When unshare specifies a new namespace, the syscall
package changes / to make namespace changes private.
If a chroot is specified, the unshare must be done first.
If the chroot is done first then the unshare will
not specify the correct /.
A new test is included which test combining chroot
and CLONE_NEWNS; it fails without the patch and works with
it.
Fixes#20103
Change-Id: I86022803c784bd418a30383321f3d64103d95c62
Reviewed-on: https://go-review.googlesource.com/41626
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
TestSeekError has been added in CL 41311. This
test doesn't build on Plan 9 because syscall.ESPIPE
is not defined on Plan 9.
This change defines syscall.ESPIPE on Plan 9.
Fixes#20078.
Change-Id: I3d9e95b00e0c4e43312eada6441d80961ae6bd67
Reviewed-on: https://go-review.googlesource.com/41471
Run-TryBot: David du Colombier <0intro@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
This change just picks a few constants from DragonfFly BSD 4.6 kernel
and doesn't synchronize all the existing constants with the latest
DragonFly BSD kernels.
Updates #14222.
Change-Id: Ie107a8bee1a09393b3b42b6f82489532f5d13290
Reviewed-on: https://go-review.googlesource.com/40894
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Avoid the use of constant absolute temp files in tests. This could
produce flaky results, for example on multiuser development machines.
Change-Id: Ia76157a0660fbe294bb31a46ded886cea5deec97
Reviewed-on: https://go-review.googlesource.com/40916
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
This updates TestGroupCleanup and TestGroupCleanupUserNamespace to pass in the
Alpine builder.
Updates #19938
Change-Id: Iacbfd73782eccd57f872f9e85726c6024529c277
Reviewed-on: https://go-review.googlesource.com/40692
Reviewed-by: Daniel Martí <mvdan@mvdan.cc>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Daniel Martí <mvdan@mvdan.cc>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Windows was missed in https://golang.org/cl/141600043.
Fixes#6163 (again).
Change-Id: I09076be80fb6b2148d3e5618461ebaa79f27d5b3
Reviewed-on: https://go-review.googlesource.com/39490
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
Run-TryBot: Alex Brainman <alex.brainman@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
The comments in this package state that users should be
migrating code that uses the syscall package to its
corresponding package in x/sys. However, the syscall.Signal
and syscall.Errno types and the syscall.SysProcAttr struct is
not defined in the x/sys package and still need to be referenced
from within syscall. This adds a change to the comments to
clarify that the migration will need to continue to use some
references to syscall for now.
Fixes#19560
Change-Id: I8abb96b93bea90070ce461da16dc7bcf7b4b29c1
Reviewed-on: https://go-review.googlesource.com/39450
Reviewed-by: Rob Pike <r@golang.org>
TestUnshareMountNameSpace fails on arm64 due to permission problems.
Skip that test for now when permission problems are encountered, so we
don't regress elsewhere in the meantime.
Updates #19698
Change-Id: I9058928afa474b813652c9489f343b8957160a6c
Reviewed-on: https://go-review.googlesource.com/39052
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Josh Bleecher Snyder <josharian@gmail.com>
In some newer Linux distros, systemd forces
all mount namespaces to be shared, starting
at /. This disables the CLONE_NEWNS
flag in unshare(2) and clone(2).
While this problem is most commonly seen
on systems with systemd, it can happen anywhere,
due to how Linux namespaces now work.
Hence, to create a private mount namespace,
it is not sufficient to just set
CLONE_NEWS; you have to call mount(2) to change
the behavior of namespaces, i.e.
mount("none", "/", NULL, MS_REC|MS_PRIVATE, NULL)
This is tested and working and we can now correctly
start child process with private namespaces on Linux
distros that use systemd.
The new test works correctly on Ubuntu 16.04.2 LTS.
It fails if I comment out the new Mount, and
succeeds otherwise. In each case it correctly
cleans up after itself.
