[CRIU] Dealing with other mount types
Andrew Vagin
avagin at parallels.com
Thu Mar 26 08:34:21 PDT 2015
On Thu, Mar 26, 2015 at 06:25:44PM +0300, Pavel Emelyanov wrote:
> On 03/26/2015 06:13 PM, Andrew Vagin wrote:
> > On Thu, Mar 26, 2015 at 09:03:35AM -0600, Tycho Andersen wrote:
> >> On Thu, Mar 26, 2015 at 05:59:30PM +0300, Pavel Emelyanov wrote:
> >>>
> >>>>>> I have written a test which reproduces this configuration and CRIU
> >>>>>> doesn't report any error. The test fails as expected, becuase CRIU
> >>>>>> doesn't support read-only bind-mounts.
> >>>>>
> >>>>> I've sent my test in the ML:
> >>>>> [PATCH] test: check read-only bind-mounts
> >>>>
> >>>> Yes, I've just checked the patch and I see the same behavior. I think
> >>>> I was confused about what was going on before.
> >>>>
> >>>> One thing is, with some patches to lxc I can actually c/r containers
> >>>> in this configuration, but your test seems to indicate that things
> >>>> will fail if something in the restored container tries to access files
> >>>> here. Is this something we should explicitly disallow?
> >>>
> >>> Wait a second, guys :) I thought that Tycho meant that CRIU failed to dump such
> >>> mount points knot. Now it looks like CRIU can C/R it, but the restored result is
> >>> not correct.
> >>
> >> Yes, I was getting confused with another problem we have w.r.t. mount
> >> points in unprivileged containers (but unprivileged containers have
> >> lots of other problems too :). Andrew is right that what I was
> >> describing is not the problem. There is another problem though,
>
> Ah, so we have two (at least) problems :) That's great!
Actually in userns we have a few hided problems, because we don't know
which mounts are looked (MNT_LOCKED) and read-only locked (MNT_LOCK_READONLY).
These flags are not shown in userspace.
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=90563b198e4c6674c63672fae1923da467215f45
>
> >>> So what the problem is?
> >>
> >> I think it's that files in the restored container's r/o bind mounts
> >> can't actually be accessed, but Andrew can probably elaborate.
> >
> > We need to add support for read-only bind-mounts.
>
> Identifying the problem is at least 50% of solving one.
>
> -- Pavel
>
More information about the CRIU
mailing list