Now that Python 2 has officially reached its end of life also switch the
Alpine based test to Python 3.
Signed-off-by: Adrian Reber <areber@redhat.com>
The kernel artificially adds the O_CLOEXEC flag when reading from the
/proc/fdinfo/fd interface if FD_CLOEXEC is set on the file descriptor
used to access the file.
This commit removes the O_CLOEXEC flag in our file flags.
To restore the proper FD_CLOEXEC value in each of the file descriptors,
CRIU uses fcntl(F_GETFD) to retrieve the FD_CLOEXEC status, and restore
it later with fcntl(F_SETFD). This is necessary because multiple file
descriptors may point to the same open file.
Include warnings that the kernel uses during compilation:
-Wstrict-prototypes: enforces full declaration of functions.
Previously, when declaring extern void func(), one can call func(123)
and have no compilation error. This is dangerous. The correct declaration
is extern void func(void).
Signed-off-by: Nicolas Viennot <Nicolas.Viennot@twosigma.com>
[Generated a commit message from the pull request]
Signed-off-by: Dmitry Safonov <dima@arista.com>
Include warnings that the kernel uses during compilation:
-Wdeclaration-after-statement: enforces having variables declared at the top of scopes
Signed-off-by: Nicolas Viennot <Nicolas.Viennot@twosigma.com>
[Generated a commit message from the pull request]
Signed-off-by: Dmitry Safonov <dima@arista.com>
It seems like Ubuntu introduced a overlayfs change which breaks CRIU:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1857257
This disables overlayfs (unfortunately) in most tests by switching to
devicemapper or vfs.
Upstream kernels do not seem to have this problem.
This also adds the 'docker-test' for xenial which still has a working
overlayfs from CRIU's point of view.
Also adjust Podman Ubuntu package location
Podman Ubuntu packages are now available via OBS and no longer via PPA.
Signed-off-by: Adrian Reber <areber@redhat.com>
TCP keepalive packets can be used to determine if a connection
is still valid. When the SO_KEEPALIVE option is set, TCP packets
are periodically sent to keep the connection alive.
This patch implements checkpoint/restore support for SO_KEEPALIVE,
TCP_KEEPIDLE, TCP_KEEPINTVL and TCP_KEEPCNT options.
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
Make xfeatures_mask check explicit. We were relying on our guess about
hardware "backward compatibility" and used ">" check here for a long
time. But it looks better to explicitly check that all xfeature bits
available on the source are also available on the destination.
For xsave_size we need to have smaller size on destination than on
source, because xsave operation on small allocated buffer may corrupt
the nearby data. So split up comments about xfeatures_mask and
xsave_size, as having single comment for quiet a different cases is less
understandable.
v2: improve comments, remove extra else-ifs, remove extra typecast
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Test checks that if the /proc/sys/net/unix/max_dgram_qlen value has
been changed in process net namespace, then it is saved after c/r.
Signed-off-by: Alexander Mikhalitsyn <alexander@mihalicyn.com>
Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com>
The /proc/sys/net/unix/max_dgram_qlen is a per-net variable and
we already noticed that systemd inside a container may change its value
(for example it sets it to 512 by now instead of kernel's default
value 10), thus we need keep it inside image and restore then.
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
Signed-off-by: Alexander Mikhalitsyn <alexander@mihalicyn.com>
Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com>
When we do clone threads in a later stage of restore procedure
it may race with helpers which do call clone_noasan by self.
Thus we need to walk over each clone_noasan call and figure
out if calling it without last_pid lock is safe.
- open_mountpoint: called by fusectl_dump, dump_empty_fs,
binfmt_misc_dump, tmpfs_dump -- they all are processing
dump stage, thus safe
- call_helper_process: try_remount_writable -- called from
various places in reg-files.c, in particular open_reg_by_id
called in parallel with other threads, needs a lock
remount_readonly_mounts -- called from sigreturn_restore,
so in parallel, needs a lock
- call_in_child_process: prepare_net_namespaces -- called
from prepare_namespace which runs before we start forking,
no need for lock
Thus call_helper_process should use lock_last_pid and
unlock_last_pid helpers and wait for subprocess to finish.
Same time put a warning text into clone_noasan comment
so next time we need to use it we would recall the pitfalls.
v2:
- fix unitialized ret variable
v3:
- use exit_code instead of ret
Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com>
We've seen ppoll interrupted with signal in VZ7 CT migration tests, that
is because in the beggining of CR_STATE_RESTORE_SIGCHLD zombies and
helpers die, and that can trigger SIGCHILDs sent to their parents.
