A static test should not change its state during C/R.
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Otherwise we can see this error:
5: Old files lost: set([])
5: New files appeared: set(['5', '6'])
Reported-by: Mr Jenkins
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Do so as in user-namespace on mainstream kernel writing to file
with suid bit set always cleares these bit, regardless to CAP_FSETID.
(see in should_remove_suid plane capable() is used, and same in VZ7)
Also we have an alternative to wait while several patches will get
in MS kernel:
[PATCH v4 0/7] Initial support for user namespace owned mounts
https://lkml.org/lkml/2015/9/23/591
[PATCH v2 12/18] fs: Don't remove suid for CAP_FSETID in s_user_ns
http://www.spinics.net/lists/linux-fsdevel/msg92533.html
Got error while suspending/resuming file_attr test in VZ7CT:
CT-102 criu# cat test/zdtm/live/static/file_attr.out
13:11:01.952: 30635: FAIL: file_attr.c:96: permissions have changed
(errno = 11 (Resource temporarily unavailable))
https://jira.sw.ru/browse/PSBM-41401
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Currently criu dump may hang indefinitely. E.g. in wait for task
that blocked in vfork() or task could be in D state for some other
reason. This patch adds time limit on collecting tasks during the
dump operation. If collecting processes takes too long, the dump
process will be terminated. Timeout is 5 seconds by default, but
it could be changed via parameter.
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This moves cleanup code from cr_dump_tasks()/cr_pre_dump_tasks()
into separte functions. No functional changes here.
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Obviously we should print pre_dump_ret value if pre-dump failed.
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Use 'goto err;' everywhere. Remove 'pstree_switch_state(root_item, TASK_ALIVE)'
on error path as all collect_pstree() callers do this if collect_pstree()
failed.
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
1. Use PROC_SELF instead pid as prepare_pid_* used on restore only to
set value to current process.
2. Do not set default values.
Signed-off-by: Dmitry Safonov <dsafonov@odin.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
v2:
Added free of original cg->path.
Signed-off-by: Stanislav Kinsburskiy <skinsbursky@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
v2:
Check for empty string is simplified
Signed-off-by: Stanislav Kinsburskiy <skinsbursky@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This patch brings add_to_string() and construct_string() helpers.
They allow to create a string with variable amount of parameters in sprintf()
manner, but supporting string allocation (and reallocation if necessary)
v2:
1) Helpers were renamed to xstrcat() and xsprintf() respectively.
2) Added printf attributes to force compiler check
Signed-off-by: Stanislav Kinsburskiy <skinsbursky@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
restore_creds uses prctl, so if we block this call in the seccomp filter
test, it causes things to fail (hang actually, seems we have some unhandled
error path here).
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Note that this doesn't actually fix the problem, because seccomp could
block the setuid call, and since we're now restoring when the task isn't
ptraced and in SECCOMP_SUSPEND mode, we can't guarantee that the seccomp
filters won't be suspended.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
In order to restore seccomp correctly, we need to do it before
restore_creds() in the restorer blob. But, if the seccomp policy forbids
e.g. prctl, if the task doesn't have SUSPEND_SECCOMP set it will die when
trying to restore creds. To solve this, we break attach_to_tasks up into
two parts: 1. we attach and set SUSPEND_SECCOMP (but let the tasks continue
normally), and then after the RESTORE_CREDS stage we 2. attach to the tasks
and stop them on the final sigreturn.
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We call mount from one namespace and umount from another namespace,
so we check that their parents are from one shared group.
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Now we save files, maps and mounts for each test process
and we need to compare them separately for each process.
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Restore dumpable flag after setfsuid to assure that created /proc/self/*
file inode had task's credentials. Without it it would have root creds
and trying to access proc files of task will fail from non-root user
in generic vfs permission check.
Signed-off-by: Dmitry Safonov <dsafonov@odin.com>
Acked-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Since commit ea747b075508faa5780553969d87fb21fa3c487a receive queue for
such DGRAM sockets restores twice: in open_unix_sk() and post_open_unix_sk().
It should be made only once. So, keep that commit logic only for sockets
without alive sender.
Signed-off-by: Kirill Tkhai <ktkhai@odin.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
It is restored from the userns.
21:22:31.443: 4: FAIL: loginuid.c:93: loginuid value 3 is different after restore: 100003
Cc: Dmitry Safonov <dsafonov@odin.com>
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Reviewed-by: Dmitry Safonov <dsafonov@odin.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Noticed this when I was looking over the LSM code for Cyrill's task =>
thread creds set. We set this to null to save some work later, but we
forget to free it first.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
unseize_task_and_threads sends SIGKILL in unseize_task under condition
(st == TASK_DEAD). Which obviously kills task.
Move freezer_detach after pstree_wait to detach only from alive tasks
to get rid of the following errors:
(00.242163) Error (seize.c:223): Unable to detach from 23064
: No such process
(00.242177) Error (seize.c:223): Unable to detach from 23065
: No such process
Signed-off-by: Dmitry Safonov <dsafonov@odin.com>
Acked-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
... so it can be used from non-root:
(Higher value means it would be killed earlier so everyone should be
possible to change his value to bigger than zero)
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
System call sys_fcntl() in _some_ kernels can silently drop some flags during
set and return success code.
This patch adds double check, that all the fd flags were really set.
Signed-off-by: Stanislav Kinsburskiy <skinsbursky@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Patch restores freezer cgroup state between finalize_restore stages.
It should be done after first stage because we cannot unmap restorer blob
from frozen process, and before second stage because we must freeze processes
before they continue run.
We also need to move fini_cgroup between these stages to provide freezer
cgroup state restorer access to cgroup mount directories.
Error handlers contains fini_cgroup, so we are sure that fini_cgroup call
won't be missed.
Patch restores state only for one freezer cgroup from --freeze-cgroup option,
not all states from whole hierarchy, because CRIU supports checkpoint from
freezer cgroup hierarchy only with THAWED state, except root cgroup from
--freeze-cgroup option.
Signed-off-by: Evgeniy Akimov <geka666@gmail.com>
Signed-off-by: Eugene Batalov <eabatalov89@gmail.com>
Acked-by: Andrew Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
First stage of finalize_restore unmaps the restorer blob, second stage
detaches from processes. After first stage process tree is completely
restored and processes are ready to continue run through sigreturn.
This splitting allows us to execute something between these stages (e.g.
restore freezer cgroup state).
Signed-off-by: Evgeniy Akimov <geka666@gmail.com>
Signed-off-by: Eugene Batalov <eabatalov89@gmail.com>
Acked-by: Andrew Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
CRIU sets freezer.state to "THAWED" during process tree dumping. That's why
we can't simply save freezer.state file contents to cgroups image. New
special function get_real_freezer_state() returns freezer cgroup state
observed before CRIU dumping start. Patch puts its return value to dump file.
Signed-off-by: Evgeniy Akimov <geka666@gmail.com>
Signed-off-by: Eugene Batalov <eabatalov89@gmail.com>
Acked-by: Andrew Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
In this case it has an external master_id and we want to test that
criu can handle it correctly.
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The thread_bomb test was rewrited and
ZDTM_THREAD_BOMB should be equal 5 now.
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
It works for tests which are executed in a separate pidns
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
