[CRIU] [PATCH 1/4] Support for dumping/restoring user namespaces

Andrew Vagin avagin at parallels.com
Mon Aug 11 08:50:10 PDT 2014


On Mon, Aug 11, 2014 at 05:24:05PM +0400, Pavel Emelyanov wrote:
> On 08/11/2014 05:17 PM, Andrew Vagin wrote:
> > Hi Sophie,
> > 
> > On Fri, Aug 08, 2014 at 10:21:19PM -0700, Sophie Blee-Goldman wrote:
> >> Adds basic support for user namespaces by dumping and restoring
> >> the namespace itself and the uid/gid maps of the root process.
> > 
> > How do you test your patches?
> 
> I have the same question. It's OK if the initial version of userns
> only supports some limited stuff, but we should know what it is :)
> 
> > ZDTM test suite can execute tests in
> > namespaces, but the current version knows nothing about userns. Have you
> > try to add userns in ZDTM lib?
> > 
> >>
> >> Currently depends on a kernel patch to avoid failing on the prctl
> >> syscall by checking for CAP_SYS_RESOURCE in the user namespace
> >> instead of in the global one.
> > 
> > It isn't so simple.
> > Kirill is trying to fix this issue: https://lkml.org/lkml/2014/8/4/570
> > 
> > We have a number of other kernel issues, which are described here:
> > http://criu.org/UserNamespace
> > 
> > Have you seen my patches for userns?
> > http://lists.openvz.org/pipermail/criu/2014-February/012399.html
> > 
> > and here is updated version:
> > https://github.com/avagin/criu/tree/userns2
> > 
> > I suggest to find the difference between our patch sets and make a new one,
> > which will contain best things from both ones.
> 
> Andrey, can you suggest which things are best in both sets? :)

For example what I see now. My version:
* doesn't have comments, which I enumerated for this patch
* handles ghost uids
* fixes zdtm lib to test user namespaces
* prepares the root mount for pivot_root
* set PR_SET_DUMPABLE to have access to proc files
* extends ZDTM lib to execute tests in userns

Sophie's version:
* dumps capability from parasite. I don't know which capabilities are
  shown in /proc/PID/status.
* ...

Sophie, could you continue  this list or comment my list.

Thanks,
Andre.


More information about the CRIU mailing list