[CRIU] [PATCH 00/14] Add support of user namespaces (v3)

Andrey Vagin avagin at openvz.org
Tue Oct 14 04:38:14 PDT 2014 

On dump we need to save mappings of user and group IDs
and dump files and tasks IDs from a target userns.

On restore we need to restore mappings of user and group IDs.

Known issues:
We have a few checks of capabilities in the kernel,
which prevent restoring in userns.
* CAP_NET_ADMIN is required to use SO_RCVBUFFORCE and SO_SNDBUFFORCE
* CAP_DAC_READ_SEARCH is required for open_by_handle_at and linkat(AT_EMPTY_PATH
* CAP_MKNOD is required for mknod
* /proc/sys/kernel/hostname and a few other sysctl-s can't be set from userns

http://criu.org/UserNamespace

v2: fix comments from Pavel
    include patches for zdtm
    set PR_SET_DUMPABLE to have access to proc files
    save uid-s from a target userns
    use memfd_create instead of opening map_files to support anon shared memory

Andrey Vagin (14):
  namespace: don't fail if a namespace isn't supported by kernel
  namespace: append a null byte after readlink
  mount: rework perparation for pivot_root (v3)
  namespaces: take into account USERNS id
  userns: define protobuf messages for uid and gid maps
  criu: add constants about user namespaces
  userns: save uid-s from a target userns
  dump: dump user namespaces
  userns: restore per-namespace mappings of user and group IDs
  restore:  set PR_SET_DUMPABLE to have access to proc files
  zdtm: create devices before forking a test process
  zdtm: prepare a file tree for userns
  zdtm: add ability to execute tests in another user namespace
  zdtm: add tests which can be executed in a new user namespace

 cr-dump.c               |  19 ++++-
 cr-restore.c            |  15 ++++
 cr-show.c               |   1 +
 files-reg.c             |   4 +-
 image-desc.c            |   1 +
 include/image-desc.h    |   1 +
 include/magic.h         |   1 +
 include/namespaces.h    |   6 ++
 include/protobuf-desc.h |   1 +
 include/syscall-types.h |   6 +-
 mount.c                 |  27 +++---
 namespaces.c            | 216 +++++++++++++++++++++++++++++++++++++++++++++++-
 protobuf-desc.c         |   1 +
 protobuf/Makefile       |   1 +
 protobuf/core.proto     |   1 +
 protobuf/userns.proto   |  10 +++
 pstree.c                |   2 +
 test/zdtm.sh            | 110 +++++++++++++++++++++++-
 test/zdtm/lib/ns.c      | 161 ++++++++++++++++++++++++++++++------
 19 files changed, 539 insertions(+), 45 deletions(-)
 create mode 100644 protobuf/userns.proto

--
1.9.3

More information about the CRIU mailing list