Adding additional debug (printing "Task..." for zombies and helpers) in
sigchld_handler I see:
(15.644339) pie: 1: Task 10718 exited, status= 0
(15.644349) pie: 1: Cleaning inotify events from 29
(15.644359) pie: 1: Cleaning inotify events from 19
(15.644367) pie: 1: Cleaning inotify events from 10
And previousely we had:
(05.718449) pie: 104: Cleaning inotify events from 5
(05.718835) pie: 330: Cleaning inotify events from 3
(05.719046) pie: 1: Cleaning inotify events from 23
(05.719164) pie: 80: Cleaning inotify events from 7
(05.719185) pie: 1: Error (criu/pie/restorer.c:1287): Failed to poll from inotify fd: -4
(05.719202) pie: 95: Cleaning inotify events from 6
(05.719269) pie: 1: Error (criu/pie/restorer.c:1890): Restorer fail 1
So reordering cleanup and wait should fix it.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Fixes the following compile-error:
> CC socket-tcp-fin-wait1.o
> socket-tcp-fin-wait1.c:144:26: error: adding 'int' to a string does not append to the string [-Werror,-Wstring-plus-int]
> if (write(fd, TEST_MSG + 2, sizeof(TEST_MSG) - 2) != sizeof(TEST_MSG) - 2) {
> ~~~~~~~~~^~~
> socket-tcp-fin-wait1.c:144:26: note: use array indexing to silence this warning
> if (write(fd, TEST_MSG + 2, sizeof(TEST_MSG) - 2) != sizeof(TEST_MSG) - 2) {
> ^
> & [ ]
> 1 error generated.
Signed-off-by: Dmitry Safonov <dima@arista.com>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
The original/old guide probably doesn't work anymore:
- the patch isn't accessible;
- criu now depends on more libraries not only protobuf
Still, keep it as it might be helpful for someone.
Signed-off-by: Dmitry Safonov <dima@arista.com>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Helps to cross-compile zdtm tests in case somebody needs it.
Signed-off-by: Dmitry Safonov <dima@arista.com>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
The very same hack to build aarch32 zdtm tests on armv8 Travis-CI
as in the commit dfa0a1edcb ("Makefile hack for travis
aarch64/armv8l")
Signed-off-by: Dmitry Safonov <dima@arista.com>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Instead of doing additional `uname -m` - use provided $(SUBARCH) to detect
what architecture flavour the build should produce the result for.
Fixes two things:
- zdtm make now correctly supplies $(USERCFLAGS)
- subtly fixes cross compilation by providing a way to specify $(SUBARCH)
Signed-off-by: Dmitry Safonov <dima@arista.com>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
It's always equal ARCH and not very useful (so nothing actually uses it).
Time for a change: SUBARCH now is meaningful and gives a way to detect
what kind of ARCH flavor build is dealing with.
Also, for cross-compiling sake don't set SUBARCH if the user supplied it.
(and don't call useless uname during cross compilation)
Signed-off-by: Dmitry Safonov <dima@arista.com>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
SRCARCH is always equal ARCH. There are no rules when to use one or
another and architectures may forget to set one of them up.
No need for a second variable meaning the same and confusing people.
Remove it completely.
Self-correction [after some debug]: SRCARCH was different in one place:
zdtm Makefile by some unintentional mistake:
> ifeq ($(ARCH),arm64)
> ARCH ?= aarch64
> SRCARCH ?= aarch64
> endif
That meant to be "ARCH := aarch64" because "?=" would never work inside
that ifeq. Fix up this part of mess too.
Signed-off-by: Dmitry Safonov <dima@arista.com>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Update zdtm tests to verify that CRIU does not require the --root
path to be accessible to the unprivileged user being restored when
restoring user namespace.
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
Replacing the if->continue pattern with if->elif->else
reduces the number of lines while preserving the logic.
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
When restoring a container with user namespace, CRIU fails to create
a temporary directory for proc. The is because the unprivileged user
that has been just restored does not have permissions to access the
working directory used by CRIU.
Resolves#828
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
When restoring a runc container with enabled user namespace CRIU fails
to mount the specified root directory because the path is under
/run/runc which is inaccessible to unprivileged users.
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
Kernels 5.4 and higher will restrict availability of UFFD_EVENT_FORK only
for users with SYS_CAP_PTRACE. This prevents running --lazy-pages tests
with 'uns' flavor.
Disable 'uns' for lazy pages testing in travis for newer kernels.
Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>
Before this change CRIU would checkpoint all controllers, even the ones
not specified in --cgroup-dump-controller. That becomes a problem if
there's a cgroup controller on the checkpointing machine that doesn't
exist on the restoring machine even if CRIU is instructed not to dump
that controller. After that change everything works as expected.
Signed-off-by: Michał Cłapiński <mclapinski@google.com>
All those compel functions can fail by various reasons.
It may be status of the system, interruption by user or anything else.
It's really desired to handle as many PIE related errors as possible
otherwise it's hard to analyze statuses of parasite/restorer
and the C/R process.
At least warning for logs should be produced or even C/R stopped.
Signed-off-by: Dmitry Safonov <dima@arista.com>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
