[CRIU] [PATCH 00/14] Add support of user namespaces (v4)
Andrey Vagin
avagin at openvz.org
Fri Oct 31 02:14:18 PDT 2014
On dump we need to save mappings of user and group IDs
and dump files and tasks IDs from a target userns.
On restore we need to restore mappings of user and group IDs.
Known issues:
We have a few checks of capabilities in the kernel,
which prevent restoring in userns.
* CAP_NET_ADMIN is required to use SO_RCVBUFFORCE and SO_SNDBUFFORCE
* CAP_DAC_READ_SEARCH is required for open_by_handle_at and linkat(AT_EMPTY_PATH
* CAP_MKNOD is required for mknod
* /proc/sys/kernel/hostname and a few other sysctl-s can't be set from userns
http://criu.org/UserNamespace
v2: fix comments from Pavel
include patches for zdtm
set PR_SET_DUMPABLE to have access to proc files
save uid-s from a target userns
use memfd_create instead of opening map_files to support anon shared memory
v4: get process user and group ids from parasite
Andrey Vagin (15):
cr-dump.c | 19 ++++-
cr-restore.c | 15 ++++
cr-show.c | 1 +
files-reg.c | 4 +-
image-desc.c | 1 +
include/image-desc.h | 1 +
include/magic.h | 1 +
include/namespaces.h | 6 ++
include/protobuf-desc.h | 1 +
include/syscall-types.h | 6 +-
mount.c | 27 +++---
namespaces.c | 216 +++++++++++++++++++++++++++++++++++++++++++++++-
protobuf-desc.c | 1 +
protobuf/Makefile | 1 +
protobuf/core.proto | 1 +
protobuf/userns.proto | 10 +++
pstree.c | 2 +
test/zdtm.sh | 110 +++++++++++++++++++++++-
test/zdtm/lib/ns.c | 161 ++++++++++++++++++++++++++++++------
19 files changed, 539 insertions(+), 45 deletions(-)
create mode 100644 protobuf/userns.proto
--
1.9.3
More information about the CRIU
mailing list