[CRIU] [PATCH v3 00/55] Nested pid namespaces support

Andrei Vagin avagin at virtuozzo.com
Mon Apr 10 21:26:22 PDT 2017 

[root at fc24 criu]# python test/zdtm.py run -t zdtm/static/pidns00 --iter 1
Checking feature ns_pid
=== Run 1/1 ================ zdtm/static/pidns00

======================== Run zdtm/static/pidns00 in ns =========================
make[1]: Nothing to be done for 'default'.
Start test
Test is SUID
make[1]: Nothing to be done for 'default'.
./pidns00 --pidfile=pidns00.pid --outfile=pidns00.out
Run criu dump
Run criu restore
################ Test zdtm/static/pidns00 FAIL at CRIU restore #################
##################################### FAIL #####################################
[root at fc24 criu]# dmesg -c
[439441.751893] traps: pidns00[27458] general protection ip:7f9b3183d642 sp:7ffc2d9587c0 error:0
[439441.751900]  in libc.so.6[7f9b31806000+1bd000]
[439441.768416] systemd-journald[13102]: Successfully sent stream file descriptor to service manager.
[439441.886503] systemd-journald[13102]: Compressed data object 1176 -> 652 using LZ4
[439441.887834] systemd-journald[13102]: Compressed data object 1658 -> 653 using LZ4
[439441.889093] systemd-journald[13102]: Compressed data object 3128 -> 1774 using LZ4
[439442.037519] criu[27482]: segfault at 12 ip 000000000047e4d3 sp 00007ffc190820a8 error 4 in criu[400000+117000]
[439442.058973] systemd-journald[13102]: Successfully sent stream file descriptor to service manager.
[439442.211795] systemd-journald[13102]: Compressed data object 1150 -> 665 using LZ4
[439442.213101] systemd-journald[13102]: Compressed data object 5493 -> 1619 using LZ4
[root at fc24 criu]# 
[root at fc24 criu]# git diff
diff --git a/test/zdtm/static/pidns00.c b/test/zdtm/static/pidns00.c
index e3ed74b..e86d488 100644
--- a/test/zdtm/static/pidns00.c
+++ b/test/zdtm/static/pidns00.c
@@ -54,6 +54,11 @@ futex_t *futex;
 
 int child(void)
 {
+       int fd = open("/proc/self/ns/pid", O_RDONLY);
+       unshare(CLONE_NEWPID);
+       if (fork())
+               setns(fd, CLONE_NEWPID);
+       close(fd);
        futex_wait_while_lt(futex, 1);
        return 0;
 }


