[CRIU] [PATCH] mount: rework perparation for pivot_root

Pavel Emelyanov xemul at parallels.com
Thu Sep 4 04:24:15 PDT 2014 

On 09/04/2014 01:51 AM, Saied Kazemi wrote:
> FWIW, here is what I've been doing for Docker:
> 
> - If the filesystem is AUFS or UnionFS, it definitely has to be created by an "agent" before attempting to restore.  The right agent would be Docker.  But until native C/R is added to Docker, we can use a helper script to set up the filesystem.  This is actually done by the docker_cr.sh script that I sent earlier.  Once created, it exists in /proc/mounts and restore is successful.
> 
> - If the filesystem is VFS, it doesn't have to be set up but it has to be bind mounted onto itself for restore to succeed.  This can be done by CRIU itself either automatically or via a command line option.  Currently, it's done in the helper script before restore.
> 
> I haven't experimented with LXC or other configurations.

I have one more concern about user-namespaces. AFAIU if LXC/Docker would prepare root while
sitting in the user-ns, the resulting mountpoint would be "tagged" with the new userns.

In that case, CRIU will _have_ to prepare the root mountpoint _inside_ this userns too. But
since CRIU doesn't know how to prepare root, we probably need some "generic" way of doing
this.

Thoughts?

> --Saied
> 
> 
> 
> 
> On Wed, Sep 3, 2014 at 2:23 PM, Tycho Andersen <tycho.andersen at canonical.com <mailto:tycho.andersen at canonical.com>> wrote:
> 
>     Hi Pavel,
> 
>     On Wed, Sep 03, 2014 at 08:43:13PM +0400, Pavel Emelyanov wrote:
>     > On 08/08/2014 04:18 PM, Andrey Vagin wrote:
>     > > We can't bind-mount the required root into itself instead of
>     > > resolving a parent mount.
>     > >
>     > > This patch is required to support userns, because if we want to make
>     > > pivot_root, the parent mount can't be locked. When we create userns
>     > > and mntns, all inherited mounts are marked as locked.
>     > >
>     > > Cc: Tycho Andersen <tycho.andersen at canonical.com <mailto:tycho.andersen at canonical.com>>
>     > > Signed-off-by: Andrey Vagin <avagin at openvz.org <mailto:avagin at openvz.org>>
>     >
>     > Andrey, Tycho,
>     >
>     > AFAIU we haven't yet decided what to do with the root mountpoint
>     > preparation. Am I right? Can we resurrect the discussion if it's
>     > still relevant?
> 
>     The issue that caused this patch was actually my misunderstanding,
>     Andrew and I talked about it on IRC. I'm not sure (other than applying
>     this patch, which is a usability improvement at least) that criu can
>     do anything to prepare the rootfs. In the case of LXC it could be a
>     block device or something, which I guess criu doesn't know how to set
>     up?
> 
>     Anyway, I think it is ok to expect users to set up their own rootfs,
>     unless there is some nice way we could do it.
> 
>     Tycho
> 
>     > Thanks,
>     > Pavel
>     >
>     _______________________________________________
>     CRIU mailing list
>     CRIU at openvz.org <mailto:CRIU at openvz.org>
>     https://lists.openvz.org/mailman/listinfo/criu
> 
>

More information about the CRIU mailing list