When we don't know mnt_id, we don't know to which namespace a file
belongs.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This patch removes the global mntinfo_tree and collect_mount_info where
it was constructed. The mntinfo list is filled from dump_mnt_ns,
rst_collect_local_mntns, collect_mnt_namespaces and read_mnt_ns_img.
A mountinfo entry contains a reference on a proper ns_id entry, so
we cau use mnt_id to look up a proper mount namespace.
v2: remove trash after rebasing.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
On restore all namespaces are restored as one tree and
a pointer on the root of this tree will be set on each namespace.
Below you can find a call trace, where it's used:
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Kernels before 3.15 doesn't show mnt_id and mnt_id isn't saved in
images, if mntns isn't dumped.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We are going to dump nested mount namespaces, so we move the mountinfo
list on the namespace structure.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
On restore all mount namespaces are restored in the root mntns and
sub-namecpeaces are restored in temorary places.
This function allows to get paths to these places.
It will be used in open_remap_ghost(), because it's called in the root
task, when other tasks are not forked yet.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We are going to support nested mount namespaces,
file descriptors can be from different namespaces,
so a namespace root must be updated for each of them.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We are going to support nested mntns, so the global mntinfo_tree
variable are useless and information about tree should be connected
to a proper namespace.
But when we don't dump mntns, we need to collect mounts for the current
mntns.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
It will fill mntinfo list and this is internal logic of mount.c
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We are going to support nested mount namespaces and each NS has own
tree. The mount tree is used for checking that a file is reachable.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We are going to support nested mount namespaces, so files can be opened
from more than one namespace and a root must be collect for each file.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Now we supports sub-mntns, so root_ns_mask sounds more correct than
current_ns_mask.
v2: typo fix
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Known issue:
* currently only namespaces with the same root is supported
* nested namespaces can be dumped and restored only if the root task
has own mount namespace.
All nested namespaces are restored in a root namespace in temporary
directories. All mount points restored in one tree and then they are
divided into namesaces.
The task with minimal pid for each namespaces unshared mntns and
then it makes pivot_root in a proper temporary directory. All other
tasks makes setns to enter into a mount namespace of the task with
minimal pid.
v2: clean up
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
All non-root namespaces will be restored as sub-trees of the root tree.
This patch adds helpers to create a temporary directory and mount tmpfs
in it, then create directories for each non-root mount namespace.
tmpfs is quite useful here to simplify destroying this construction,
we don't need to unmount each namespace separately.
v2: add a comment why MNT_DETACH is not dangerous here
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
read_mnt_ns_img() is splited on two parts. The first part enumirates all
namespaces and call the second part, which read a proper image file.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Currently we support nested mount namespaces, only if all of them have
the same path to the root.
crtools doesn't mount root, so it should be bind-mounted for all namespaces.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Each sub-namespace is restored as sub-tree of the root mntns, so
the parent of sub-mntns root is the root of the root mntns.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
When we'll restore nested mount namespaces, all but root ones (sub-namespaces)
will be restored as sub-mounts in the root mount namespace. So mi->mountpoint
will be not '/' even if a mount is root for its mntns.
v2: s/is_root/is_ns_root/
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We are going to restore nested mount namespaces and we will need to
change root for each of them.
v2: don't call chdir in a second time, because a path may be relative
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Currently it's initialized for the root mount namespace, but we are
going to dump nested mount namespaces.
It's used in open_mountpoint(), which is used in dump_tmpfs() and in
other callbacks.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We're about to collect root several times in a row, so keeping
the old one isn't required.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
BTRFS returns subvolume dev-id instead of superblock dev-id,
so we need to know which mounts are btrfs.
The mi->fstype->name is "unsuppoerted" here, because the fstype->code
is saved in an image
{
.name = "unsupported",
.code = FSTYPE__UNSUPPORTED,
},
{
.name = "btrfs",
.code = FSTYPE__UNSUPPORTED,
}
An a second reason is that pocesses can be migrated from smth to btrfs.
This all can happen _only_ for the root mount and for bind mounts of
the root mount...
Signed-off-by: Andrew Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
"relative path" is absolute path with dot at the beginning.
We already use relative paths on restore. In this patch we add "."
on dump too. It's convinient, because we needed to add dot each time
when we want to access this mount point.
