[CRIU] [PATCH] zdtm: add a small program to create a zdtm container

Tue Aug 12 23:52:13 PDT 2014

On 08/12/2014 11:46 PM, Christopher Covington wrote:
> On 08/12/2014 03:17 PM, Andrew Vagin wrote:
>> On Tue, Aug 12, 2014 at 02:34:20PM -0400, Christopher Covington wrote:
>>> Hi Andrey
>>>
>>> On 08/12/2014 12:13 PM, Andrey Vagin wrote:
>>>> I didn't find a way how to do that with help "unshare".
>>>> It's simpler to write this program. It looks better than tricks in
>>>> zdtm.sh.
>>>
>>> How different is this from `criu restore -n mnt,pid,net,ipc`?
>>
>> I don't understand the question. This program is used to execute zdtm.sh
>> in a container to avoid races between tests.
>> The most popular race condition is when one test takes PID of another
>> test, and the second test can't be restored.
> 
> I guess I don't understand the -n, --namespace option to CRIU since I never
> seemed to be able to get it to work. My intuition would be that it is supposed
> to do the "interesting task" you describe below. Digging in to the matter, I
> think I see why I've never gotten it to work:
> 
> commit ac845bd1d8f7298e97b779f587a1fb46dd5737a7
> Author: Pavel Emelyanov <xemul at parallels.com>
> Date:   Thu Jan 17 18:14:55 2013 +0400
> 
>     cr: Obsolete the --namespaces option
> 
>     It's no longer required to use this option -- two currently
>     supported cases (tasks on host and tasks in containers) can
>     be detected automatically. Keep this option for future.

We used to have this option to tell criu that tasks we dump lived in
namespaces. This was because till some kernel version there was no
kernel API for checking this. Now we have /proc/pid/ns/* _links_ that
reveal some IDs and we can do things automatically.

> 
>> Maybe you mean that a test can be restored in a new pid namespace.
>> Currently criu can't do that. Here is a few questions. Who will be
>> the init process? The root task probably doesn't ready to be a sub-reaper.
>> Do we need to remount /proc? If the answer is yes, we need to create
>> a new mount namespace together with pidns.
>> I think this is interesting task, which will be one day implemented.
> 
> Why not simply move the contents of test/zdtm_ct.c into crtools.c, executed
> conditionally based on -n, --namespace, and call it initially implemented?

This is because creating a namespace typically requires setting one up.
E.g. if we want to put the restored tree into pid namespace, we should
provide an init task, because root task in images doesn't have pid 1.
If we want to restore tasks into net namespace, while they previously
didn't live in it, we have to configure this new net namespace so that
e.g. sockets got restored properly.

With that, my idea is that if we want to restore images into new set of
namespaces, we should create them, configure and then call criu restore.

Thanks,
Pavel