[Devel] Re: [PATCH 4/5] cr: checkpoint and restore task credentials
Serge E. Hallyn
serue at us.ibm.com
Thu May 14 06:58:03 PDT 2009
Quoting Alexey Dobriyan (adobriyan at gmail.com):
> On Thu, May 14, 2009 at 12:18:50PM +0400, Alexey Dobriyan wrote:
> > On Mon, May 11, 2009 at 11:05:39AM -0500, Serge E. Hallyn wrote:
> > > --- a/checkpoint/objhash.c
> > > +++ b/checkpoint/objhash.c
> > > +#define CKPT_MAXGROUPS 15
> > > +#define MAX_GROUPINFO_SIZE (sizeof(*h)+CKPT_MAXGROUPS*sizeof(gid_t))
> > > +/* move this fn into kernel/sys.c next to group functions? */
> > > +static int checkpoint_write_groupinfo(struct ckpt_ctx *ctx,
> > > + struct group_info *g)
> > > +{
> > > + int ret, i, size;
> > > + struct ckpt_hdr_groupinfo *h;
> > > +
> > > + if (g->ngroups > CKPT_MAXGROUPS) {
> > > + ckpt_debug("Too many groups: %d (max is %d)\n",
> > > + g->ngroups, CKPT_MAXGROUPS);
> > > + return -E2BIG;
> > > + }
> >
> > Ooh, a hack :-)
> >
> > > + size = sizeof(*h) + g->ngroups * sizeof(__u32);
> > > + h = ckpt_hdr_get_type(ctx, size, CKPT_HDR_GROUPINFO);
> > > + if (!h)
> > > + return -ENOMEM;
> > > +
> > > + h->ngroups = g->ngroups;
> > > + for (i = 0; i < g->ngroups; i++)
> > > + h->groups[i] = GROUP_AT(g, i);
> > > +
> > > + ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) h);
> > > + ckpt_hdr_put(ctx, h);
> > > +
> > > + return ret;
> > > +}
> >
> > > +/*
> > > + * write the user struct
> > > + * TODO keyring will need to be dumped
> > > + */
> > > +#define UNSAVED_NS_MAX 5
> >
> > Another hack :-)
> >
> > This is an invitation to discuss what to do with references to future,
> > especially given that object image can be variable-size _and_
> > streamability on dump.
> >
> > In case of user->user_ns->creator, we can avoid the issue and dump creator
> > first.
>
> Aieee, user_ns are also hierarchical and ->creator points to outside of
> hierarchy.
We don't checkpoint the final, top-most creator, the one which created
the user namespace in which the top checkpointed task belongs. Instead
we mark the user_ns as 'CKPT_USERNS_INIT'. So every user_struct and
user_ns which we checkpoint will be in or under that namespace.
-serge
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list