On Mon, Apr 10, 2017 at 11:15:01AM +0300, Kirill Tkhai wrote:
> Hi,
> 
> this is the third version of nested pid namespaces support.
> The most signify change in this version is support of children,
> which have a pid_ns->user_ns different to parent's user_ns.
> See "pid_ns: Set user_ns before creation of pid_ns" for the
> details. Test pidns01 was implemented for this case.
> 
> Also, now we block SIGCHLD during destroying of pid_ns helpers,
> and we have a "ns_pid" feature for tests.
> 
> https://travis-ci.org/tkhai/criu/builds/220445695
> 
> ---
> 
> Kirill Tkhai (55):
>       ns: Do not change net_ns in prepare_net_namespaces()
>       mnt: Put root fd to fdstore
>       cr-restore: Open transport socket earlier
>       zdtm: Add pidns00 test
>       zdtm: Add pidns01 test
>       kerndat: Check that "/proc/[pid]/status" file has NS{pid,..} lines
>       pid: Add pid::level field and level argument for __alloc_pstree_item()
>       pid: Add equel_pid() helper
>       pid: Add last_level_pid() helper
>       pid: Make pgid and sid be allocated dynamically
>       pid: Use last_level_pid() in restore_pgid()
>       pid: Alloc threads dynamically
>       pid: Pass thread pid to caller
>       pstree: Change arguments of read_pstree_ids()
>       pstree: Read ids earlier in read_pstree_image()
>       pid: Add top_pid_ns
>       pid: Add ns::pid::rb_root
>       ids: Copy unexisted ids from root_item
>       pstree: Move parent assignment in read_pstree_image() up
>       pstree: Assign ids for dead tasks in read_pstree_image()
>       pstree: Dump pid and user ns ids for dead tasks
>       pstree: Add pid_ns check in read_pstree_image
>       pstree: Split lookup_create_pid()
>       pstree: Add pid_ns id argument to lookup_create_pid()
>       ns: Add MAX_NS_NESTING
>       pstree: Make lookup_create_pid() able to create tasks with pid->level > 1
>       pid: Implement populate_ns_pids() helper
>       proc_parse: Implement collect_pid_status()
>       pid_ns: Implement pid_ns_root_off()
>       pid: Use collect_pid_status() to populate item's pids
>       images: Add NSpids pstree descriptions
>       pstree: Dump and restore NSpid, NSsid etc
>       pstree: Make get_free_pid() work for different pid_ns and export it
>       pstree: Extract __pstree_item_by_virt() to act on any pid_ns
>       ns: Reserve pid_ns helpers
>       restore: Implement set_next_pid() helper
>       pid: Always lock last pid file on clone()
>       pid: Add fdstore id for pid_ns descriptor
>       fdstore: Init fdstore earlier
>       pid: Save created pid_ns fd to fdstore
>       ns: Always start usernsd
>       pid: Add pid ns futex helper_created
>       ns: Install transport fd socket in usernsd
>       cr-restore: Add argument to criu_signals_setup()
>       ns: Add usernsd signal handler
>       pid: Create pid_ns helpers
>       pid: Wait till pid_ns created before we create a child of this ns
>       pid: Set pid_ns before we create a child
>       pid_ns: Set user_ns before creation of pid_ns
>       pid: Teach set_next_pid() working with nested pid_ns
>       restorer: Close transport socket later
>       restorer: Set NStids in all pid_ns for thread before we create it.
>       pid: Check for equality of getpid() of child to last_level_pid
>       pstree: Use CLONE_NEWPID only to create child reaper of pid_ns
>       ns: Nested pid_ns support
> 
> 
>  criu/cr-check.c                 |   13 +
>  criu/cr-dump.c                  |  123 +++++++--
>  criu/cr-restore.c               |  372 +++++++++++++++++++++-----
>  criu/files-reg.c                |   10 -
>  criu/files.c                    |   20 +
>  criu/include/kerndat.h          |    2 
>  criu/include/namespaces.h       |   22 +-
>  criu/include/parasite-syscall.h |    2 
>  criu/include/pid.h              |   23 ++
>  criu/include/proc_parse.h       |   13 +
>  criu/include/pstree.h           |   31 ++
>  criu/include/restore.h          |    3 
>  criu/include/restorer.h         |    6 
>  criu/include/rst_info.h         |    1 
>  criu/kerndat.c                  |   28 ++
>  criu/mount.c                    |   19 +
>  criu/namespaces.c               |  406 +++++++++++++++++++++++++++-
>  criu/net.c                      |   16 +
>  criu/ns-common.c                |   51 ++++
>  criu/parasite-syscall.c         |    6 
>  criu/pie/restorer.c             |   50 +++
>  criu/proc_parse.c               |  123 ++++++++-
>  criu/pstree.c                   |  559 +++++++++++++++++++++++++++------------
>  criu/seize.c                    |   32 ++
>  criu/sk-unix.c                  |   11 +
>  criu/tty.c                      |    6 
>  images/pstree.proto             |   17 +
>  test/zdtm/static/Makefile       |    2 
>  test/zdtm/static/pidns00.c      |  205 ++++++++++++++
>  test/zdtm/static/pidns00.desc   |    1 
>  test/zdtm/static/pidns01.c      |  164 +++++++++++
>  test/zdtm/static/pidns01.desc   |    1 
>  test/zdtm/static/tun.desc       |    2 
>  33 files changed, 1974 insertions(+), 366 deletions(-)
>  create mode 100644 criu/ns-common.c
>  create mode 100644 test/zdtm/static/pidns00.c
>  create mode 100644 test/zdtm/static/pidns00.desc
>  create mode 100644 test/zdtm/static/pidns01.c
>  create mode 100644 test/zdtm/static/pidns01.desc
> 
> --
> Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>

More information about the CRIU mailing list