[CRIU] [PATCH] add join-ns opt to criu restore

Andrew Vagin avagin at virtuozzo.com
Wed Mar 16 10:52:14 PDT 2016 

On Wed, Mar 16, 2016 at 05:17:08PM +0300, Pavel Emelyanov wrote:
> On 03/16/2016 06:39 AM, Dengguangxing wrote:
> > Hi, Pavel and Andrew,
> > 
> > Thanks for your reviewing, I would never realize these problems by myself.
> > I am not really familiar with namespace, so I don't know exactly what result
> > this implementatin would lead to (I did some simple tests only).
> > Really appreciate your opinions.
> > 
> > Here are my solutions to your suggestions, please check if they make sense.
> > 
> >> There are three things to sort out:
> >>
> >> 1. What if root task lives in netns, but we ask for --join-ns net?
> > In such case, setns() will switch to the new ns.
> 
> That's OK, so the --join-ns is overriding the images. That's fine, just
> emit a message about this in the log files with pr_info.

In this case we should not restore this namespace.

> 
> >> 2. What if we pass --unshare net and --join-ns net?
> >> 3. What if we pass --empty-ns net and --join-ns net?
> >>
> > maybe should add flag_check rules(if we don't have one), --unshare, --empty-ns and
> > --join-ns should conflict.
> 
> Yup. This would work I think. Please, add respective checks.
> 
> >>
> >> Please, also fix the images/rpc.proto and criu/cr-service.c to support this option
> >> in RPC API.
> > Sorry for missing this, will append that
> 
> Awesome :)
> 
> Below are Andrey's comments, he would probably comment on them himself.
> 
> >>
> >> A namespace may be mounted into a file:
> >> [root at fc22-vm ~]# ip netns add test
> >> [root at fc22-vm ~]# cat /proc/self/mountinfo | grep test
> >> 82 80 0:3 net:[4026532214] /run/netns/test rw shared:32 - nsfs nsfs rw
> > The opt can be in "NS:PID | PATH" format. finnally It will be parsed into filepath,
> > like /proc/12345/ns/net and /run/netns/test

Ok

> > 
> >>
> >> If a root task is restore in a new userns, you will not ablt to join
> >> external namespaces here. setns() will return EPERM.
> > leave user-ns setting to the last one to perform

Ok

> > 
> >>
> >> You need to set proper uid and gid to joing an user namespace
> > users can set uid and gid while joining user-ns. if not specified, use default one (0?)

I am not sure that I understand what you mean. Could you elloborate?

> > 
> > 
> >>
> >> You need to open namespace files before calling setns for them,
> >> because namespace files can become unaccessiable after switching into
> >> another mount namespace.
> > Awesome! I will amend this as you said
> > 
> > Ps I will complement and regulate the comment.
> > 
> > Best Regards!
> > Deng
> > 
> > .
> > 
>

More information about the CRIU mailing list