[CRIU] [PATCH] add join-ns opt to criu restore

Dengguangxing dengguangxing at huawei.com
Wed Mar 16 21:07:59 PDT 2016 

>>>> You need to set proper uid and gid to joing an user namespace
>>> users can set uid and gid while joining user-ns. if not specified, use default one (0?)
>
> I am not sure that I understand what you mean. Could you elloborate?
maybe we can leave uid and gid to user to specify, He or she is supposed to know the proper one.
if not set, we just keep the default one, getuid() and getgid().

在 2016/3/17 1:52, Andrew Vagin 写道:
> On Wed, Mar 16, 2016 at 05:17:08PM +0300, Pavel Emelyanov wrote:
>> On 03/16/2016 06:39 AM, Dengguangxing wrote:
>>> Hi, Pavel and Andrew,
>>>
>>> Thanks for your reviewing, I would never realize these problems by myself.
>>> I am not really familiar with namespace, so I don't know exactly what result
>>> this implementatin would lead to (I did some simple tests only).
>>> Really appreciate your opinions.
>>>
>>> Here are my solutions to your suggestions, please check if they make sense.
>>>
>>>> There are three things to sort out:
>>>>
>>>> 1. What if root task lives in netns, but we ask for --join-ns net?
>>> In such case, setns() will switch to the new ns.
>>
>> That's OK, so the --join-ns is overriding the images. That's fine, just
>> emit a message about this in the log files with pr_info.
> 
> In this case we should not restore this namespace.
> 
>>
>>>> 2. What if we pass --unshare net and --join-ns net?
>>>> 3. What if we pass --empty-ns net and --join-ns net?
>>>>
>>> maybe should add flag_check rules(if we don't have one), --unshare, --empty-ns and
>>> --join-ns should conflict.
>>
>> Yup. This would work I think. Please, add respective checks.
>>
>>>>
>>>> Please, also fix the images/rpc.proto and criu/cr-service.c to support this option
>>>> in RPC API.
>>> Sorry for missing this, will append that
>>
>> Awesome :)
>>
>> Below are Andrey's comments, he would probably comment on them himself.
>>
>>>>
>>>> A namespace may be mounted into a file:
>>>> [root at fc22-vm ~]# ip netns add test
>>>> [root at fc22-vm ~]# cat /proc/self/mountinfo | grep test
>>>> 82 80 0:3 net:[4026532214] /run/netns/test rw shared:32 - nsfs nsfs rw
>>> The opt can be in "NS:PID | PATH" format. finnally It will be parsed into filepath,
>>> like /proc/12345/ns/net and /run/netns/test
> 
> Ok
> 
>>>
>>>>
>>>> If a root task is restore in a new userns, you will not ablt to join
>>>> external namespaces here. setns() will return EPERM.
>>> leave user-ns setting to the last one to perform
> 
> Ok
> 
>>>
>>>>
>>>> You need to set proper uid and gid to joing an user namespace
>>> users can set uid and gid while joining user-ns. if not specified, use default one (0?)
> 
> I am not sure that I understand what you mean. Could you elloborate?
> 
>>>
>>>
>>>>
>>>> You need to open namespace files before calling setns for them,
>>>> because namespace files can become unaccessiable after switching into
>>>> another mount namespace.
>>> Awesome! I will amend this as you said
>>>
>>> Ps I will complement and regulate the comment.
>>>
>>> Best Regards!
>>> Deng
>>>
>>> .
>>>
>>
>

More information about the CRIU mailing list