[CRIU] implementing some kind of --leave-frozen option for c/r in CRIU
Tycho Andersen
tycho.andersen at canonical.com
Tue May 10 10:04:56 PDT 2016
Hi guys,
I'm looking at implementing some kind of --leave-frozen option in
CRIU, so that we can have a basic UX in LXD where we can wait for the
restore to be successful before we kill the checkpointed container. I
know p.haul does this by just using a callback, but it would be sort
of painful to absorb just the callback part without doing a lot of
extra engineering. We'll get LXD using p.haul someday, though :)
The actual --leave-frozen patch is not so bad (see attached), but I'm
not sure what to do about the network locking/unlocking bits.
It seems like it is always safe to do the bits in
cpt_unlock_tcp_connections() since that's just disabling tcp repair
mode, but all of the iptables rules seem necessary in order to keep
the network locked.
So my question is: is there a nice way we can "tag" these rules so
that something can come by and delete them later? I was thinking about
having criu add a comment (via -m comment --comment "CRIU-LOCK-RULE")
to each rule it adds, but I'm not sure if there's a better way, or if
I've missed something entirely.
Thanks!
Tycho
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-opts-add-a-leave-frozen-option.patch
Type: text/x-diff
Size: 3619 bytes
Desc: not available
URL: <http://lists.openvz.org/pipermail/criu/attachments/20160510/d04214ef/attachment.bin>
More information about the CRIU
mailing list