Fixes#19661
Change-Id: I52240b59628e3772b529d9bbef7166606b0c157d
Reviewed-on: https://go-review.googlesource.com/38471
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
This greatly improves the latency of starting a child process when
the Go process is using a lot of memory. Even though the kernel uses
copy-on-write, preparation for that can take up to several 100ms under
certain conditions. All other goroutines are suspended while starting
a subprocess so this latency directly affects total throughput.
With CLONE_VM the child process shares the same memory with the parent
process. On its own this would lead to conflicting use of the same
memory, so CLONE_VFORK is used to suspend the parent process until the
child releases the memory when switching to to the new program binary
via the exec syscall. When the parent process continues to run, one
has to consider the changes to memory that the child process did,
namely the return address of the syscall function needs to be restored
from a register.
A simple benchmark has shown a difference in latency of 16ms vs. 0.5ms
at 10GB memory usage. However, much higher latencies of several 100ms
have been observed in real world scenarios. For more information see
comments on #5838.
Fixes#5838
Change-Id: I6377d7bd8dcd00c85ca0c52b6683e70ce2174ba6
Reviewed-on: https://go-review.googlesource.com/37439
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
I broke FreeBSD 9 in https://golang.org/cl/38426 by using Pipe2.
We still want to support FreeBSD 9 for one last release (Go 1.9 will
be the last), and FreeBSD 9 doesn't have Pipe2.
So this still uses Pipe2, but falls back to Pipe on error.
Updates #18854
Updates #19072
Change-Id: I1de90fb83606c93fb84b4b86fba31e207a702835
Reviewed-on: https://go-review.googlesource.com/38430
Reviewed-by: Rob Pike <r@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
The pipe2 syscall exists in all officially supported FreeBSD
versions: 10, 11 and future 12.
The pipe syscall no longer exists in 11 and 12. To build and
run Go on these versions, kernel needs COMPAT_FREEBSD10 option.
Based on Gleb Smirnoff's https://golang.org/cl/38422Fixes#18854
Change-Id: I8e201ee1b15dca10427c3093b966025d160aaf61
Reviewed-on: https://go-review.googlesource.com/38426
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Rob Pike <r@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
If the caller set ups a Credential in os/exec.Command,
os/exec.Command.Start will end up calling setgroups(2), even if no
supplementary groups were given.
Only root can call setgroups(2) on BSD kernels, which causes Start to
fail for non-root users when they try to set uid and gid for the new
process.
We fix by introducing a new field to syscall.Credential named
NoSetGroups, and setgroups(2) is only called if it is false.
We make this field with inverted logic to preserve backward
compatibility.
RELNOTES=yes
Change-Id: I3cff1f21c117a1430834f640ef21fd4e87e06804
Reviewed-on: https://go-review.googlesource.com/36697
Reviewed-by: Ian Lance Taylor <iant@golang.org>
This eliminates the need for syscall/asm.s, which is now empty.
Change-Id: Ied060195e03e9653251f54ea8ef6572444b37fdf
Reviewed-on: https://go-review.googlesource.com/36844
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Delete use stub from asm.s, leaving only a dummy file.
Deleting the file causes Windows build to fail.
Fixes#16607
Change-Id: Ic5a55e042e588f1e1bc6605a3d309d1eabdeb288
Reviewed-on: https://go-review.googlesource.com/36716
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Update syscall code generators to set build tags.
Regenerate zsyscall files, which makes the following changes:
- remove calls to "use"
- update build tags, adding missing ones in some cases
- "stat" renamed to "st" in some cases
- "libc_Utimes" renamed "libc_utimes" in one case
I'll mirror this change to x/sys/unix once committed.
Change-Id: Ic07e0ae1433dd133eb57e8dd2a3b86a62aab4eda
Reviewed-on: https://go-review.googlesource.com/36616
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Notably, this change fixes the TestTCPReadWriteAllocs test because
the errnoErr wrapper is now used, elimitating the allocation for
common errnos.
The change to Dup is caused by a CL 8095 that changed the Dup* calls
to use Syscall instead of RawSyscall.
Found while working on the new iOS builders.
