[CRIU] [PATCH] ns: add an ability to not dump properties for a specified namespace
Ross Boucher
rboucher at gmail.com
Tue Feb 16 10:52:04 PST 2016
Just confirming that I tried this out and it worked for me.
On Fri, Feb 12, 2016 at 5:30 PM Andrey Vagin <avagin at openvz.org> wrote:
> From: Andrew Vagin <avagin at virtuozzo.com>
>
> Docker requested an option, when network devices and routes are not
> dumped and not restored. Instead of this Docker will call libnetwork
> hook to tune netns from the setup-namespaces action.
>
> Cc: Saied Kazemi <saied at google.com>
> Cc: Ross Boucher <boucher at gmail.com>
> Signed-off-by: Andrew Vagin <avagin at virtuozzo.com>
> ---
> cr-service.c | 7 +++++++
> crtools.c | 13 +++++++++++++
> include/cr_options.h | 1 +
> net.c | 50
> +++++++++++++++++++++++++++-----------------------
> protobuf/rpc.proto | 1 +
> 5 files changed, 49 insertions(+), 23 deletions(-)
>
> diff --git a/cr-service.c b/cr-service.c
> index a1987e7..88d4af7 100644
> --- a/cr-service.c
> +++ b/cr-service.c
> @@ -13,6 +13,7 @@
> #include <sys/wait.h>
> #include <sys/stat.h>
> #include <arpa/inet.h>
> +#include <sched.h>
>
> #include "crtools.h"
> #include "cr_options.h"
> @@ -459,6 +460,12 @@ static int setup_opts_from_req(int sk, CriuOpts *req)
> if (req->has_ghost_limit)
> opts.ghost_limit = req->ghost_limit;
>
> + if (req->has_empty_ns) {
> + opts.empty_ns = req->empty_ns;
> + if (req->empty_ns & ~(CLONE_NEWNET))
> + goto err;
> + }
> +
> if (req->n_irmap_scan_paths) {
> for (i = 0; i < req->n_irmap_scan_paths; i++) {
> if (irmap_scan_path_add(req->irmap_scan_paths[i]))
> diff --git a/crtools.c b/crtools.c
> index fef5657..0dc9085 100644
> --- a/crtools.c
> +++ b/crtools.c
> @@ -67,6 +67,7 @@ void init_opts(void)
> opts.ps_socket = -1;
> opts.ghost_limit = DEFAULT_GHOST_LIMIT;
> opts.timeout = DEFAULT_TIMEOUT;
> + opts.empty_ns = 0;
> }
>
> static int parse_ns_string(const char *ptr)
> @@ -272,6 +273,7 @@ int main(int argc, char *argv[], char *envp[])
> { "lsm-profile", required_argument, 0,
> 1071 },
> { "timeout", required_argument, 0,
> 1072 },
> { "external", required_argument, 0,
> 1073 },
> + { "empty-ns", required_argument, 0,
> 1074 },
> { },
> };
>
> @@ -543,6 +545,14 @@ int main(int argc, char *argv[], char *envp[])
> if (add_external(optarg))
> return 1;
> break;
> + case 1074:
> + if (!strcmp("net", optarg))
> + opts.empty_ns |= CLONE_NEWNET;
> + else {
> + pr_err("Unsupported empty namespace: %s",
> optarg);
> + return 1;
> + }
> + break;
> case 'V':
> pr_msg("Version: %s\n", CRIU_VERSION);
> if (strcmp(CRIU_GITID, "0"))
> @@ -791,6 +801,9 @@ usage:
> " pipe[inode]\n"
> " socket[inode]\n"
> " files[mnt_id:inode]\n"
> +" --empty-ns {net}\n"
> +" Create a namespace, but don't restore its
> properies.\n"
> +" An user will retore them from action scripts.\n"
> "\n"
> "* Logging:\n"
> " -o|--log-file FILE log file name\n"
> diff --git a/include/cr_options.h b/include/cr_options.h
> index 5c0e633..a6f0b3e 100644
> --- a/include/cr_options.h
> +++ b/include/cr_options.h
> @@ -106,6 +106,7 @@ struct cr_options {
> bool lsm_supplied;
> char *lsm_profile;
> unsigned int timeout;
> + unsigned int empty_ns;
> };
>
> extern struct cr_options opts;
> diff --git a/net.c b/net.c
> index eab640f..a4265dc 100644
> --- a/net.c
> +++ b/net.c
> @@ -1064,16 +1064,18 @@ int dump_net_ns(int ns_id)
> return -1;
>
> ret = mount_ns_sysfs();
> - if (!ret)
> - ret = dump_netns_conf(fds);
> - if (!ret)
> - ret = dump_links(fds);
> - if (!ret)
> - ret = dump_ifaddr(fds);
> - if (!ret)
> - ret = dump_route(fds);
> - if (!ret)
> - ret = dump_rule(fds);
> + if (!(opts.empty_ns & CLONE_NEWNET)) {
> + if (!ret)
> + ret = dump_netns_conf(fds);
> + if (!ret)
> + ret = dump_links(fds);
> + if (!ret)
> + ret = dump_ifaddr(fds);
> + if (!ret)
> + ret = dump_route(fds);
> + if (!ret)
> + ret = dump_rule(fds);
> + }
> if (!ret)
> ret = dump_iptables(fds);
> if (!ret)
> @@ -1090,21 +1092,23 @@ int dump_net_ns(int ns_id)
>
> int prepare_net_ns(int pid)
> {
> - int ret;
> + int ret = 0;
> NetnsEntry *netns = NULL;
>
> - ret = restore_netns_conf(pid, &netns);
> - if (!ret)
> - ret = restore_links(pid, &netns);
> - if (netns)
> - netns_entry__free_unpacked(netns, NULL);
> -
> - if (!ret)
> - ret = restore_ifaddr(pid);
> - if (!ret)
> - ret = restore_route(pid);
> - if (!ret)
> - ret = restore_rule(pid);
> + if (!(opts.empty_ns & CLONE_NEWNET)) {
> + ret = restore_netns_conf(pid, &netns);
> + if (!ret)
> + ret = restore_links(pid, &netns);
> + if (netns)
> + netns_entry__free_unpacked(netns, NULL);
> +
> + if (!ret)
> + ret = restore_ifaddr(pid);
> + if (!ret)
> + ret = restore_route(pid);
> + if (!ret)
> + ret = restore_rule(pid);
> + }
> if (!ret)
> ret = restore_iptables(pid);
> if (!ret)
> diff --git a/protobuf/rpc.proto b/protobuf/rpc.proto
> index 4f6ed8d..fac4b9f 100644
> --- a/protobuf/rpc.proto
> +++ b/protobuf/rpc.proto
> @@ -89,6 +89,7 @@ message criu_opts {
> optional uint32 ghost_limit = 35 [default =
> 0x100000];
> repeated string irmap_scan_paths = 36;
> repeated string external = 37;
> + optional uint32 empty_ns = 38;
> }
>
> message criu_dump_resp {
> --
> 2.4.3
>
> _______________________________________________
> CRIU mailing list
> CRIU at openvz.org
> https://lists.openvz.org/mailman/listinfo/criu
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/criu/attachments/20160216/0c877584/attachment-0001.html>
More information about the CRIU
mailing list