[CRIU] [PATCH v3 00/33] Nested user namespaces support

Kirill Tkhai ktkhai at virtuozzo.com
Tue Feb 21 06:20:23 PST 2017 

On 21.02.2017 08:35, Andrei Vagin wrote:
> On Thu, Feb 16, 2017 at 03:06:33PM +0300, Kirill Tkhai wrote:
>> Hi,
>>
>> this is the third version of nested user namespaces support.
>> There are also a couple of refactoring for pid namespaces
>> support, which is the thing I'm working at the moment.
> 
> It is better to send userns and pidns changes in two separate series

Hm. I mean hookupus for pid_ns, which I set. Do they spoil the view so much?
If I set them separately, this just would be a code twiddling, while when
they are together with user_ns it's possible to introduce generic code for
everything, and it's clearly seen, why the some changes are need.

Also, have you seen "[PATCH v3 03/33] core: Introduce last_pid_mutex and use it to synchronize ns_last_pid assignment"
and "[PATCH v3 03/33] core: Introduce last_pid_mutex and use it to synchronize ns_last_pid assignment"?
Is it possible to apply them from this series if you have no objections?
They are just refactorings.

>> In comparation to v2 there were made:
>>
>> 1)Create user ns hierarhy from root_item
>>
>> 2)Rebased on fresh criu-dev; mostly it's fdstore
>>
>> 3)Added a patch to support user_ns in nested net_ns
>>
>> 4)Some fixes to determ ns hierarhy right, where kernel does not support nsfs
>>
>> 5)Fixes for alignment of stack in clone
>>
>> https://travis-ci.org/tkhai/criu/builds/202219501
>>
>> ---
>>
>> Kirill Tkhai (33):
>>       zdtm: Add userns00 test
>>       zdtm: Add userns01 test
>>       core: Introduce last_pid_mutex and use it to synchronize ns_last_pid assignment
>>       restore: Implement set_next_pid() helper
>>       ns: Set nested namespaces hookups
>>       ns: Set hookups for all namespaces
>>       ns: Change arguments of dump_user_ns()
>>       user_ns: Make collect_user_ns() allocate child UsernsEntry mappings
>>       user_ns: Make host_id() working with any mapping and rename it
>>       ns: Rename and export userns_id() and INVALID_ID
>>       ns: Implement target_userns_{u,g}id() and root_userns_{u,g}id()
>>       ns: Add user and pid ns_id on restore
>>       user_ns: Name loading UsernsEntry mappings on restore "old format"
>>       ns: Provide the case when root_item has !NS_ROOT user_ns in rst_add_ns_id()
>>       ns: Set pointer to root_user_ns in ns_ids
>>       ns: Implement dup_userns_entry()
>>       images: Move uid_gid_extent and userns_entry descriptions
>>       proto: Add ns_hookup_entry description
>>       ns: Write/read ns entries in new way
>>       ns: Make prepare_userns() have ns map parameter
>>       ns: Make write_id_map() use CR_PROC_FD_OFF
>>       proc: Close CR_PROC_FD_OFF and TRANSPORT_FD_OFF later
>>       utils: Move getting real pid functionality to separate function
>>       ns: Generate user_ns tree
>>       user_ns: Set user_ns before net_ns creation
>>       utils: Introduce open_fd_of_real_pid()
>>       ns: Implement set_user_ns()
>>       ns: Set target user_ns after net_ns is set
>>       shmem: Fixup shmem_wait_and_open() opens foreign /proc/[pid]/fd/[i]
>>       rst: Pass pstree_item argument to alloc_groups_copy_creds()
>>       ns: Dump creds xids in root_user_ns
>>       ns: Convert task cred's xids to target user ns
>>       ns: Allow nested user namespaces
>>
>>
>>  criu/cgroup.c                   |    2 
>>  criu/cr-dump.c                  |    6 
>>  criu/cr-restore.c               |  141 ++++---
>>  criu/files.c                    |    1 
>>  criu/image-desc.c               |    1 
>>  criu/include/cgroup.h           |    2 
>>  criu/include/image-desc.h       |    1 
>>  criu/include/magic.h            |    1 
>>  criu/include/namespaces.h       |   37 ++
>>  criu/include/parasite-syscall.h |    4 
>>  criu/include/protobuf-desc.h    |    1 
>>  criu/include/pstree.h           |    2 
>>  criu/include/rst_info.h         |    1 
>>  criu/include/util.h             |    3 
>>  criu/namespaces.c               |  796 ++++++++++++++++++++++++++++++++++++---
>>  criu/net.c                      |   43 ++
>>  criu/parasite-syscall.c         |   42 +-
>>  criu/pie/restorer.c             |   56 +--
>>  criu/protobuf-desc.c            |    2 
>>  criu/pstree.c                   |   14 +
>>  criu/shmem.c                    |    4 
>>  criu/util.c                     |   48 ++
>>  images/Makefile                 |    1 
>>  images/ns.proto                 |   30 +
>>  images/userns.proto             |   12 -
>>  lib/py/images/images.py         |    1 
>>  test/zdtm/static/Makefile       |    2 
>>  test/zdtm/static/userns00.c     |  295 ++++++++++++++
>>  test/zdtm/static/userns00.desc  |    1 
>>  test/zdtm/static/userns01.c     |  149 +++++++
>>  test/zdtm/static/userns01.desc  |    1 
>>  31 files changed, 1516 insertions(+), 184 deletions(-)
>>  delete mode 100644 images/userns.proto
>>  create mode 100644 test/zdtm/static/userns00.c
>>  create mode 100644 test/zdtm/static/userns00.desc
>>  create mode 100644 test/zdtm/static/userns01.c
>>  create mode 100644 test/zdtm/static/userns01.desc
>>
>> --
>> Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
>> _______________________________________________
>> CRIU mailing list
>> CRIU at openvz.org
>> https://lists.openvz.org/mailman/listinfo/criu

More information about the CRIU mailing list