Before: wshd <- disabled | signalfd child <- disabled grandchildren... <- disabled After: wshd <- disabled | signalfd child <- enabled grandchildren... <- enabled This way children of wshd can receive signals for its children, propagating the signal up to wshd [#83352380]
This reverts commit acb20cf.
Warden containers inherit the DNS servers from the host DEA's /etc/resolv.conf. With the addition of app security groups and a global deny policy, DNS is no longer accessible by default from containers; that made bosh-lite users very sad... When dea_next.allow_inherited_dns is true, rules are added to the default warden chain to allow access to the inherited DNS servers. [#71585346] Signed-off-by: Zach Robinson <email@example.com>
* Allow 'ESTABLISHED,RELATED' traffic on input chain to allow responses from containers to flow back to the host * Allow access DNS access and TCP access for net_in 'hairpin' test * Flesh out default networking configuration connectivity tests [#71585346] Signed-off-by: Michael Fraenkel <firstname.lastname@example.org>
…he public internet case and the private intranet case.
RSpec 3 is out and we're picking it up in our CI builds. Locking an older version to avoid the deprecation warnings and other issues associated with using the new rspec. We've explicitly chosen 2.11 as 2.14 also issues deprecation warnings that we don't intend to address at this time. Signed-off-by: Matthew Sykes <email@example.com>
Signed-off-by: dmitriy kalinin <firstname.lastname@example.org>
The warden tests frequently fail under VMware due to an error detatching a loop device that was associated with a mounted disk image: loop: can't delete device /dev/loop0: Device or resource busy In order to reduce the likelihood of the problem, a `sync` was added before the detach and the deletion of the image file was moved until after the detach. After repeated runs with these modifications, I have not seen the failures occur.