[CRIU] [PATCH 00/10 RFC] Dump and restore nested network namespaces

Andrei Vagin avagin at virtuozzo.com
Wed Oct 12 10:15:17 PDT 2016 

Pavel, what do you think about this series?

On Thu, Sep 01, 2016 at 01:55:23AM +0300, Andrei Vagin wrote:
> From: Andrei Vagin <avagin at virtuozzo.com>
> 
> This is an initial support for nested network namespaces.
> 
> It was implemented to handle systemd services with private networks:
> 
> """
> When PrivateNetwork=yes is set in the [Service] section of a systemd service
> unit file, the processes run for the service will run in a private network
> namespace whith a private loopback network interface, and no other network
> devices.
> """
> 
> How it works:
> * All network devices are restored in the root task.
> * A process sets an required network namespace to restore a socket
> * Processes sets their network namespaces after restoring all sockets (files)
> 
> Known issues:
> * veth devices between network namespaces are not supported
> 
> Andrei Vagin (6):
>   kerndat: check the SIOCGSKNS ioctl
>   net: add a way to get a network namespace for a socket
>   net: create a parasite socket for each network namespace
>   net: allow to dump and restore more than one network namespace
>   net: set a proper network namespace to create a socket
>   net: rename pid into nsid for prepare_net_ns()
>   files: split collect_fd on allocate_fd and handle_fd
>   files: add a function to reopen fd as an unused fd
>   net: save network namespaces for sockets
>   zdtm: add a test for nested network namespaces
> 
>  criu/cr-check.c                 |  13 +++
>  criu/cr-restore.c               |  28 +++++
>  criu/files.c                    |  82 ++++++++++++--
>  criu/include/files.h            |   3 +
>  criu/include/kerndat.h          |   1 +
>  criu/include/namespaces.h       |   7 +-
>  criu/include/net.h              |   4 +-
>  criu/include/parasite.h         |   2 +
>  criu/include/sockets.h          |  17 ++-
>  criu/kerndat.c                  |   5 +
>  criu/namespaces.c               |   8 +-
>  criu/net.c                      | 239 +++++++++++++++++++++++++++++++++++++---
>  criu/parasite-syscall.c         |  22 +---
>  criu/pstree.c                   |   3 +
>  criu/sk-inet.c                  |  21 +++-
>  criu/sk-netlink.c               |  18 ++-
>  criu/sk-packet.c                |   9 +-
>  criu/sk-unix.c                  |  14 ++-
>  criu/sockets.c                  |  70 ++++++++++--
>  images/packet-sock.proto        |   1 +
>  images/sk-inet.proto            |   1 +
>  images/sk-netlink.proto         |   1 +
>  images/sk-packet.proto          |   1 +
>  images/sk-unix.proto            |   2 +
>  test/zdtm/static/Makefile       |   1 +
>  test/zdtm/static/netns_sub.c    | 187 +++++++++++++++++++++++++++++++
>  test/zdtm/static/netns_sub.desc |   1 +
>  27 files changed, 690 insertions(+), 71 deletions(-)
>  create mode 100644 test/zdtm/static/netns_sub.c
>  create mode 100644 test/zdtm/static/netns_sub.desc
> 
> -- 
> 2.7.4
>

More information about the CRIU mailing list