<div dir="ltr">Just confirming that I tried this out and it worked for me.</div><br><div class="gmail_quote"><div dir="ltr">On Fri, Feb 12, 2016 at 5:30 PM Andrey Vagin <<a href="mailto:avagin@openvz.org">avagin@openvz.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">From: Andrew Vagin <<a href="mailto:avagin@virtuozzo.com" target="_blank">avagin@virtuozzo.com</a>><br>
<br>
Docker requested an option, when network devices and routes are not<br>
dumped and not restored. Instead of this Docker will call libnetwork<br>
hook to tune netns from the setup-namespaces action.<br>
<br>
Cc: Saied Kazemi <<a href="mailto:saied@google.com" target="_blank">saied@google.com</a>><br>
Cc: Ross Boucher <<a href="mailto:boucher@gmail.com" target="_blank">boucher@gmail.com</a>><br>
Signed-off-by: Andrew Vagin <<a href="mailto:avagin@virtuozzo.com" target="_blank">avagin@virtuozzo.com</a>><br>
---<br>
cr-service.c | 7 +++++++<br>
crtools.c | 13 +++++++++++++<br>
include/cr_options.h | 1 +<br>
net.c | 50 +++++++++++++++++++++++++++-----------------------<br>
protobuf/rpc.proto | 1 +<br>
5 files changed, 49 insertions(+), 23 deletions(-)<br>
<br>
diff --git a/cr-service.c b/cr-service.c<br>
index a1987e7..88d4af7 100644<br>
--- a/cr-service.c<br>
+++ b/cr-service.c<br>
@@ -13,6 +13,7 @@<br>
#include <sys/wait.h><br>
#include <sys/stat.h><br>
#include <arpa/inet.h><br>
+#include <sched.h><br>
<br>
#include "crtools.h"<br>
#include "cr_options.h"<br>
@@ -459,6 +460,12 @@ static int setup_opts_from_req(int sk, CriuOpts *req)<br>
if (req->has_ghost_limit)<br>
opts.ghost_limit = req->ghost_limit;<br>
<br>
+ if (req->has_empty_ns) {<br>
+ opts.empty_ns = req->empty_ns;<br>
+ if (req->empty_ns & ~(CLONE_NEWNET))<br>
+ goto err;<br>
+ }<br>
+<br>
if (req->n_irmap_scan_paths) {<br>
for (i = 0; i < req->n_irmap_scan_paths; i++) {<br>
if (irmap_scan_path_add(req->irmap_scan_paths[i]))<br>
diff --git a/crtools.c b/crtools.c<br>
index fef5657..0dc9085 100644<br>
--- a/crtools.c<br>
+++ b/crtools.c<br>
@@ -67,6 +67,7 @@ void init_opts(void)<br>
opts.ps_socket = -1;<br>
opts.ghost_limit = DEFAULT_GHOST_LIMIT;<br>
opts.timeout = DEFAULT_TIMEOUT;<br>
+ opts.empty_ns = 0;<br>
}<br>
<br>
static int parse_ns_string(const char *ptr)<br>
@@ -272,6 +273,7 @@ int main(int argc, char *argv[], char *envp[])<br>
{ "lsm-profile", required_argument, 0, 1071 },<br>
{ "timeout", required_argument, 0, 1072 },<br>
{ "external", required_argument, 0, 1073 },<br>
+ { "empty-ns", required_argument, 0, 1074 },<br>
{ },<br>
};<br>
<br>
@@ -543,6 +545,14 @@ int main(int argc, char *argv[], char *envp[])<br>
if (add_external(optarg))<br>
return 1;<br>
break;<br>
+ case 1074:<br>
+ if (!strcmp("net", optarg))<br>
+ opts.empty_ns |= CLONE_NEWNET;<br>
+ else {<br>
+ pr_err("Unsupported empty namespace: %s", optarg);<br>
+ return 1;<br>
+ }<br>
+ break;<br>
case 'V':<br>
pr_msg("Version: %s\n", CRIU_VERSION);<br>
if (strcmp(CRIU_GITID, "0"))<br>
@@ -791,6 +801,9 @@ usage:<br>
" pipe[inode]\n"<br>
" socket[inode]\n"<br>
