This works as multi-req thing -- caller issues the
pre-dump request, criu serves it and sends result back.
Then service waits for the next request on the same
session, client doesn't have to re-connect back.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Service shouldn't call client provided scripts, as it
creates a security issue (client may be unpriviledged,
while the service is).
In order to let caller do what it would normally do with
criu-scripts, make criu notify it about scripts. Caller
then do whatever it needs and responds back.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
When RPC is being requested to check the kernel, it's
enough to check the minimal amount of kernel feature.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Since sd_listen_fds() doesn't set errno when returning a value > 1,
it doesn't make sense to use pr_perror(). Use pr_err() instead.
While at it, remove the period from the log message.
[v2: fix function names]
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
If restore fails on early stage(like no images in directory), then root_item
might be uninitialized, so when we are trying to send response with root_item->pid
criu crashes.
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
cr_dump_tasks() may return not only -1 on fail.
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Such constants as CR_MAX_MSG_SIZE and CR_DEFAULT_SERVICE_ADDRESS are need to be used in both service and lib.
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
When pr_perror is used, an error message is appended with a comma
and an strerror(errno), so we should not put a period at the end,
otherwise we'll end up with something like this:
Error: Can't bind.: Permission denied
Found by git grep -w pr_perror | grep '\."'
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
... and don't return -1.
This is a missing part from commit 3477223.
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Makes the criu RPC socket socket-activated with
systemd [1], meaning that systemd will create and listen to
the UNIX socket /var/run/criu-srvice.socket
on behalf of criu until a connection comes in, when it will
then pass control of the socket, along with the first connection
over to a newly spawned criu daemon.
This is similar to inetd, but criu stays around after getting
started, listening itsself on the socket.
[1] http://0pointer.de/blog/projects/socket-activation.html
v2: stripped down sd-daemon.[ch]
moved units to scripts/sd
v3: stripped down further by removing unneeded includes
Signed-off-by: Shawn Landden <shawn@churchofgit.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Currently we have a bug: if no leave_running is set in request, service won't send dump response. We must not send response only if it was a self-dump request and no leave_running option was set.
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Hi!
Now we're ignoring SIGCHLD from forked children.
This patch provides SIGCHLD handler, that will wait for child and write some
information about it's exit status to logfile.
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
These are inherited from parent on fork(), thus need to put them in
clean state.
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Lets use one default log filename. User can set if in request, if needed.
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Lets rename CriuDumpReq to CriuOpts, for the sake of readability and to
avoid coping code for restore mechanism, as CriuDumpReq and
CriuRestoreResp would have almost the same fields. Also, it would be
easier to introduce other types of requests.
Signed-off-by: Ruslan Kuprieiev <kurpuser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
[xemul: Simplified !log_file case and renumbered .proto fields]
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Right now we have an ability to launch the C/R service from root
and execure dump requests from unpriviledged users. Not to be bad
guys, we deny dumping tasks belonging to user, that cannot be
"watched" (traced, read /proc, etc.) by the dumper.
In the future we will use this "engine" when launched with suid
bit, and (probably) will have more sophisticated policy.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
I don't know a reason, when accept() fails once and then goes back to
normal work.
Cc: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
