Otherwise linking may be executed twice
as a forced target.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
AIO rings internally are memory mappings, so they may have restorable
madvise bits on them. Create the mappings before restoring their properties.
Signed-off-by: Ivan Shapovalov <intelfx@intelfx.name>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
> 21.01.2016 02:56, Jann Horn writes:
> Call chain:
>
> cr_dump_tasks -> collect_namespaces(true) ->
> collect_user_namespaces(true) -> walk_namespaces -> collect_user_ns
> -> dump_user_ns -> check_user_ns
>
> This method enters a user namespace with unknown owner with
> euid==(kuid 0). Linux does not guarantee that this is safe; with
> the current upstream kernel, the namespace owner can attach to the
> CRIU process via ptrace and use it to write into /etc/shadow or
> whatever.
Cc: Jann Horn <jann@thejh.net>
Reported-by: Jann Horn <jann@thejh.net>
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Move static and transition into zdtm top. We can't move all the micro
tests themselves, as we need to distinguish static from non static (zdtm.py
makes additional checks on static ones).
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
These two sets are the same -- they test something and ask to be
C/R-ed at the time they do it. No other differences.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
To add a new feature test - add it to FEATURES_LIST.
Cc: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
map is very good at generating rules.
Just map gen function to array of it's parameters.
Don't forget to eval the result.
I'll use it in feature-tests generation and in someday coming
compat 32-bit mode - in x86 makefiles.
Cc: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This reverts commit a98014f306be4b4fefdf01af31e1efa5d83e5e4f.
As per Saied Kazemi, actually dump works without seccomp support
from the kernel on non-seccomped tasks. The only problem was with
criu check, but this would be addressed separately.
Reverting the commit not to burden the API with (yet) unneeded stuff.
Conflicts:
lib/c/criu.h
As was intended from the scratch.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Acked-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
The pie sprintf implementation doesn't know about `z', so let's just use
%lu instead.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
As no user does it explicitly, do this in define, it shall look nicer
than:
parasite_blob: Error (pie/piegen/main.c:121): Can't open file file.oNo such file or directory
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
One may specify other parameters, but not 'f'.
Piegen should output usage() instead of trying to open "file.o"
as -f is explicit.
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Currently our @tar target imples that there
is a tag in form of "vX.X", if such tag is
not present in the repo we're in trouble.
So make it sane
- if tag present then create tar from this tag
- if tag is not present simply use git describe helper
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
- drop unneeded @built-in.o rule
- use proper @CRIU_SO for -soname option
- add dep on version change
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Some places in criu need printing support, but do not need
common variables redefining, therefore separate msg printing
to msg.mk
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
- no need for phony pie/piegen, redundant and rather may
cause double execution of a target;
- drop $(ARCH_DIR) from pie deps, initially it should be syscall-lib,
but pie/lib.a already has it.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Tested-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
How to restore an external file? The problem is that a file
can be opened with different flags (O_APPNED, O_RDWR, O_RONLY,
etc). These flags can't be changed for a file descriptor, so
we can't just duplicate an inherit fd, when we meet an external
file.
A file is external, when we can't access them directly.
CRIU is able to restore a file descriptor, if it knows
how to open it, so we need to provide a way to open
an external file.
The idea of this patch is that we can open an external file
via /proc/self/fd/X where X is an inherit fd.
This approach works for files and fifo.
An example how it can be used:
criu -o dump.log -D dump/fifo.py/6/1 -v4 -t 6 --external file[72:a3e7]
criu -o restore.log -D dump/fifo.py/6/1 -v4 --restore-sibling --inherit-fd fd[4]:file[72:a3e7] --restore-detached
https://github.com/xemul/criu/issues/104
Cc: Saied Kazemi <saied@google.com>
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Sometimes we may want to use CRIU on older kernels which don't support
dumping seccomp state where we don't actually care about the seccomp state.
Of course this is unsafe, but it does allow for c/r of things using
seccomp on these older kernels in some cases. When the task is in
SECCOMP_MODE_STRICT or SECCOMP_MODE_FILTER with filters that block the
syscalls criu's parasite code needs, the dump will still fail.
Note that we disable seccomp by simply feigning that we are in mode 0. This
is a little hacky, but avoids distributing ifs throughout the code and
keeps them in this one place.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
CC: Saied Kazemi <saied@google.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Docker requested an option, when network devices and routes are not
dumped and not restored. Instead of this Docker will call libnetwork
hook to tune netns from the setup-namespaces action.
Cc: Saied Kazemi <saied@google.com>
Tested-by: Ross Boucher <boucher@gmail.com>
Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
If we forget to clean some of this stuff, we can get into strange states
where zdtm.py thinks it has constructed the root, but really hasn't, and
can't construct the root because it partially exists.
v2: kill all the extra debugging crap from v1
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
The 'show' action has been deprecated since 1.6, let's finally drop it.
The print_data() routine is kept for yet another (to be deprecated too)
feature called 'criu exec'.
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
This function may be called several times for a mnt_share family.
The second call with a mi, which was not a bind source during the
first call, leads to double dependence:
a <-> b <-> c
1)propagate_siblings(a)
b->bind = a;
c->bind = a;
2)propagate_siblings(b)
c->bind = b;
(a is not set, because its mounted is 1).
So during c's bind mount criu use b's root and refers to a wrong
directory.
The reproduction: mntns_root_bind02 test.
The patch fixes the problem.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Acked-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
It's an extension of mntns_root_bind, which is differ by one more bind mount.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Acked-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Just got a situation inside VM where pretty new
kernel with memfd has been installed (and as result
__NR_memfd_create shipped with kernel headers
is provided as well) but libc was old having no
SYS_memfd_create defined. Thus we've got an error
because we use exactly SYS_ number for calls.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
I have CONFIG_HAS_LIBBSD, but -DCONFIG_HAS_LIBBSD isn't passed to
compiler. Fix for the following error:
<...>
CC cr-dedup.o
CC cr-dump.o
cr-dump.c: In function ‘dump_filemap’:
cr-dump.c:382:3: error: implicit declaration of function ‘strlcpy’ [-Werror=implicit-function-declaration]
strlcpy(aufs_link.name, vma_area->aufs_rpath,
^
cc1: all warnings being treated as errors
/home/japdoll/tools/criu/scripts/nmk/scripts/rules.mk:53: recipe for target 'cr-dump.o' failed
make[2]: *** [cr-dump.o] Error 1
Makefile:146: recipe for target 'built-in.o' failed
make[1]: *** [built-in.o] Error 2
Makefile:109: recipe for target 'criu' failed
make: *** [criu] Error 2
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
