[CRIU] [PATCH RESEND v1 55/55] ns: Nested pid_ns support

Kirill Tkhai ktkhai at virtuozzo.com
Tue Mar 28 02:59:18 PDT 2017


On 27.03.2017 21:08, Andrei Vagin wrote:
> On Fri, Mar 24, 2017 at 06:17:39PM +0300, Kirill Tkhai wrote:
>> Allow nested pid_ns, but turn restoring of pgid and sid off for the cases,
>> when there are child pid namespaces. This functionality will be realized
>> by Pavel Tikhomirov, he is working on that.
> 
> Pavel implements restore of a processes tree with additional
> sub-reapers. I don't understand why we can't set sid and group, if we
> have a whole tree (when all session leaders are alive)

If session leaders are alive, it's not guaranteed, we can restore a tree
without subreapers. I disabled restore_before_setsid, because I want to minimize
number of dependencies in task creation order. Dependencies simply give deadlocks.

The only dependence remaining is INIT_PID of a pid_ns must be created before
other tasks from this namespace. But they may be sorted wrong in parent->children.
It's a problem, and I do not solve it in any way, because it's one of the problems,
which are being solved by Pavel at the moment.

>>
>> Also, current criu has a problem with restoring tun if nested net namespaces
>> exist. See my letter "[net_ns] Problem of restoring tun in nested net namespace".
>> So, I've turned tun test off for a while.
> 
> I don't understand why we have to disable it. This test doesn't create
> nested network namespace and it works now. How does this series affect
> it?

Patch "[PATCH RESEND v1 06/55] net: Do not change net_ns of root_item in create_net_ns()"
pops up a problem I talked you in "[net_ns] Problem of restoring tun in nested net namespace".

I disabled tun in the end of the series just to not a create a separate patch for that.
If it s more clear, I may disable the test in [6/55] in next version.
 
>>
>> Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
>> ---
>>  criu/cr-restore.c         |    5 +++++
>>  criu/include/namespaces.h |    2 +-
>>  criu/pstree.c             |    2 ++
>>  test/zdtm/static/tun.desc |    2 +-
>>  4 files changed, 9 insertions(+), 2 deletions(-)
>>
>> diff --git a/criu/cr-restore.c b/criu/cr-restore.c
>> index bb5abd70..8bb045b3 100644
>> --- a/criu/cr-restore.c
>> +++ b/criu/cr-restore.c
>> @@ -1263,6 +1263,8 @@ static void restore_sid(void)
>>  {
>>  	pid_t sid;
>>  
>> +	if (!list_empty(&top_pid_ns->children))
>> +		return;
>>  	/*
>>  	 * SID can only be reset to pid or inherited from parent.
>>  	 * Thus we restore it right here to let our kids inherit
>> @@ -1306,6 +1308,9 @@ static void restore_pgid(void)
>>  
>>  	pid_t pgid, my_pgid = last_level_pid(current->pgid);
>>  
>> +	if (!list_empty(&top_pid_ns->children))
>> +		return;
>> +
>>  	pr_info("Restoring %d to %d pgid\n", vpid(current), my_pgid);
>>  
>>  	pgid = getpgrp();
>> diff --git a/criu/include/namespaces.h b/criu/include/namespaces.h
>> index d8126eb5..068d9e66 100644
>> --- a/criu/include/namespaces.h
>> +++ b/criu/include/namespaces.h
>> @@ -39,7 +39,7 @@
>>  #define CLONE_ALLNS	(CLONE_NEWPID | CLONE_NEWNET | CLONE_NEWIPC | CLONE_NEWUTS | CLONE_NEWNS | CLONE_NEWUSER | CLONE_NEWCGROUP)
>>  
>>  /* Nested namespaces are supported only for these types */
>> -#define CLONE_SUBNS	(CLONE_NEWNS | CLONE_NEWNET | CLONE_NEWUSER)
>> +#define CLONE_SUBNS	(CLONE_NEWNS | CLONE_NEWNET | CLONE_NEWUSER | CLONE_NEWPID)
>>  
>>  #define MAX_NS_NESTING	32
>>  #define EXTRA_SIZE	20
>> diff --git a/criu/pstree.c b/criu/pstree.c
>> index 09a7ac8c..f3492010 100644
>> --- a/criu/pstree.c
>> +++ b/criu/pstree.c
>> @@ -858,6 +858,8 @@ static int prepare_pstree_ids(void)
>>  	struct pstree_item *item, *child, *helper, *tmp;
>>  	LIST_HEAD(helpers);
>>  
>> +	if (!list_empty(&top_pid_ns->children))
>> +		return 0;
>>  	pid_t current_pgid = getpgid(getpid());
>>  
>>  	/*
>> diff --git a/test/zdtm/static/tun.desc b/test/zdtm/static/tun.desc
>> index 8c7cfe86..eac32c2d 100644
>> --- a/test/zdtm/static/tun.desc
>> +++ b/test/zdtm/static/tun.desc
>> @@ -1 +1 @@
>> -{'flavor': 'ns uns', 'flags': 'suid', 'feature': 'tun'}
>> +{'flavor': 'ns uns', 'flags': 'suid noauto', 'feature': 'tun'}
>>


More information about the CRIU mailing list