[CRIU] [PATCH 1/4] Support for dumping/restoring user namespaces
Pavel Emelyanov
xemul at parallels.com
Mon Aug 11 06:24:05 PDT 2014
On 08/11/2014 05:17 PM, Andrew Vagin wrote:
> Hi Sophie,
>
> On Fri, Aug 08, 2014 at 10:21:19PM -0700, Sophie Blee-Goldman wrote:
>> Adds basic support for user namespaces by dumping and restoring
>> the namespace itself and the uid/gid maps of the root process.
>
> How do you test your patches?
I have the same question. It's OK if the initial version of userns
only supports some limited stuff, but we should know what it is :)
> ZDTM test suite can execute tests in
> namespaces, but the current version knows nothing about userns. Have you
> try to add userns in ZDTM lib?
>
>>
>> Currently depends on a kernel patch to avoid failing on the prctl
>> syscall by checking for CAP_SYS_RESOURCE in the user namespace
>> instead of in the global one.
>
> It isn't so simple.
> Kirill is trying to fix this issue: https://lkml.org/lkml/2014/8/4/570
>
> We have a number of other kernel issues, which are described here:
> http://criu.org/UserNamespace
>
> Have you seen my patches for userns?
> http://lists.openvz.org/pipermail/criu/2014-February/012399.html
>
> and here is updated version:
> https://github.com/avagin/criu/tree/userns2
>
> I suggest to find the difference between our patch sets and make a new one,
> which will contain best things from both ones.
Andrey, can you suggest which things are best in both sets? :)
Thanks,
Pavel
More information about the CRIU
mailing list