[CRIU] Help for a Noob trying to get CRIU to run?

Alexander Mihalicyn alexander at mihalicyn.com
Sat Feb 13 14:09:41 MSK 2021 

Hi,

Unfortunately I have no mac available to test. But I'm sure that
docker on macos works on top of hypervisor (xhyve as far as I know).
During docker installation in MacOS special linux kernel image is
deployed and used as base for all you containers.

You can easily check on which kernel you docker containers work using:
$ uname -a
Please, try to deploy different docker images with different Linux
distributions (Ubuntu, Alpine, so on) and check that
command output and you will know that the kernel is the same!

Problem here is that to make CRIU work kernel should be compiled with
special feature on CONFIG_CHECKPOINT_RESTORE=y

Take a look on:
https://github.com/linuxkit/linuxkit/blob/master/docs/kernels.md
https://github.com/linuxkit/linuxkit/blob/master/examples/docker-for-mac.md
https://github.com/linuxkit/linuxkit/blob/master/examples/docker-for-mac.yml
I'm not sure but after some googling I've found that docker on MacOS
using linuxkit as a base for building special Linux Kernel images.
I've checked and from first look it seems like
CONFIG_CHECKPOINT_RESTORE is on by default. That's good news :)

Another problem is:
>Warn  (criu/sk-unix.c:229): unix: Unable to open a socket file: Operation not permitted
>Error (criu/net.c:3462): Unable create a network namespace: Operation not permitted
You have no CAP_SYS_ADMIN capability inside the container.
The Idea is simple: try to use --privileged flag when starting the
docker container.

Regards,
Alex


On Sat, Feb 13, 2021 at 10:39 AM Hugh Leather <hughleat at gmail.com> wrote:
>
> Hi,
>
> I am running on a Mac. I have CRIU built with make docker-build.
> So then I tried going into the shell on that container and doing
>
> ./criu/criu check
>
>
> Which gives these errors:
>
>
> Error (criu/util.c:632): exited, status=3
>
> Error (criu/util.c:632): exited, status=3
>
> Error (criu/tun.c:85): tun: Unable to create tun: No such file or directory
>
> Warn  (criu/sk-unix.c:229): unix: Unable to open a socket file: Operation not permitted
>
> Error (criu/net.c:3462): Unable create a network namespace: Operation not permitted
>
> Warn  (criu/net.c:3518): NSID isn't reported for network links
>
> Error (criu/kerndat.c:923): Lazy pages are not available
>
> Error (criu/kerndat.c:1143): kerndat_uffd failed when initializing kerndat.
>
> Error (criu/crtools.c:213): Could not initialize kernel features detection.
>
>
> Is this expected? Sorry for the dumb question.
>
> Cheers,
>
> Hugh.
> _______________________________________________
> CRIU mailing list
> CRIU at openvz.org
> https://lists.openvz.org/mailman/listinfo/criu

More information about the CRIU mailing list