Dumping them is performed via parasite, since calling the getgroups
is the only way of getting the complete list. Currently the nr of
groups to dump is limited explicitly with the size of shared memory
between crtools and parasite. This is MUCH more that we have seen
on real apps so far.
Restoring is done early, before restorer blob not to carry the undefined
array of grpous in there. This is OK, since groups do not affect us at
that point and are not affected by subsequent creds restore.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Getting groups can be done vie proc, but there's only 32 on them,
while task may have up to 65k :( We will use parasite for that and
thus require this syscall definition.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Currently move there the secbits dumping, which is not dumped
via misc-dumping command. This patch is required to support
per-task groups dumping (setgroups/getgroups) -- we'll have to
drain the groups from parasite.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
There's a shared memory between crtools and parasite. No need in copying
args back and forth, just get the args pointer in crtools and work on it.
Where not possible (misc, fds drain) do explicit memecpy (to be fixed).
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
I believe this make sense to keep this structure
in pstree.h where pstree related data lives.
Also I've added some comments on struct pid members.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
- @list member closer to @children
- add some comments on memebers
- add space lines for members grouping
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Remove the restorer-log and link log-simple into restorer
blob. Now we can use the normal pr_foo API.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
It's supposed to be used by parasite and restorer blob. It
has API equal to the core one -- with setfd, set_loglevel and
(the main thing) print_on_level fn. It currently supports only
strings, decimal and hex numbers (int and long).
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This as well releases pb entry on error path, not
a big deal since we're exiting in case of error
but still.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This is a bit fishy that we do init @children list here
but not @list itself. Better be solid and init everything
in one place.
Also no need to poke @threads and @nr_threads, we're using
xzalloc here anyway.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Acked-by: Andrey Vagin <avagin@parallels.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
It's a deep first search used here so the code can be shrinked.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
I find this handy.
Looks-good-to: Cyrill Gorcunov <gorcunov@openvz.org>
Acked-by: Andrew Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
cmd is declarated in parasite-head-x86-64.S
__export_parasite_cmd:
.long 0
Its size is 4 bytes, so it should be int instead of long.
This patch fixes a bug in parasite execute,
where a part of args are overwritten by cmd.
memcpy(ctl->addr_cmd, &cmd, sizeof(cmd));
Reported-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
When dumping pages we use 3 commands for parasite -- prep,
dump (per-vma) and fini. Open the pagemap file in prep,
insteam of in each per-vma dump.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The system termios structure and our PB
equivalent defined quite different, while
first defined as plain array we use dynamically
allocated memory. Thus the use of min() macro
is incorrect here and always produce the size of
pointer.
Fix it using the size of array from the system
provided structure. The BUILD_BUG_ON will prevent
from accidental changes.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Test pty03 is not yet ready for ns, will be addressed later.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
In case if we enter the new rootfs don't forget to
mount devpts, otherwise ttys can't be connected.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Acked-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We don't need to umount each points one by one,
if we are goning to do pivot_root().
"""
pivot_root moves the root file system of the current process to the
directory put_old and makes new_root the new root file system.
"""
So I suggest to do pivot_root() and then detach the old root, all
other mount points will be unmounted automatically.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
It's need add format to fprintf to avoid following error in Ubuntu 12.04:
msg.c:59:2: error: format not a string literal and no format arguments [-Werror=format-security]
Signed-off-by: Victor Konyashkin <vkonyashkin@parallels.com>
Acked-by: Andrey Vagin <avagin@openvz.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
It reads /proc/PID/fd and close all descriptors except service fds.
v2: s/is_one_of_service_fds/is_any_service_fd
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
All operations with files should be relative to mntns_root
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
sendfile uses sendpage() and all data are splitted on pages and
a new skb is allocated for each page. It creates a big overhead on SNDBUF.
sendfile() isn't suatable for DGRAM sockets, because message boundaries
should be saved.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
If a socket queue doesn't have a free space, a error should be returned,
because nobody reads this socket.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We don't need to clean_mnt_ns(), if we are goning to do pivot_root().
"""
pivot_root moves the root file system of the current process to the
directory put_old and makes new_root the new root file system.
"""
So I suggest to do pivot_root() and then detach the old root, all
other mount points will be unmounted automatically.
This patch fixes a problem, when a new root is mounted above a non-root
mount point. It's a default configuration for OpenVZ.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
For executing an external tools we need to block a SIGCHLD
and to juggle file descriptors.
SIGCHLD is blocked for getting an exit code.
A problem with file descriptors can be if we want to set 2 to STDIN,
1 to STDERR, 0 to STDOUT for example.
v2: use helpers reopen_fd_as and move_img_fd
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Probably sys_recvmsg was used earlier, which returns a error code.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
No need to panic if image corrupted and we can exit
out graciously.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
By default crtools shouldn't modify the environment, except for
killing the dumped tasks. The link remap does so and should sit
under explicit cmdline option.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
These are not ghost, as they are still on fs, so we cannot take
them with us in the image. Neither we can easily find the other name
of that file. Sad :(
To make it work we linkat() the new name to that file using the
AT_EMPTY_PATH flag to link directly to the opened fd. If we could
openat() the fd's parent we would better do it, but we can't and
thus have to create the link name by explicit absolute path :(
This modifies the fs we're dumping, so I'll introduce one more cmd
line option for that soon.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
For linked remaps we'll use similar technique as for ghost
files, but lighter. For that sake make reg_file_info remap
to file_remap, not to the whole host_file.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