" files[mnt_id:inode]\n"<br>
+" --empty-ns {net}\n"<br>
+" Create a namespace, but don't restore its properies.\n"<br>
+" An user will retore them from action scripts.\n"<br>
"\n"<br>
"* Logging:\n"<br>
" -o|--log-file FILE log file name\n"<br>
diff --git a/include/cr_options.h b/include/cr_options.h<br>
index 5c0e633..a6f0b3e 100644<br>
--- a/include/cr_options.h<br>
+++ b/include/cr_options.h<br>
@@ -106,6 +106,7 @@ struct cr_options {<br>
bool lsm_supplied;<br>
char *lsm_profile;<br>
unsigned int timeout;<br>
+ unsigned int empty_ns;<br>
};<br>
<br>
extern struct cr_options opts;<br>
diff --git a/net.c b/net.c<br>
index eab640f..a4265dc 100644<br>
--- a/net.c<br>
+++ b/net.c<br>
@@ -1064,16 +1064,18 @@ int dump_net_ns(int ns_id)<br>
return -1;<br>
<br>
ret = mount_ns_sysfs();<br>
- if (!ret)<br>
- ret = dump_netns_conf(fds);<br>
- if (!ret)<br>
- ret = dump_links(fds);<br>
- if (!ret)<br>
- ret = dump_ifaddr(fds);<br>
- if (!ret)<br>
- ret = dump_route(fds);<br>
- if (!ret)<br>
- ret = dump_rule(fds);<br>
+ if (!(opts.empty_ns & CLONE_NEWNET)) {<br>
+ if (!ret)<br>
+ ret = dump_netns_conf(fds);<br>
+ if (!ret)<br>
+ ret = dump_links(fds);<br>
+ if (!ret)<br>
+ ret = dump_ifaddr(fds);<br>
+ if (!ret)<br>
+ ret = dump_route(fds);<br>
+ if (!ret)<br>
+ ret = dump_rule(fds);<br>
+ }<br>
if (!ret)<br>
ret = dump_iptables(fds);<br>
if (!ret)<br>
@@ -1090,21 +1092,23 @@ int dump_net_ns(int ns_id)<br>
<br>
int prepare_net_ns(int pid)<br>
{<br>
- int ret;<br>
+ int ret = 0;<br>
NetnsEntry *netns = NULL;<br>
<br>
- ret = restore_netns_conf(pid, &netns);<br>
- if (!ret)<br>
- ret = restore_links(pid, &netns);<br>
- if (netns)<br>
- netns_entry__free_unpacked(netns, NULL);<br>
-<br>
- if (!ret)<br>
- ret = restore_ifaddr(pid);<br>
- if (!ret)<br>
- ret = restore_route(pid);<br>
- if (!ret)<br>
- ret = restore_rule(pid);<br>
+ if (!(opts.empty_ns & CLONE_NEWNET)) {<br>
+ ret = restore_netns_conf(pid, &netns);<br>
+ if (!ret)<br>
+ ret = restore_links(pid, &netns);<br>
+ if (netns)<br>
+ netns_entry__free_unpacked(netns, NULL);<br>
+<br>
+ if (!ret)<br>
+ ret = restore_ifaddr(pid);<br>
+ if (!ret)<br>
+ ret = restore_route(pid);<br>
+ if (!ret)<br>
+ ret = restore_rule(pid);<br>
+ }<br>
if (!ret)<br>
ret = restore_iptables(pid);<br>
if (!ret)<br>
diff --git a/protobuf/rpc.proto b/protobuf/rpc.proto<br>
index 4f6ed8d..fac4b9f 100644<br>
--- a/protobuf/rpc.proto<br>
+++ b/protobuf/rpc.proto<br>
@@ -89,6 +89,7 @@ message criu_opts {<br>
optional uint32 ghost_limit = 35 [default = 0x100000];<br>
repeated string irmap_scan_paths = 36;<br>
repeated string external = 37;<br>
+ optional uint32 empty_ns = 38;<br>
}<br>
<br>
message criu_dump_resp {<br>
--<br>
2.4.3<br>
<br>
_______________________________________________<br>
CRIU mailing list<br>
<a href="mailto:CRIU@openvz.org" target="_blank">CRIU@openvz.org</a><br>
<a href="https://lists.openvz.org/mailman/listinfo/criu" rel="noreferrer" target="_blank">https://lists.openvz.org/mailman/listinfo/criu</a><br>
</blockquote></div>