Change-Id: I44ab9dcad27db190e175aa149865b33944f48674
Reviewed-on: https://go-review.googlesource.com/36061
Reviewed-by: David Crawshaw <crawshaw@golang.org>
Run-TryBot: Elias Naur <elias.naur@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
mkpost.go replaces all variables prefixed with 'X_' with '_' on s390x
because most of them do not need to be exposed. X__val is being used
by a third party library so it turns out we do need to expose it on
s390x (it is already exposed on all other Linux architectures).
Fixes#17298 and updates #18632.
Change-Id: Ic03463229a5f75ca41a4a4b50300da4b4d892d45
Reviewed-on: https://go-review.googlesource.com/30130
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Change the openbsd runtime to use the current sys_kill and sys_thrkill
system calls.
Prior to OpenBSD 5.9 the sys_kill system call could be used with both
processes and threads. In OpenBSD 5.9 this functionality was split into
a sys_kill system call for processes (with a new syscall number) and a
sys_thrkill system call for threads. The original/legacy system call was
retained in OpenBSD 5.9 and OpenBSD 6.0, however has been removed and
will not exist in the upcoming OpenBSD 6.1 release.
Note: This change is needed to make Go work on OpenBSD 6.1 (to be
released in May 2017) and should be included in the Go 1.8 release.
This change also drops support for OpenBSD 5.8, which is already an
unsupported OpenBSD release.
Change-Id: I525ed9b57c66c0c6f438dfa32feb29c7eefc72b0
Reviewed-on: https://go-review.googlesource.com/34093
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Previously, `os.Clearenv()` (by way of `syscall.Clearenv`) would simply
set all environment variables' values to `""` rather than actually
unsetting them causing subsequent `os.LookupEnv` calls to return that
they were still set.
Fixes#17902
Change-Id: I54081b4b98665e9a39f55ea7582c8d40bb8a2a22
Reviewed-on: https://go-review.googlesource.com/33168
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
The tree is inconsistent about single l vs double l in those
words in documentation, test messages, and one error value text.
$ git grep -E '[Mm]arshall(|s|er|ers|ed|ing)' | wc -l
42
$ git grep -E '[Mm]arshal(|s|er|ers|ed|ing)' | wc -l
1694
Make it consistently a single l, per earlier decisions. This means
contributors won't be confused by misleading precedence, and it helps
consistency.
Change the spelling in one error value text in newRawAttributes of
crypto/x509 package to be consistent.
This change was generated with:
perl -i -npe 's,([Mm]arshal)l(|s|er|ers|ed|ing),$1$2,' $(git grep -l -E '[Mm]arshall' | grep -v AUTHORS | grep -v CONTRIBUTORS)
Updates #12431.
Follows https://golang.org/cl/14150.
Change-Id: I85d28a2d7692862ccb02d6a09f5d18538b6049a2
Reviewed-on: https://go-review.googlesource.com/33017
Run-TryBot: Minux Ma <minux@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This field is a zero length array and has little use. Since Go 1.5, trailing
zero-length arrays take up space. Both syscall.UnixRights() and
syscall.ParseSocketControlMessage() depend on being able to do an unsafe cast
of socket control message data to Cmsghdr this is only safe if the socket
control message data is greater than or equal to the size of Cmsghdr. Since
control message data that is equal in size to Cmsghdr without X__cmsg_data is
a valid socket control message, we must remove X__cmsg_data or not perform the
unsafe cast.
Removing X__cmsg_data will prevent Go code that uses X__cmsg_data from
compiling, but removing the unsafe cast will cause Go code that uses
X__cmsg_data to fail or exhibit undefined behavior at runtime. It was
therefore decided that removing X__cmsg_data was the better option.
Fixes#17649
Change-Id: I39f323f978eca09d62da5785c5c5c9c7cbdf8c31
Reviewed-on: https://go-review.googlesource.com/32319
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
So errnoErr can be used in other packages.
This is something I missed when I sent CL 28990.
Fixes#17539
Change-Id: I8ee3b79c4d70ca1e5b29e5b40024f7ae9a86061e
Reviewed-on: https://go-review.googlesource.com/29690
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Current implementation of syscall.Readlink mistakenly calculates
the end offset of the PrintName field.
