[Devel] Re: [PATCH 4/5] cr: checkpoint and restore task credentials

Serge E. Hallyn serue at us.ibm.com
Thu May 14 06:58:03 PDT 2009


Quoting Alexey Dobriyan (adobriyan at gmail.com):
> On Thu, May 14, 2009 at 12:18:50PM +0400, Alexey Dobriyan wrote:
> > On Mon, May 11, 2009 at 11:05:39AM -0500, Serge E. Hallyn wrote:
> > > --- a/checkpoint/objhash.c
> > > +++ b/checkpoint/objhash.c
> > > +#define CKPT_MAXGROUPS 15
> > > +#define MAX_GROUPINFO_SIZE (sizeof(*h)+CKPT_MAXGROUPS*sizeof(gid_t))
> > > +/* move this fn into kernel/sys.c next to group functions? */
> > > +static int checkpoint_write_groupinfo(struct ckpt_ctx *ctx,
> > > +					struct group_info *g)
> > > +{
> > > +	int ret, i, size;
> > > +	struct ckpt_hdr_groupinfo *h;
> > > +
> > > +	if (g->ngroups > CKPT_MAXGROUPS) {
> > > +		ckpt_debug("Too many groups: %d  (max is %d)\n",
> > > +			g->ngroups, CKPT_MAXGROUPS);
> > > +		return -E2BIG;
> > > +	}
> > 
> > Ooh, a hack :-)
> > 
> > > +	size = sizeof(*h) + g->ngroups * sizeof(__u32);
> > > +	h = ckpt_hdr_get_type(ctx, size, CKPT_HDR_GROUPINFO);
> > > +	if (!h)
> > > +		return -ENOMEM;
> > > +
> > > +	h->ngroups = g->ngroups;
> > > +	for (i = 0; i < g->ngroups; i++)
> > > +		h->groups[i] = GROUP_AT(g, i);
> > > +
> > > +	ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) h);
> > > +	ckpt_hdr_put(ctx, h);
> > > +
> > > +	return ret;
> > > +}
> > 
> > > +/*
> > > + * write the user struct
> > > + * TODO keyring will need to be dumped
> > > + */
> > > +#define UNSAVED_NS_MAX 5
> > 
> > Another hack :-)
> > 
> > This is an invitation to discuss what to do with references to future,
> > especially given that object image can be variable-size _and_
> > streamability on dump.
> > 
> > In case of user->user_ns->creator, we can avoid the issue and dump creator
> > first.
> 
> Aieee, user_ns are also hierarchical and ->creator points to outside of
> hierarchy.

We don't checkpoint the final, top-most creator, the one which created
the user namespace in which the top checkpointed task belongs.  Instead
we mark the user_ns as 'CKPT_USERNS_INIT'.  So every user_struct and
user_ns which we checkpoint will be in or under that namespace.

-serge
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers




More information about the Devel mailing list