[Devel] [PATCH rh7] ve/devpts: Force devpts mounting to use @newinstance inside VE

Andrew Vagin avagin at gmail.com
Mon Jul 20 05:19:32 PDT 2015 

On Fri, Jul 17, 2015 at 06:33:48PM +0300, Cyrill Gorcunov wrote:
> Modern systemd based containers (such as fedora-21, centos-7) already
> mounting initial devpts filesystem with @newinstance option but it
> turned out that ubuntu-14 lts doesn't, which makes restore procedure
> to fail because we're using get_exec_env as a namespace mark and the
> kernel mounts new superblock for container internally. This is done
> to isolate devpts between containers but criu sees it as filesystems
> mounted with @newinstance option. Thus lets always mount devpts
> inside containers with @newinstance instead, this should not hurt
> anyhow ecxept we need precious testing of docker running inside
> container.

"mount -t devpts XXX XXX" must return the same instance each time. With
your patch it returns a new instance. IMHO this is unexpected behaviour
and it's wrong.

> 
> https://jira.sw.ru/browse/PSBM-34931
> 
> Signed-off-by: Cyrill Gorcunov <gorcunov at virtuozzo.com>
> CC: Andrey Vagin <avagin at virtuozzo.com>
> CC: Vladimir Davydov <vdavydov at virtuozzo.com>
> CC: Konstantin Khorenko <khorenko at virtuozzo.com>
> CC: Pavel Emelyanov <xemul at virtuozzo.com>
> ---
> 
> Guys, take a look please.
> 
>  fs/devpts/inode.c |   17 +++++++++++++++++
>  1 file changed, 17 insertions(+)
> 
> Index: linux-pcs7.git/fs/devpts/inode.c
> ===================================================================
> --- linux-pcs7.git.orig/fs/devpts/inode.c
> +++ linux-pcs7.git/fs/devpts/inode.c
> @@ -449,6 +449,23 @@ static struct dentry *devpts_mount(struc
>  	    (current_user_ns() != &init_user_ns) && !opts.newinstance)
>  		return ERR_PTR(-EINVAL);
>  
> +#ifdef CONFIG_VE
> +	/*
> +	 * Mounts inside VE (startup/restore) should be considered
> +	 * as a newinstance so CRIU would be happy on restore, otherwise
> +	 * because mount_ns() is called with get_exec_env() it never
> +	 * matches ve0's /dev/pts superblock and CRIU assumes that
> +	 * newinstance aslready been passed (as it is on vanilla
> +	 * kernels). After all we don't support container inside
> +	 * container but need to be verified for Docker running
> +	 * inside container.
> +	 *
> +	 * 	-- cyrillos
> +	 */
> +	if (!ve_is_super(get_exec_env()))
> +		opts.newinstance = 1;
> +#endif
> +
>  	if (opts.newinstance)
>  		root = mount_nodev(fs_type, flags, data, devpts_fill_super);
>  	else

More information about the Devel mailing list