[CRIU] [PATCH v4 1/3] net/sysctl: c/r all except *.conf.* and *.neigh.*

Pavel Tikhomirov ptikhomirov at virtuozzo.com
Wed Jul 27 04:55:40 PDT 2016 


On 07/27/2016 02:04 PM, Pavel Emelyanov wrote:
> On 07/26/2016 06:33 PM, Pavel Tikhomirov wrote:
>>
>>
>> On 07/26/2016 06:17 PM, Pavel Emelyanov wrote:
>>> On 07/20/2016 05:27 PM, Pavel Tikhomirov wrote:
>>>> Add array of sysctls which we need(r/w in netns) to dump by name along
>>>> with their types, add NamedSysctlEntry'es to dump sysctl name+value
>>>> pairs to image
>>>>
>>>> Skip:
>>>> 1. non-(readable)writable sysctls as we can do nothing for them through
>>>> procfs
>>>> 2. conf and neigh directories are per-device and will be restored after
>>>> devices restore separately, also they might need special care like conf
>>>> sysctls need special order
>>>> 3. nf_log.xx if it is "NONE" as we can not set it with sysctl_op as
>>>> sysctl_write_char prints "\n" at the end and nf_log_proc_dostring does
>>>> not like '\n' for now, to fix it, sent patch "[v2]netfilter: nf_log:
>>>> fix error on write NONE to logger choice sysctl"
>>>>
>>>> Not skip: "igmp_link_local_mcast_reports" - !DANGEROUS! to use criu on
>>>> kernels v4.3-v4.5, @xemul: "we just suggest one to add the fixing
>>>> patch to kernel", so fixing patch is: commit 87a8a2ae65b7 ("igmp:
>>>> Namespaceify igmp_llm_reports sysctl knob"), see more in RHBZ#1352177
>>>>
>>>> *We have now 32 such net.* sysctls writable in VZ7 CT
>>>
>>> How about upstream Linux kernel? What's the list of virtualized sysctls in there?
>>
>> Do I missed any sysctl?
>
> I don't know, that's why I'm asking :)
>
>> I installed mainstream kernel from master(config
>> from fedora) and collected all r&w sysctls in net subdir except conf and
>> neigh subdirs being in net-namespace. And so I found only 116 which are
>> in these patch.
>
> 116? In mainstream kernel? OK, but what does "We have now 32 such net.*..."
> mean then?

0) Actually I misprinted the number it is 42 not 32.
https://jira.sw.ru/browse/PSBM-48397?focusedCommentId=2827131&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-2827131

1) It means that in VZ7 CT we have less sysctls than in Upstream. 
(Without netfilter=full, where will be even less.)


>
> -- Pavel
>

-- 
Best regards, Tikhomirov Pavel
Software Developer, Virtuozzo.

More information about the CRIU mailing list