[CRIU] [PATCH 5/5] userns: restore gid and uid maps
Andrew Vagin
avagin at parallels.com
Tue Feb 11 05:09:47 PST 2014
On Tue, Feb 11, 2014 at 09:29:05AM +0400, Pavel Emelyanov wrote:
> On 02/11/2014 09:21 AM, Andrew Vagin wrote:
> > On Tue, Feb 11, 2014 at 08:50:35AM +0400, Pavel Emelyanov wrote:
> >> On 02/11/2014 12:58 AM, Andrey Vagin wrote:
> >>> Signed-off-by: Andrey Vagin <avagin at openvz.org>
> >>> ---
> >>> cr-restore.c | 9 +++++++++
> >>> include/namespaces.h | 2 ++
> >>> namespaces.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
> >>> 3 files changed, 56 insertions(+)
> >>>
> >>> diff --git a/cr-restore.c b/cr-restore.c
> >>> index afc3656..7d02812 100644
> >>> --- a/cr-restore.c
> >>> +++ b/cr-restore.c
> >>> @@ -1236,6 +1236,12 @@ static int restore_task_with_children(void *_arg)
> >>> if (restore_finish_stage(CR_STATE_RESTORE_NS) < 0)
> >>> exit(1);
> >>>
> >>> + /* UID and GID must be set after restoring /proc/PID/{uid,gid}_maps */
> >>
> >> Who did it _before_ this code?
> >
> > It is required for userns only, but it does nothing in other cases.
>
> So the answer is -- if get_clone_mask() generates it, then tasks will
> live in user-ns from the very beginning, right?
>
> You told that lots of thing on restore didn't work in that case, e.g.
> mounting file systems, or prctls. What has changed since then?
Nothing. Look at the first mail. There is the "known issue" section.
We need to fix kernel for restoring processes in userns.
More information about the CRIU
mailing list