[CRIU] [PATCH 3/6] unshare: Preparations and CLI option

Andrew Vagin avagin at virtuozzo.com
Tue Mar 15 10:33:41 PDT 2016 

On Tue, Mar 15, 2016 at 10:28:40AM -0700, Andrew Vagin wrote:
> On Wed, Dec 09, 2015 at 02:59:46PM +0300, Pavel Emelyanov wrote:
> > On restore one may say --unshare <what>. The <what> can be namespace
> > name for ns unshare or 'proc' to mount new proc in mntns. Several
> > <what>-s are to be comma-separated.
> > 
> > With this the restored tree will get born into the desired set of
> > namespaces. As different namespaces have their peculiarities, the
> > ability to unshare each will come with next patches.
> > 
> > Signed-off-by: Pavel Emelyanov <xemul at parallels.com>
> > ---
> >  crtools.c            | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
> >  include/cr_options.h |  1 +
> >  pstree.c             | 21 +++++++++++++++++++++
> >  3 files changed, 71 insertions(+)
> > 
> > diff --git a/crtools.c b/crtools.c
> > index 68756a0..bca7471 100644
> > --- a/crtools.c
> > +++ b/crtools.c
> > @@ -95,6 +95,49 @@ bad_ns:
> >  	return -1;
> >  }
> >  
> > +static int parse_unshare_arg(char *opt)
> > +{
> > +	while (1) {
> > +		char *aux;
> > +
> > +		aux = strchr(opt, ',');
> > +		if (aux)
> > +			*aux = '\0';
> > +
> > +		if (!strcmp(opt, "uts"))
> > +			opts.unshare_flags |= CLONE_NEWUTS;
> > +		else if (!strcmp(opt, "ipc"))
> > +			opts.unshare_flags |= CLONE_NEWIPC;
> > +		else if (!strcmp(opt, "mnt"))
> > +			opts.unshare_flags |= CLONE_NEWNS;
> > +		else if (!strcmp(opt, "pid"))
> > +			opts.unshare_flags |= CLONE_NEWPID;
> > +		else if (!strcmp(opt, "net"))
> > +			opts.unshare_flags |= CLONE_NEWNET;
> > +		else if (!strcmp(opt, "user"))
> > +			opts.unshare_flags |= CLONE_NEWUSER;
> 
> We need to set id mappings for user name space, otherwise it will not
> work, will it?

Pls, ignore this comment.,

I found that we will print an error if we don't know how to unshare a
namespace.
> 
> > +		else if (!strcmp(opt, "proc"))
> > +			opts.unshare_flags |= 0x1; /* mount new proc */
> > +		else {
> > +			pr_msg("Error: unknown unshare flag %s\n", opt);
> > +			return -1;
> > +		}
> > +
> > +		if (!aux)
> > +			break;
> > +
> > +		opt = aux + 1;
> > +	}
> > +
> > +	/* Only pid, mnt and user for now */
> > +	if (opts.unshare_flags) {
> > +		pr_err("Unsharing this namespace(s) is not supported yet\n");
> > +		return -1;
> > +	}
> > +
> > +	return 0;
> > +}
> > +
> >  static int parse_cpu_cap(struct cr_options *opts, const char *optarg)
> >  {
> >  	bool inverse = false;
> > @@ -255,6 +298,7 @@ int main(int argc, char *argv[], char *envp[])
> >  		{ "ghost-limit",		required_argument,	0, 1069 },
> >  		{ "irmap-scan-path",		required_argument,	0, 1070 },
> >  		{ "lsm-profile",		required_argument,	0, 1071 },
> > +		{ "unshare",			required_argument,	0, 1072 },
> >  		{ },
> >  	};
> >  
> > @@ -504,6 +548,10 @@ int main(int argc, char *argv[], char *envp[])
> >  			if (parse_lsm_arg(optarg) < 0)
> >  				return -1;
> >  			break;
> > +		case 1072:
> > +			if (parse_unshare_arg(optarg))
> > +				return -1;
> > +			break;
> >  		case 'M':
> >  			{
> >  				char *aux;
> > @@ -714,6 +762,7 @@ usage:
> >  "                        'cpu','fpu','all','ins','none'. To disable capability, prefix it with '^'.\n"
> >  "     --exec-cmd         execute the command specified after '--' on successful\n"
> >  "                        restore making it the parent of the restored process\n"
> > +"  --unshare FLAGS       what namespaces to unshare when restoring\n"
> >  "  --freeze-cgroup\n"
> >  "                        use cgroup freezer to collect processes\n"
> >  "\n"
> > diff --git a/include/cr_options.h b/include/cr_options.h
> > index d0c74fe..20e4180 100644
> > --- a/include/cr_options.h
> > +++ b/include/cr_options.h
> > @@ -64,6 +64,7 @@ struct cr_options {
> >  	bool			evasive_devices;
> >  	bool			link_remap_ok;
> >  	unsigned int		rst_namespaces_flags;
> > +	unsigned long		unshare_flags;
> >  	bool			log_file_per_pid;
> >  	bool			swrk_restore;
> >  	char			*output;
> > diff --git a/pstree.c b/pstree.c
> > index 116b5e7..ba547c1 100644
> > --- a/pstree.c
> > +++ b/pstree.c
> > @@ -741,6 +741,25 @@ set_mask:
> >  	return 0;
> >  }
> >  
> > +static int prepare_pstree_for_unshare(void)
> > +{
> > +	{
> > +		unsigned long aux;
> > +
> > +		/*
> > +		 * Move root into desired set of namespaces, but keep
> > +		 * in opts.unshare_flags those that were deliberately
> > +		 * enforced for further reference.
> > +		 */
> > +		aux = rsti(root_item)->clone_flags;
> > +		rsti(root_item)->clone_flags |= opts.unshare_flags;
> > +		opts.unshare_flags &= ~aux;
> > +	}
> > +
> > +	root_ns_mask |= opts.unshare_flags;
> > +	return 0;
> > +}
> > +
> >  int prepare_pstree(void)
> >  {
> >  	int ret;
> > @@ -759,6 +778,8 @@ int prepare_pstree(void)
> >  		 */
> >  		ret = prepare_pstree_kobj_ids();
> >  	if (!ret)
> > +		ret = prepare_pstree_for_unshare();
> > +	if (!ret)
> >  		/*
> >  		 * Session/Group leaders might be dead. Need to fix
> >  		 * pstree with properly injected helper tasks.
> > -- 
> > 1.9.3
> > 
> > 
> > _______________________________________________
> > CRIU mailing list
> > CRIU at openvz.org
> > https://lists.openvz.org/mailman/listinfo/criu

More information about the CRIU mailing list