When we fork a pidns init there's no need in specifying its pid,
as it will be autogenerated to 1. Clean the code not to mess with
the last_pid sysctl at all in that case, rather than just omitting
the write into it.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
When we restore a pid namespace the root task will get some unknown pid
in the original (i.e. -- the ns crtools a launched from) one. To find
this pid out one can use this option -- it will make the pid obtained by
the new init to be written into a pid file.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This field was lost while switching to protobuf -- the vma images
were used by parasite as plain array and it was easier to reseve
this space in the image. Now it's too late to change this, so make
it be -1 always.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Support only basic packet socket functionality -- create and bind.
This should be enough to start testing dhclient inside container.
Other stuff (filter, mmaps, fanouts, etc.) will come later.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The pb_read thing is no longer a macros. This will allow to
factor out objects collecting on restore.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
When processes are restored in PIDNS, the controll process (crtools)
don't know a real pid of processes, but it knows a pid of init.
crtools can kill init and all other processes will be killed too.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
On this stage crtools unlink old socket files, create ghost files and etc,
so we should be in a correct namespace.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The pstree_item for helpers is allocated without rst_info.
Before this patch prepare_fd_pid was executed for such items and
touched rst_info.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Only the fact of the fd presence, its flags and fown and the sigmask.
The sigpending state is tightly coupled with the task's sigpending
state which is not yet supported.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We need proc for restoring processes. The existent /proc may be not suitable.
E.g. If processes are in pidns.
crtools mounts procfs in a temporary directory, but it should be
umounted at the end. Before this patch crtools did that, but
it doesn't work if processes in a mount namespace.
Actually this logic can be simplified and this patch does that.
* create a tmp dir
* mount procfs
* open this directory and save a file descriptor.
* detach procfs
* remove the tmp dir
* access to proc via openat, statat and so on.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This requires some exlanations
- Since we use protobuf data in restorer
code we need to carry a copy of appropriate
PB entities in resident memory. For this
sake task_restore_core_args and thread_restore_args
were significantly reworked. In short -- the caller
code fills PB structures into task arguments space.
v3:
- Combine everything arch related to thread_info field,
and make it optional
- Drop "version" field from message, we check version in
another specific message
- Don't forget to call core_entry__free_unpacked where needed
- We continue dumping FPU state, still it's not yet restored
v4:
- Don't carry task_core_entry and task_kobs_ids_entry for
threads, and yield error if present in image.
v5:
- Allocate core_entry depending on type of task being dumped
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We haven't tested it for several monthes and there's no evidence
it is required at all. For dumping a single task -t option works
just fine.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Currently we store the images version in the core file. This is
bad, since core file describes a single process (or thread) and
says nothing about the images set as a whole (let alone the fact
that it's being parsed too late).
Thus introduce the inventory image file which describes the image
set the way we need (want). For now the only entry in it is the
images version. In the future it can be extended.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
v2:
- Use regular uint types in message proto
- Use PB engine for "show"
v3:
- drop usage of temp. variable in prepare_shmem_pid
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Because the MmEntry has a "repeated" field, we
copy aux vector explicitly and reserve space for
it in task args.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
1. Mountinfo should be collected after we have forked into new namespace (strictly
speaking this is so)
2. When restoring a mnt ns we can reuse the collected mntinfos rather than reading
them again.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
As described in the previous patch, process group leaders are restored in
the first phase, then all other processes restores pgid.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Pgid leader should become such before any other task tries
to enter this group (with setpgid). Thus we introduce a yet
another global sync point -- before it all pgid leaders call
setpgid after it all the others do it.
v2: wait while helpers restored pgid
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Checkpoint and restore of fifo is similar to
pipes c/r except the pipe end-points are named
file.
Because the fifo has a name we use regular files
facility for fifo path c/r.
Still there is a trick used to "open" fifo:
the opening procedure migh sleep if a fifo's peer
is not yet opened, so before doing a real open
we yield a fake open procedure (with O_RDWR flag)
which prevents us from sleeping even if peer
is not yet ready. Also we need writable fifo
end to restore data queued.
v2:
- add open/priv members to reg_file_info
- make open_fifo_fd to use open_fe_fd
- comment on pipe_id
- make sure the fifo data is not restored twice
v3:
- drop useless fixme comment and add sane one
v4:
- Use restore_data flag to escape data restore duplication
- Use S_ISREG for file contents copying
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We need own proc for restoring mount namespace, since the proc should
be umounted and mounted back diring namespace restore and I don't want
to introduce a special kludge for this.
One more notice -- the temp proc is mounted _after_ namespaces recreation
for the same reason (it will be umounted by prepare_mnt_ns).
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
These are declared in files-reg.h, so get rid of
them and add files-reg.h inclusion where needed.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Don't fail if a root non-init task has another sid, because
it's inherited from parent and can't be restored and
it's expected behaviour, when a subtree is dumped.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
It's sign, that a parent has been changed sid after forking a child.
We should know a sid with which a process was born, because in a processes
chain, more then one process might change SID.
v2: fix names of variables
v3: prevent rewriting of born_sid
v4: Abort the restorer with error message if a born_sid can't be determing.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
* Create helpers for processes which have been reparented to init.
* Insert helpers in a process tree.
* Helpers will exit after constructing a process tree.
v2: fix variables names and check errors
v3: add comments in code
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
They will be used for restoring sid. For example, if a session
group leader is absent, a helper process is created with this id
and it will die after restoring all other tasks.
Before this patch restore failed if anyone exited.
Now we should skip helpers, which exited successfully. It's a bit tricky.
All children are collected in sigchld_handler, but we have a point,
where we want to wait all helpers. For that waitpit is used and ECHLD
is ignored, because it signs that a helper exited and has been waited in
sigchld_handler.
v2: check that me isn't NULL in the sig handler
v3: move code about waiting helpers in a separate function
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
It will be used for allocating PIDs for helper tasks
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
to require dumping pid namespace. Dump and restore will be failed if
a tress doesn't contain a process init.
pid namespace will be created implicitly if a process init in the tree.
v2: fix comments from Pavel
v3: Restore of pidns should be approved by user
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Util it's very critical for speed we should
not use unsafe sprintf helper, we're root-granted
program and must be as safe as possible.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Create a tmp directory and mount proc from a target pid ns.
This proc will show pid-s from the target pid ns.
crtools uses map_files for restoring sharing mappings.
the tmp directory is removed after restore.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
v2: rework this by using openat() and service fds for proc root.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
A pid namespace is created if a pid of the first task is 1.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Add struct pid and use it everywhere. This struct contains
two fields: pid and real_pid.
real_pid is a pid outside of the target pid namespace.
pid is in the target pid namespace
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
v2: Synchronize the argument type of __alloc_pstree_item and the
values you put into it. I.e. int-int or bool-bool, not bool-int.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Taking into account the way the dump saves pstrees in the image.
If pstree.img isn't edited, a slow path should not be executed at all.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
because they describes a process TREE.
It's usefull, when we dump tasks from another pid namespace,
because a real pid is got from parasite. In previous version
we need to update pid in two places one is in a pstree_item and
one is in a children array.
A process tree will be necessery to restore sid and pgid,
because we should add fake tasks in a tree. For example if
a sesion leader is absent.
v2: fix rollback actions
v3: fix comments from Pavel Emelyanov
* add macros for_each_pstree_item
* and a few bugs
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
