[CRIU] [PATCH 00/11] Add support of USERNS (v2)

Andrey Vagin avagin at openvz.org
Wed Aug 13 00:51:27 PDT 2014 

Known issues:
We have a few checks of capabilities in the kernel,
which prevent restoring in userns.
* CAP_SYS_ADMIN is required to access  /proc/pid/map_files and
  to use TIOCSLCKTRMIOS
* CAP_NET_ADMIN is required to use SO_RCVBUFFORCE and SO_SNDBUFFORCE
* CAP_DAC_READ_SEARCH is required for open_by_handle_at and linkat(AT_EMPTY_PATH
* CAP_MKNOD is required for mknod
* /proc/sys/kernel/hostname and a few other sysctl-s can't be set from userns

http://criu.org/UserNamespace

v2: fix comments from Pavel
    include patches for zdtm
    set PR_SET_DUMPABLE to have access to proc files
    save uid-s from a target userns

I send this series just to show what I have now. I think it should be commited,
only when we will solve all known issue.

Andrey Vagin (10):
  mount: rework perparation for pivot_root
  namespaces: take into account USERNS id
  userns: define protobuf messages for uid and gid maps
  criu: add constants about user namespaces
  userns: parse /proc/PID/{u,g}id_map
  userns: restore gid and uid maps
  namespace: don't fail if a namespace isn't supported by kernel
  zdtm: extent zdtm to execute tests in userns
  restore:  set PR_SET_DUMPABLE to have access to proc files
  userns: save uid-s from a target userns

Cyrill Gorcunov (1):
  restore: use new interface to set mm arguments

 cr-check.c              |  22 ------
 cr-dump.c               |  13 +++-
 cr-restore.c            |   9 +++
 cr-show.c               |   1 +
 files-reg.c             |   4 +-
 image-desc.c            |   1 +
 include/image-desc.h    |   1 +
 include/magic.h         |   1 +
 include/namespaces.h    |   6 ++
 include/prctl.h         |  19 +++++
 include/protobuf-desc.h |   1 +
 include/syscall-types.h |   6 +-
 mount.c                 |  23 ++----
 namespaces.c            | 203 ++++++++++++++++++++++++++++++++++++++++++++++++
 pie/restorer.c          |  56 +++++--------
 protobuf-desc.c         |   1 +
 protobuf/Makefile       |   1 +
 protobuf/core.proto     |   1 +
 protobuf/userns.proto   |  10 +++
 pstree.c                |   2 +
 test/zdtm/lib/ns.c      | 146 +++++++++++++++++++++++++++-------
 21 files changed, 419 insertions(+), 108 deletions(-)
 create mode 100644 protobuf/userns.proto

-- 
1.9.3

More information about the CRIU mailing list