[CRIU] [PATCH v1 00/55] Nested pid namespaces support

Kirill Tkhai ktkhai at virtuozzo.com
Fri Mar 24 07:55:21 PDT 2017 

Hi,

this is the first version of nested pid namespaces support.
Completelly implemented dump and restore of tasks and threads,
and pidns01 test is added.

The most problem and strange thing I bumped to is that a task may
write "/proc/sys/kernel/ns_last_pid" only of its active pid namespace,
independently of in which pid ns the file is open and which caps
task has. To solve this problem, pid_ns helpers populating appropriate
ns_last_pid were implemented. See the corresponding patches for the
details.

Patches [1-5/55] is duplicate of <<[PATCH 0/5] Restore of "/proc/self/ns/net" fixes>>
I sent today, because it fixes the errors which are seen only after
patch [6/55], and I don't want to receive travis errors.

Also, there is a error with nested net_ns (see <<[net_ns] Problem of
restoring tun in nested net namespace>>), so I temporary switched tun
test off in 55/55 till it's fixed.

The patch set doesnt't do anything to restore pgid/sid if nested pid_ns
is dumped (Pavel Tikhomirov is completelly reworking on pgid/sid
at the moment, so we do not do the same work both),
so for such cases I switch restore of pgid/sid off in [55/55]. If you
want, we may put it into criu option till it's implemented.

---

Kirill Tkhai (55):
      user_ns: Close pid proc in create_user_ns_hierarhy_fn()
      ns: Pack functionality of storing ns fd to store_self_ns()
      user_ns: Keep root_user_ns ns fd in fdstore
      ns: Fix wrong opened net ns file
      zdtm: Add proc-self01 test
      net: Do not change net_ns of root_item in create_net_ns()
      cr-restore: Open transport socket earlier
      zdtm: Add pidns00 test
      kerndat: Check that "/proc/[pid]/status" file has NS{pid,..} lines
      pid: Add pid::level field and level argument for __alloc_pstree_item()
      pid: Add equel_pid() helper
      pid: Add last_level_pid() helper
      pid: Make pgid and sid be allocated dynamically
      pid: Use last_level_pid() in restore_pgid()
      pid: Alloc threads dynamically
      pid: Pass thread pid to caller
      pstree: Change arguments of read_pstree_ids()
      pstree: Read ids earlier in read_pstree_image()
      pid: Add top_pid_ns
      pid: Add ns::pid::rb_root
      ids: Copy unexisted ids from root_item
      pstree: Move parent assignment in read_pstree_image() up
      pstree: Assign ids for dead tasks in read_pstree_image()
      pstree: Dump pid and user ns ids for dead tasks
      pstree: Add pid_ns check in read_pstree_image
      pstree: Split lookup_create_pid()
      pstree: Add pid_ns id argument to lookup_create_pid()
      ns: Add MAX_NS_NESTING
      pstree: Make lookup_create_pid() able to create tasks with pid->level > 1
      pid: Implement populate_ns_pids() helper
      proc_parse: Implement collect_pid_status()
      pid_ns: Implement pid_ns_root_off()
      pid: Use collect_pid_status() to populate item's pids
      images: Add NSpids pstree descriptions
      pstree: Dump and restore NSpid, NSsid etc
      pstree: Make get_free_pid() work for different pid_ns and export it
      pstree: Extract __pstree_item_by_virt() to act on any pid_ns
      ns: Reserve pid_ns helpers
      restore: Implement set_next_pid() helper
      pid: Always lock last pid file on clone()
      pid: Add fdstore id for pid_ns descriptor
      fdstore: Init fdstore earlier
      pid: Save created pid_ns fd to fdstore
      ns: Always start usernsd
      pid: Add pid ns futex helper_created
      ns: Install transport fd socket in usernsd
      pid: Create pid_ns helpers
      pid: Wait till pid_ns created before we create a child of this ns
      pid: Set pid_ns before we create a child
      pid: Teach set_next_pid() working with nested pid_ns
      restorer: Close transport socket later
      restorer: Set NStids in all pid_ns for thread before we create it.
      pid: Check for equality of getpid() of child to last_level_pid
      pstree: Use CLONE_NEWPID only to create child reaper of pid_ns
      ns: Nested pid_ns support


 criu/cr-dump.c                  |  123 +++++++--
 criu/cr-restore.c               |  237 +++++++++++++----
 criu/files-reg.c                |   10 -
 criu/files.c                    |   20 +
 criu/include/kerndat.h          |    1 
 criu/include/namespaces.h       |   21 +
 criu/include/parasite-syscall.h |    2 
 criu/include/pid.h              |   23 ++
 criu/include/proc_parse.h       |   13 +
 criu/include/pstree.h           |   30 +-
 criu/include/restorer.h         |    6 
 criu/include/rst_info.h         |    1 
 criu/kerndat.c                  |   28 ++
 criu/namespaces.c               |  404 ++++++++++++++++++++++++++--
 criu/net.c                      |   62 +---
 criu/ns-common.c                |   51 ++++
 criu/parasite-syscall.c         |    6 
 criu/pie/restorer.c             |   50 +++
 criu/proc_parse.c               |  123 ++++++++-
 criu/pstree.c                   |  559 +++++++++++++++++++++++++++------------
 criu/seize.c                    |   32 ++
 criu/tty.c                      |    6 
 images/pstree.proto             |   17 +
 test/zdtm/static/Makefile       |    3 
 test/zdtm/static/pidns00.c      |  206 ++++++++++++++
 test/zdtm/static/pidns00.desc   |    1 
 test/zdtm/static/proc-self.c    |    4 
 test/zdtm/static/proc-self01.c  |    1 
 test/zdtm/static/tun.desc       |    2 
 29 files changed, 1650 insertions(+), 392 deletions(-)
 create mode 100644 criu/ns-common.c
 create mode 100644 test/zdtm/static/pidns00.c
 create mode 100644 test/zdtm/static/pidns00.desc
 create mode 120000 test/zdtm/static/proc-self01.c

--
Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>

More information about the CRIU mailing list