[CRIU] two runc related questions (-d and read-only)

Adrian Reber adrian at lisas.de
Fri Oct 7 01:35:51 PDT 2016


On Fri, Sep 16, 2016 at 10:17:39AM -0700, Andrei Vagin wrote:
> On Fri, Sep 16, 2016 at 09:46:50AM -0700, Andrei Vagin wrote:
> > On Wed, Sep 14, 2016 at 05:06:15PM +0200, Adrian Reber wrote:
> > > On Wed, Sep 14, 2016 at 05:45:49AM -0700, Andrei Vagin wrote:
> > > > On Mon, Sep 12, 2016 at 07:41:29PM +0200, Adrian Reber wrote:
> > > > > I was trying to checkpoint and restore a runc container and so far I had
> > > > > two smaller problems. My runc container has
> > > > > 
> > > > > 	"terminal": false
> > > > > 
> > > > > and I am starting it detached '-d'. Checkpointing this container fails
> > > > > if I run 'runc checkpoint --shell-job test' or without '--shell-job'
> > > > > with following error:
> > > > > 
> > > > > (00.003008) 29213 fdinfo 0: pos: 0x               0 flags: 102002/0
> > > > > (00.003022) tty: Dumping tty 8 with id 0x7
> > > > > (00.003026) Error (files-reg.c:1141): Can't lookup mount=22 for fd=0 path=/dev/pts/2
> > > > > (00.003029) ----------------------------------------
> > > > > (00.003071) Error (cr-dump.c:1296): Dump files (pid: 29213) failed with -1
> > > > > 
> > > > > I get the same error using criu-2.4 and latest master. If I start the
> > > > > container without '-d' I can checkpoint it without any problem.
> > > > 
> > > > Could you try to run ./runc ... &> /dev/null  < /dev/null? Will it help?
> > > 
> > > Yes, that works.
> > > 
> > > > Could you show lsof -p for an init process of a container?
> > > 
> > > This is without the /dev/null redirection you suggested:
> > > 
> > > COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF      NODE NAME
> > > start   7464 root  cwd    DIR  252,1     4096   9129255 /
> > > start   7464 root  rtd    DIR  252,1     4096   9129255 /
> > > start   7464 root  txt    REG  252,1   960376 192967906 /usr/bin/bash
> > > start   7464 root  mem    REG  252,1          193825299 /usr/lib64/libnss_files-2.17.so (path inode=16885464)
> > > start   7464 root  mem    REG  252,1          193773498 /usr/lib64/libc-2.17.so (path inode=16883722)
> > > start   7464 root  mem    REG  252,1          193825248 /usr/lib64/libdl-2.17.so (path inode=16884707)
> > > start   7464 root  mem    REG  252,1          193825325 /usr/lib64/libtinfo.so.5.9 (path inode=16860633)
> > > start   7464 root  mem    REG  252,1          193773472 /usr/lib64/ld-2.17.so (path inode=16820578)
> > > start   7464 root    0u   CHR  136,2      0t0         5 /dev/pts/2
> > > start   7464 root    1u   CHR  136,2      0t0         5 /dev/pts/2
> > > start   7464 root    2u   CHR  136,2      0t0         5 /dev/pts/2
> > > start   7464 root  255r   REG  252,1       83   8550670 /start

Will this be fixed in runc? Do you know the state/plans about
checkpointing and restoring detached (-d) containers?

> > > > > Another problem I have seen is using runc with
> > > > > 
> > > > > 	"readonly": true
> > > > > 
> > > > > this gives me following error:
> > > > > 
> > > > > (00.079785) Dumping task cwd id 0xb root id 0xb
> > > > > (00.079931) mnt: Dumping mountpoints
> > > > > (00.079934) mnt: 	213: 2b:/null @ ./proc/sched_debug
> > > > > (00.079934) mnt: Something is mounted on top of ./dev
> > > > > (00.080004) Error (criu/mount.c:1044): mnt: Can't create a temporary directory: Read-only file system
> > > > 
> > > > It's known issue. Yesterday I started to rework mount.c to support this
> > > > case. I will try to prepare draft patches before Friday.
> > > 
> > > Great, good to know.
> > 
> > I pushed my changes on github, but I don't test them with runc.
> > https://github.com/avagin/criu/commits/mntns_for_adrian
> 
> I've tested them with runc. Actually my changes are required
> to restore a container with a read-only root.
> 
> Your issue can be workarounded, if you mount tmpfs into /tmp.
> 
>         "mounts": [
> 		...
>                 {
>                         "destination": "/tmp",
>                         "type": "tmpfs",
>                         "source": "tmp",
>                         "options": [
>                                 "nodev"
>                         ]
>                 },
> 
> I will think how to fix it when I return back from a vacation (6 Oct).

The workaround helps. I can now checkpoint and restore read-only
containers. Thanks.

		Adrian


More information about the CRIU mailing list