That will complement existing CFLAGS_ and ASFLAGS_.
As no one use it yet (I will use it, do not remove) - no need
for convert-everything patch.
Cc: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
It was replaced by zdtm.py.
v2: remove zdtm.sh from other scripts
remove fault-injection, because nobody uses it
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Currently we use int for them, but uid_t and gid_t is unsigned int.
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
While this commit is logically part of the "implement cgns support" commit,
it's worth noting this separately I think: since cgns requires each task to
look at its own proc file, we can now no longer dump unprivileged tasks
whose /proc doesn't belong to them.
This is because unprivileged tasks can't mount /proc, so if their /proc
doesn't belong to them and they need to read it (because they're in a
cgns), the pie code can't do anything about it.
For cgns, we could solve this problem by simply fork()ing and setns()ing to
the tasks pid and cgroup namespaces, and then reading the /proc from that
task instead. (And perhaps we should implement it that way so we can still
dump tasks whose /proc doesn't belong to them, although I don't think
that's a common case.)
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
cgroup namespaces are imminent to be merged into the kernel (indeed, they
went into and out of 4.5 for minor issues), and will be carried as a
patchset in the ubuntu 16.04 kernel. Here's an attempt at c/r.
There are essentially three key steps:
* on dump, in parse_task_cgroup, we should ask the task what cgroups it
thinks it is in (unless it has the same cgroup ns id as its parent, then we
should just take the prefixes from the parent's set), and set the prefix on
the cg set
* add a new restore step, prepare_cgroup_namespace(), which happens in
prepare_task_cgroup() that does an unshare() if necessary
* when restoring, in move_in_cgroup, if we're going to restore via usernsd,
leave the full path. if not, use (cgset->path + len(cgset->cgns_prefix) as
the path, since we will have already moved into the cgns_prefix and unshared.
Another observation here is that we can support nesting, since these are
restored heirarchically by nature.
v2: * store cgns prefix length instead of full prefix in images
* set has_cgroup_ns_id conditionally
* drop unused argument to move_in_cgroup
* add extra comments about what is happening when unsharing() on
restore
* add extra comments about what is happening when computing the actual
cgns prefix
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
v2: print a warning when cgroup ns is not present.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Fixes: afae962c668d ("dockerfile: extract a common part in one file")
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
precise's libc headers are extremly old and don't define SYS_*. trusty's
do, so let's run the travis tests there.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Tests are often run in VMs and 5 seconds on loaded environments might
be not enough to catch transition zdtm tests.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Current zdtm building procedure depends on impilcit
make fules, so bring them back until we moved to
nmk build engine.
Reported-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Otherwise linking may be executed twice
as a forced target.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
AIO rings internally are memory mappings, so they may have restorable
madvise bits on them. Create the mappings before restoring their properties.
Signed-off-by: Ivan Shapovalov <intelfx@intelfx.name>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
> 21.01.2016 02:56, Jann Horn writes:
> Call chain:
>
> cr_dump_tasks -> collect_namespaces(true) ->
> collect_user_namespaces(true) -> walk_namespaces -> collect_user_ns
> -> dump_user_ns -> check_user_ns
>
> This method enters a user namespace with unknown owner with
> euid==(kuid 0). Linux does not guarantee that this is safe; with
> the current upstream kernel, the namespace owner can attach to the
> CRIU process via ptrace and use it to write into /etc/shadow or
> whatever.
Cc: Jann Horn <jann@thejh.net>
Reported-by: Jann Horn <jann@thejh.net>
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Move static and transition into zdtm top. We can't move all the micro
tests themselves, as we need to distinguish static from non static (zdtm.py
makes additional checks on static ones).
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
These two sets are the same -- they test something and ask to be
C/R-ed at the time they do it. No other differences.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
To add a new feature test - add it to FEATURES_LIST.
Cc: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
map is very good at generating rules.
Just map gen function to array of it's parameters.
Don't forget to eval the result.
I'll use it in feature-tests generation and in someday coming
compat 32-bit mode - in x86 makefiles.
Cc: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This reverts commit a98014f306be4b4fefdf01af31e1efa5d83e5e4f.
As per Saied Kazemi, actually dump works without seccomp support
from the kernel on non-seccomped tasks. The only problem was with
criu check, but this would be addressed separately.
Reverting the commit not to burden the API with (yet) unneeded stuff.
Conflicts:
lib/c/criu.h
As was intended from the scratch.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Acked-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
The pie sprintf implementation doesn't know about `z', so let's just use
%lu instead.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
As no user does it explicitly, do this in define, it shall look nicer
than:
parasite_blob: Error (pie/piegen/main.c:121): Can't open file file.oNo such file or directory
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
One may specify other parameters, but not 'f'.
Piegen should output usage() instead of trying to open "file.o"
as -f is explicit.
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Currently our @tar target imples that there
is a tag in form of "vX.X", if such tag is
not present in the repo we're in trouble.
So make it sane
- if tag present then create tar from this tag
- if tag is not present simply use git describe helper
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
- drop unneeded @built-in.o rule
- use proper @CRIU_SO for -soname option
- add dep on version change
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Some places in criu need printing support, but do not need
common variables redefining, therefore separate msg printing
to msg.mk
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
