[CRIU] Dump problems

Pavel Emelyanov xemul at virtuozzo.com
Fri Aug 19 06:25:04 PDT 2016 

On 08/18/2016 10:07 AM, Pavel Sanda wrote:
> Hi,
> 
> I am having troubles to use criu without root privileges.

Yes, this part is not yet fully functional.

> The problem likely stems from the fact, that some of the kernel
> features are not enabled, this is the output of ./criu check -all
> 
> Error (cr-check.c:640): Kernel doesn't support PTRACE_O_SUSPEND_SECCOMP
> Error (cr-check.c:684): Dumping seccomp filters not supported: Input/output error
> Error (cr-check.c:795): fdinfo doesn't contain the lock field
> Error (cr-check.c:913): cgroupns not supported. This is not fatal.
> Error (cr-check.c:846): autofs not supported.
> Looks good but some kernel features are missing
> which, depending on your process tree, may cause
> dump or restore failure.

These errors are not critical.

> (linux kernel 3.19)
> 
> When trying to dump the process I get:
> Error (util.c:665): exited, status=3
> Error (util.c:665): exited, status=3
> iptables v1.4.21: can't initialize iptables table `filter': Permission denied (you must be root)

Hm... Need to check, but this doesn't seem critical.

> Perhaps iptables or your kernel needs to be upgraded.
> Warn  (ptrace.c:82): Unable to interrupt task: 4371 (Operation not permitted)
> Error (ptrace.c:54): Unable to detach from 4371: No such process
> 
> With debug on:
> ...
> (00.004603) Add pid ns 1 pid 5947
> (00.004608) Add net ns 2 pid 5947
> (00.004611) Add ipc ns 3 pid 5947
> (00.004615) Add uts ns 4 pid 5947
> (00.004618) Add mnt ns 5 pid 5947
> (00.004621) Add user ns 6 pid 5947
> (00.004624) Add cgroup ns 7 pid 5947
> (00.004625) cg: Dumping cgroups for 5947
> (00.004637) cg: Set 1 is criu one
> (00.004649) Warn  (ptrace.c:82): Unable to interrupt task: 4371 (Operation not permitted)

That's the major obstacle -- you don't have permissions to ptrace the task you want.
Can you just strace -p $pid this task?

> (00.004655) Unlock network
> (00.004657) Unfreezing tasks into 1
> (00.004659) Error (ptrace.c:54): Unable to detach from 4371: No such process
> (00.004664) Error (cr-dump.c:1614): Dumping FAILED.
> 
> 
> I guess the problem here is related to the missing PTRACE_O_SUSPEND_SECCOMP.(?)
> 
> In my usecase I have very little control over kernel configuration in the system
> I want to deploy criu, however I have full control over the code I need to dump
> and criu binaries (/sources).
> The code itself is very unassuming and I can force it to enter autistic moment
> when all external connections (devices/files/net connections/tty gone etc) are
> closed.  At the same time I can kick from criu source code any bindings which
> try to deal with all possible complexities which my code never uses.
> 
> Is there any chance to get this working (with perhaps some small tweaks of criu
> source code) in the reported kernel configuration?
> 
> Thanks,
> Pavel
> _______________________________________________
> CRIU mailing list
> CRIU at openvz.org
> https://lists.openvz.org/mailman/listinfo/criu
> .
>

More information about the CRIU mailing list