[Devel] [PATCH] spfs: start SPFS manager in containers network namespace

Stanislav Kinsburskiy skinsbursky at virtuozzo.com
Fri Dec 22 19:30:24 MSK 2017


This is needed because in case of killing of a container with SPFS manager
inside (due to any restore error) all the network namespaces of container
processes will be marked to drop SUNRPC packets (libvzctl does it on fast stop).

This in turn happens, because we want to be able to kill container with
blocked network and NFS mount inside.

Thus all the processes, belonging to VE cgroup have to have containers
network namespaces otherwise SUNRPC trafic is dropped in init network
namespace, like it happens now.

https://jira.sw.ru/browse/PSBM-79733

Signed-off-by: Stanislav Kinsburskiy <skinsbursky at virtuozzo.com>
---
 criu/spfs.c |   21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/criu/spfs.c b/criu/spfs.c
index 6ce2ac8..d46fe11 100644
--- a/criu/spfs.c
+++ b/criu/spfs.c
@@ -21,6 +21,7 @@
 #include "spfs.h"
 #include "proc_parse.h"
 #include "cgroup.h"
+#include "net.h"
 
 #define SPFS_MANAGER_WORK_DIR		"/run/spfs-manager/%d"
 #define VE_SPFS_MANAGER_WORK_DIR	"/vz/private/%s/dump/spfs-manager/%d"
@@ -121,7 +122,7 @@ static char *spfs_manager_log_dir(void)
 	return work_dir;
 }
 
-static int start_spfs_manager(void)
+static int __start_spfs_manager(void)
 {
 	char *spfs_manager = "spfs-manager";
 	char *socket_path = spfs_manager_socket_path();
@@ -159,6 +160,24 @@ static int start_spfs_manager(void)
 	return sock;
 }
 
+static int start_spfs_manager(void)
+{
+	int old_net_ns, sock;
+
+	if (switch_ns(root_item->pid->real, &net_ns_desc, &old_net_ns)) {
+		pr_err("failed to switch to containers network namespace\n");
+		return -1;
+	}
+
+	sock = __start_spfs_manager();
+
+	if (restore_ns(old_net_ns, &net_ns_desc)) {
+		pr_err("failed to restore original usernsd network namespace\n");
+		return -1;
+	}
+	return sock;
+}
+
 static int get_spfs_mngr_sock(void *start, int fd, pid_t pid)
 {
 	int sock;



More information about the Devel mailing list