[CRIU] RPC support for --shell-job missing on restore

Allan Cecil ac at sonic.net
Fri May 16 00:44:11 PDT 2014 

On 2014-05-15 06:59, Pavel Emelyanov wrote:
> I'd like to notice here, that right now this is only possible if you
> terminate the whole existing process and
> restore one back from scratch using criu. However, we have a feature
> called "applying images" (http://criu.org/Applying_images)
> With it you will not have to kill the original process and the
> revert-back should become MUCH faster.

Applying images sounds very interesting - how do I do that?  I don't see 
it in the man page.  I've built from source so I can update or switch 
branches as needed.

> You might b einterested in the --exec-cmd option for criu. It causes
> criu to call execv() on whatever you want after
> restore thus making _your_ code control the restored processes.

I haven't figured out how to make this work, yet.  I'll keep 
experimenting.  I thought it was for saying "restore this into this 
screen session" but that did not work.

>> that would still work.  Unfortunately, even if I set the suid bit and 
>> attempt to restore from the command line I still get denied
>> bgecause the UID / GID doesn't match.
> 
> Can you shed more light on this? We tried to make it work like -- if
> we have images for user X, then if we restore from
> them from suid-ed criu and the user that does so is X as well, then we
> allow for that. Has that get broken?
> 

Here are the exact steps I'm taking.  First, I'm running as the 
unprivileged user named tas:
$ id
uid=1001(tas) gid=1001(tas) groups=1001(tas),110(kvm),119(nopasswdlogin)

I start screen and inside of screen I start nethack.  This produces the 
following ps axf -o pid,sid,pgid,uid,gid,comm output:

  9002  9002  9002  1001    43 screen
  9003  9003  9003  1001  1001  \_ bash
  9165  9003  9165  1001  1001      \_ nethack

If outside of screen I attempt to issue the command criu dump -v4 -t 
9002 as the same tas user I get this:

(00.014062) Obtaining task stat ... (00.014126) Error (security.c:34): 
UID/GID mismatch 1001 != (1001,43,43)
(00.014137) Error (cr-dump.c:1438): Check uid (pid: 9002) failed

For the record, the criu process has the stuid bit set:

-rwsr-xr-x 1 root root 779899 Apr 25 14:39 /usr/local/sbin/criu

I'm not sure what to make of this.  Thanks for your thoughts,

A.C.
******

More information about the CRIU mailing list