:09 +00:00
  • 68cdc88378 Implement the fs.nr_open sysctl Andrei Vagin 2023-11-08 23:39:00 -08:00
  • 9bfd408753 syscall: process_vm_* copies data by chunks Andrei Vagin 2023-11-08 17:56:49 -08:00
  • 9f6156f23a Change COS GPU Smoke test to a continuous test. Zach Koopmans 2023-11-08 16:11:14 -08:00
  • 612e63a7c8 Refactor dirent parsing utilies. Ayush Ranjan 2023-11-08 15:54:25 -08:00
  • 40ee36ac4c Automated rollback of changelist 580051079 Kevin Krakauer 2023-11-08 14:01:37 -08:00
  • 9284335c9d Add COS GPU Pipeline. Zach Koopmans 2023-11-08 13:49:58 -08:00
  • 925904e24e netstack: add IP source selection test that was rolled back Kevin Krakauer 2023-11-08 12:49:22 -08:00