[CRIU] Dump problems

Pavel Sanda ps at twin.jikos.cz
Thu Aug 18 00:35:16 PDT 2016 

Hi,

I am having troubles to use criu without root privileges.

The problem likely stems from the fact, that some of the kernel
features are not enabled, this is the output of ./criu check -all

Error (cr-check.c:640): Kernel doesn't support PTRACE_O_SUSPEND_SECCOMP
Error (cr-check.c:684): Dumping seccomp filters not supported: Input/output error
Error (cr-check.c:795): fdinfo doesn't contain the lock field
Error (cr-check.c:913): cgroupns not supported. This is not fatal.
Error (cr-check.c:846): autofs not supported.
Looks good but some kernel features are missing
which, depending on your process tree, may cause
dump or restore failure.

(linux kernel 3.19)

When trying to dump the process I get:
Error (util.c:665): exited, status=3
Error (util.c:665): exited, status=3
iptables v1.4.21: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
Warn  (ptrace.c:82): Unable to interrupt task: 4371 (Operation not permitted)
Error (ptrace.c:54): Unable to detach from 4371: No such process

With debug on:
...
(00.004603) Add pid ns 1 pid 5947
(00.004608) Add net ns 2 pid 5947
(00.004611) Add ipc ns 3 pid 5947
(00.004615) Add uts ns 4 pid 5947
(00.004618) Add mnt ns 5 pid 5947
(00.004621) Add user ns 6 pid 5947
(00.004624) Add cgroup ns 7 pid 5947
(00.004625) cg: Dumping cgroups for 5947
(00.004637) cg: Set 1 is criu one
(00.004649) Warn  (ptrace.c:82): Unable to interrupt task: 4371 (Operation not permitted)
(00.004655) Unlock network
(00.004657) Unfreezing tasks into 1
(00.004659) Error (ptrace.c:54): Unable to detach from 4371: No such process
(00.004664) Error (cr-dump.c:1614): Dumping FAILED.


I guess the problem here is related to the missing PTRACE_O_SUSPEND_SECCOMP.(?)

In my usecase I have very little control over kernel configuration in the system
I want to deploy criu, however I have full control over the code I need to dump
and criu binaries (/sources).
The code itself is very unassuming and I can force it to enter autistic moment
when all external connections (devices/files/net connections/tty gone etc) are
closed.  At the same time I can kick from criu source code any bindings which
try to deal with all possible complexities which my code never uses.

Is there any chance to get this working (with perhaps some small tweaks of criu
source code) in the reported kernel configuration?

Thanks,
Pavel

More information about the CRIU mailing list