[CRIU] rebased seccomp strict patchset + check thread's creds match
Pavel Emelyanov
xemul at parallels.com
Wed Jun 24 08:23:20 PDT 2015
On 06/24/2015 06:08 PM, Tycho Andersen wrote:
> On Wed, Jun 24, 2015 at 05:44:23PM +0300, Pavel Emelyanov wrote:
>> Patches 1-4 applied, thanks a lot!
>>
>> Let's hope the seccomp bits get into the upstream soon :) I've created
>> an entry in the commits tracker (http://criu.org/Upstream_kernel_commits).
>> Plz, ping us when the patch migrates from maintainer to Linus' tree.
>
> Sounds good. Hopefully soon I will have the _FILTER kernel set up for
> review too, but I've been distracted by some other lxc related issues
> for now.
>
>> About patches 5 and 6 -- can we instead of the .expectdumpfailed file in
>> the zdtm dir have an explicit list of blocking tests in zdtm.sh? In the
>> old days we used to have "blocking/" directory in the zdtm/ one with all
>> the tests that block checkpoint (or restore ;) ) but hopefully Anrey
>> wouldn't mind if rework it on the blocking list.
>
> Yep, sounds good, I'll resend with that. What's the blocking mnemonic?
> Should I use something like that instead of TEST_EXPECT_DUMP_FAILURE?
You mean the list name? The one you proposes is OK :) We have several lists
already, the "root" one TEST_LIST, then TEST_CR_KENREL for those failing
the "criu check --ms", per-feature lists and BLACKLIST_FOR_USERNS.
BTW, it's also useful to have the seccomp feature check in cr-check.c. We
have those for all new APIs we add into the kernel. This helps to organize
zdtm.sh to run only those tests, that current kernel can and helps people
to check whether their kernel is up-to-date.
-- Pavel
More information about the CRIU
mailing list