Also, there are some cases that the PrintName field is empty.
Instead, the CL uses SubstituteName with correct calculation.
Fixes#15978Fixes#16145
Change-Id: If3257137141129ac1c552d003726d5b9c08bb754
Reviewed-on: https://go-review.googlesource.com/31118
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
Run-TryBot: Alex Brainman <alex.brainman@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Flesh out nacl's fake network system to match how all the other
platforms work: all other systems' SetReadDeadline and
SetWriteDeadline affect currently-blocked read & write calls.
This was documented in golang.org/cl/30164 because it was the status
quo and existing packages relied on it. (notably the net/http package)
And add a test.
Change-Id: I074a1054dcabcedc97b173dad5e827f8babf7cfc
Reviewed-on: https://go-review.googlesource.com/31178
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
All the implementations of NsecToTimespec and NsecToTimeval were the
same other than types. Write a single version that uses
GOARCH/GOOS-specific setTimespec and setTimeval functions to handle the
types.
The logic in NsecToTimespec and NsecToTimeval caused times before 1970
to have a negative usec/nsec. The Linux kernel requires that usec
contain a positive number; for consistency, we do this for both
NsecToTimespec and NsecToTimeval.
Change-Id: I525eaba2e7cdb00cb57fa00182dabf19fec298ae
Reviewed-on: https://go-review.googlesource.com/30826
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
All implementations of these functions are identical.
Change-Id: I7cbea53c02bb0cee75e30beed19d29ba0a7ef657
Reviewed-on: https://go-review.googlesource.com/30819
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Fixes#17224.
Some systems have more than just "lo" in a fresh network namespace, due
to IPv6. Instead of testing for exactly 3 lines of output (implying 1
interface), just test to make sure that the unshare call resulted in
fewer interfaces than before. This should still verify that unshare did
something.
Change-Id: Iaf84c2b0e673fc207059d62e2f4dd7583a753419
Reviewed-on: https://go-review.googlesource.com/30372
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Jessica Frazelle <me@jessfraz.com>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
This change switches the use of socket implementation from the
conventional SUS-based one to the latest POSIX-based one to make
socket control message work correctly on Solaris.
It looks like those two implementations, Socket over TLI/XTI and
Socket, have different semantics in details but it wouldn't hurt
the existing applications because the exposed syscall API doesn't
support socket properties related to such a protocol independent
application framework.
Fixes#7402.
Change-Id: I45a4e782d606bfbebe1404086c50a8c69af53461
Reviewed-on: https://go-review.googlesource.com/30171
Reviewed-by: Ian Lance Taylor <iant@golang.org>
At least it works well on DragonFly BSD 4.6.
Change-Id: I3b210745246c6d8d42e32ba65ee3b9a17d171ff7
Reviewed-on: https://go-review.googlesource.com/30170
Run-TryBot: Mikio Hara <mikioh.mikioh@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Consistently access function parameters using the FP pseudo-register
instead of SP (e.g., x+0(FP) instead of x+4(SP) or x+8(SP), depending
on register size). Two reasons: 1) doc/asm says the SP pseudo-register
should use negative offsets in the range [-framesize, 0), and 2)
cmd/vet only validates parameter offsets when indexed from the FP
pseudo-register.
No binary changes to the compiled object files for any of the affected
package/OS/arch combinations.
Change-Id: I0efc6079bc7519fcea588c114ec6a39b245d68b0
Reviewed-on: https://go-review.googlesource.com/30085
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
No fast path currently for solaris, windows, nacl, plan9.
Fixes#13451
Change-Id: I24b3233a2e3a57fc6445e276a5c0d7b097884007
Reviewed-on: https://go-review.googlesource.com/29951
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Don't panic, crash, or return references to uninitialized memory when
ParseDirent is passed invalid input.
Move common dirent parsing to syscall.go with minimal platform-specific
functions in syscall_$GOOS.go.
Fixes#15653
Change-Id: I5602475e02321fe381064488401c14b33bec6886
Reviewed-on: https://go-review.googlesource.com/23780
Run-TryBot: Damien Neil <dneil@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>