Before this patch we had to created a temporary copy.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Now we have two funсtions which do mostly the same, so this patch merges
them.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
st_dev and s_dev have different formats.
st_dev is (MAJOR(dev) << 8) | MINOR(dev)
s_dev is (MAJOR(dev) << 20) | MINOR(dev)
so we need to convert one of them
v2: use kdev_to_odev
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Only one function use DIR, so I don't see reason to return it
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
It's already used for dumping files and it will be used for restoring,
so it should be service fd to avoid intersection with restored
descriptors.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The root mount is an external mount and its source can be not '/'.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The source of the root mount may be not equal to "/" and we need to take
this fact into account, when we bind-mount it to somewhere.
For example:
11877 ? Ss 0:00 ./bind-mount --pidfile=bind-mount.pid --outfile=bind-mount.out --dirname=bind-mount.test
11880 ? Ss 0:00 \_ ./bind-mount --pidfile=bind-mount.pid --outfile=bind-mount.out --dirname=bind-mount.test
[root@avagin-fc19-cr crtools]# cat /proc/11880/mountinfo
68 42 8:3 /root/git/crtools/test / rw,relatime - ext4 /dev/sda3 rw,data=ordered
43 68 0:33 / /proc rw,relatime - proc proc rw
44 68 0:34 / /dev/pts rw,relatime - devpts pts rw,mode=666,ptmxmode=666
45 68 8:3 /root/git/crtools/test/zdtm/live/static/bind-mount.test/test /zdtm/live/static/bind-mount.test/bind rw,relatime - ext4 /dev/sda3 rw,data=ordered
The 45 mount is bind-mount of the 68 mount.
mi(45)->root = /root/git/crtools/test/zdtm/live/static/bind-mount.test/test
mi(68)->root = /root/git/crtools/test
so the comman part is "/root/git/crtools/test" and the command is
mount --bind /zdtm/live/static/bind-mount.test/test /zdtm/live/static/bind-mount.test/bind
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The devpts instance was mounted w/o the newinstance option if,
the device number is equal to the root /dev/pts.
I think this condition is strong enough to not mount devpts in a
temporary place.
v2: move the host.bla-bla-bla in kerndat.c
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Reviewed-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Currently we marks all mounts as private before restoring mntns. We do
these to avoid problem with pivot_root.
It's wrong, because the root mount can be slave for an external shared
group. The root mount is not mounted by CRIU, so here is nothing wrong.
Now look at the pivot_root code in kernel
if (IS_MNT_SHARED(old_mnt) ||
IS_MNT_SHARED(new_mnt->mnt_parent) ||
IS_MNT_SHARED(root_mnt->mnt_parent))
goto out4;
So we don't need to change options for all mounts. We need to remount
/ and the parent of the new root. It's safe, because we already in another
mntns.
v2: simplify code
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The root mount isn't always private. For example it is mounted
as a slave in LXC 1.0 containers. So we need to execute logic
about propogation for the root mount too.
v2: move all logic about the root mount in a separate function
v3: make code more readable
v4: do_mount_root() looks like other do_*_root() functions
Reported-by: David Shwatrz <dshwatrz@gmail.com>
Cc: David Shwatrz <dshwatrz@gmail.com>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The current code think that /vz/lxc/centos-6-x86_64-root is
in /vz/lxc/centos-6-x86_64.
If the path is not equal to mountpoint, we need to check, that
path contains a slash after mountpoint.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This should be done before restoring a mount tree. This patch is a part
of the series about moving pivot_root, which has been committed.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We are using tar for resting tmpfs. Currently we execute tar from a
restored root, but nobody guarantees that it is there and that it's
really tar.
We don't have reason to change root too early. Lets live in a source
root as long as we can, because we can be sure that it's consistent.
https://bugzilla.openvz.org/show_bug.cgi?id=2870
v2: remove redundant chdir()
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We are going to restore mounts before changing root. For that the
current dir is changed in a new root and mounts will be restored by
relative paths.
v2: don't use snprintf
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We are going to make pivot_root after restoring mount name-space,
so relative paths will be used for mountpoints.
v2: print correct root in a error message
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
If a process is in another pidns than /proc, the link /proc/self doesn't
work.
(00.061569) Error (mount.c:558): Can't bind-mount
46:/zdtm/live/static/tempfs.test to /tmp/cr-tmpfs.gBVwTb: No such file
or directory
But since we've switched to the mount namespace (with setns) we
can just go an open the path by its name.
Reported-by: Urgen Sherpa <urgen.sherpa@nepallink.net>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Some filesystems do not provide open-by-handle functionality. For those,
we should abort fsnotifies dumping, not restoring.
The open_mount() changes are about opening mountpoints inside another
mount namespace.
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
If a mount is slave and it has a shared group. crtools must convert it
in slave and only than crtools can make it shared.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The expression in if () becomes quite complex and
deserves a helper with proper explanation of what's
going on.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
