[CRIU] [PATCH 00/10 RFC] Dump and restore nested network namespaces

Andrei Vagin avagin at openvz.org
Wed Aug 31 15:55:23 PDT 2016 

From: Andrei Vagin <avagin at virtuozzo.com>

This is an initial support for nested network namespaces.

It was implemented to handle systemd services with private networks:

"""
When PrivateNetwork=yes is set in the [Service] section of a systemd service
unit file, the processes run for the service will run in a private network
namespace whith a private loopback network interface, and no other network
devices.
"""

How it works:
* All network devices are restored in the root task.
* A process sets an required network namespace to restore a socket
* Processes sets their network namespaces after restoring all sockets (files)

Known issues:
* veth devices between network namespaces are not supported

Andrei Vagin (6):
  kerndat: check the SIOCGSKNS ioctl
  net: add a way to get a network namespace for a socket
  net: create a parasite socket for each network namespace
  net: allow to dump and restore more than one network namespace
  net: set a proper network namespace to create a socket
  net: rename pid into nsid for prepare_net_ns()
  files: split collect_fd on allocate_fd and handle_fd
  files: add a function to reopen fd as an unused fd
  net: save network namespaces for sockets
  zdtm: add a test for nested network namespaces

 criu/cr-check.c                 |  13 +++
 criu/cr-restore.c               |  28 +++++
 criu/files.c                    |  82 ++++++++++++--
 criu/include/files.h            |   3 +
 criu/include/kerndat.h          |   1 +
 criu/include/namespaces.h       |   7 +-
 criu/include/net.h              |   4 +-
 criu/include/parasite.h         |   2 +
 criu/include/sockets.h          |  17 ++-
 criu/kerndat.c                  |   5 +
 criu/namespaces.c               |   8 +-
 criu/net.c                      | 239 +++++++++++++++++++++++++++++++++++++---
 criu/parasite-syscall.c         |  22 +---
 criu/pstree.c                   |   3 +
 criu/sk-inet.c                  |  21 +++-
 criu/sk-netlink.c               |  18 ++-
 criu/sk-packet.c                |   9 +-
 criu/sk-unix.c                  |  14 ++-
 criu/sockets.c                  |  70 ++++++++++--
 images/packet-sock.proto        |   1 +
 images/sk-inet.proto            |   1 +
 images/sk-netlink.proto         |   1 +
 images/sk-packet.proto          |   1 +
 images/sk-unix.proto            |   2 +
 test/zdtm/static/Makefile       |   1 +
 test/zdtm/static/netns_sub.c    | 187 +++++++++++++++++++++++++++++++
 test/zdtm/static/netns_sub.desc |   1 +
 27 files changed, 690 insertions(+), 71 deletions(-)
 create mode 100644 test/zdtm/static/netns_sub.c
 create mode 100644 test/zdtm/static/netns_sub.desc

-- 
2.7.4

More information about the CRIU mailing list