The motivation for this is to be able to restore containers into cgroups other
than what they were dumped in (if, e.g. they might conflict with an existing
container). Suppose you have a container in:
memory:/mycontainer
cpuacct,cpu:/mycontainer
blkio:/mycontainer
name=systemd:/mycontainer
You could then restore them to /mycontainer2 via --cgroup-root /mycontainer2.
If you want to restore different controllers to different paths, you can
provide multiple arguments, for example, passing:
--cgroup-root /mycontainer2 --cgroup-root cpuacct,cpu:/specialcpu \
--cgroup-root name=systemd:/specialsystemd
Would result in things being restored to:
memory:/mycontainer2
cpuacct,cpu:/specialcpu
blkio:/mycontainer2
name=systemd:/specialsystemd
i.e. a --cgroup-root without a controller prefix specifies the new default root
for all cgroups.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Transition and streaming tests can create many processes
which are using cpu. CPU should be divided between tests fairly.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
When writing the system default for memory.limit_in_bytes (which is a LLONG_MAX)
the write fails. The number is equivalent to -1 (unlimited). So during dump,
store the number -1 instead.
Change-Id: Iafccc96bf5dbade763d7addaeda24194616e4d5f
Signed-off-by: Garrison Bellack <gbellack@google.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Needed for future user namespace support. Capabilities will have to be
dumped from the parasite, ie from inside the namespace since there is no
obvious way to 'translate' capabilities from the global namespace (unlike
with uids and gids, where the id mappings can be used for translation).
[ additional explanation from Andrew Vagin:
"capabilities" are not translated between namespaces. They can exist
only in one userns, where a process lives. If a process is created in a
new userns, it gets a full set of capabilities in this userns, and
loses all caps in a parent userns.
So if capabilities are not shown in /proc/pid/stat, we have no way to
get it except of using parasite code. ]
Signed-off-by: Sophie Blee-Goldman <ableegoldman@google.com>
Acked-by: Andrew Vagin <avagin@parallels.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Moves the definition of kerndat_init() to below the definition
of get_last_cap(). Needed for reading capabilities in a future patch.
Signed-off-by: Sophie Blee-Goldman <ableegoldman@google.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Because different kernel versions have different cgroup properties, criu
shouldn't crash just because the properties statically listed aren't exact.
Instead, during dump, ignore properties the kernel doesn't have and continue.
Change-Id: I5a8b93d6a8a3a9664914f10cf8e2110340dd8b31
Signed-off-by: Garrison Bellack <gbellack@google.com>
Acked-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We run tests concurrently and they can race for equal resources
v2: fix hooks too
Signed-off-by: Andrew Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We found a bug, when a second cgroup is restored incorrectly,
so let's create one more empty cgroup.
Signed-off-by: Andrew Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
prepare_cgroup_dirs() gets a path and an offset.
Then we add substrings to the source string and handle them.
v2: fix one more place in prepare_cgroup_dir_properties()
Cc: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Andrew Vagin <avagin@openvz.org>
Acked-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
When we open tty, we don't want to set it as controlling terminal.
[xemul: We do it in all the other places, this one is forgotten.
The "controlling tty" feature is setup explicitly later with
the ioctl (TIOCSCTTY) call. ]
This bug was caught by pty04. Where we get unexpected SIGCONT,
which is sent after closing a controlling terminal.
./pty04 --pidfile=pty04.pid --outfile=pty04.out
Dump 9578
Restore
Test: zdtm/live/static/pty04, Result: FAIL
==================================== ERROR ====================================
Test: zdtm/live/static/pty04, Namespace:
Dump log : /home/jenkins/workspace/Rpi-CRIU/test/dump/static/pty04/9578/1/dump.log
--------------------------------- grep Error ---------------------------------
------------------------------------- END -------------------------------------
Restore log: /home/jenkins/workspace/Rpi-CRIU/test/dump/static/pty04/9578/1/restore.log
--------------------------------- grep Error ---------------------------------
(00.083420) Error (cr-restore.c:1092): 9578 killed by signal 0
(00.083708) Error (cr-restore.c:1713): Restoring FAILED.
------------------------------------- END -------------------------------------
================================= ERROR OVER =================================
Reported-by: Mr Jenkins
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
It's been discovered that on 3.11 we might fail on restore
if pass @CLONE_PARENT flag into clone() call due to kernel
limitations.
Because we're treating 3.11 as a base working kernel lets
do a trick instead
- setup this flag iif pdeath_sig is present
- if CLONE_NEWPID is passed warn a user about
potential consequences.
- because we need to carry the condition in attach_to_tasks
call, introduce @root_as_sibling variable for this.
CC: Tycho Andersen <tycho.andersen@canonical.com>
CC: Pavel Emelyanov <xemul@parallels.com>
CC: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Acked-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
I didn't find a way how to do that with help "unshare".
It's simpler to write this program. It looks better than tricks in
zdtm.sh.
v2: proxify exit status
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Ruslan Kuprieiev <kupruser@gmail.com>
Acked-by: Christopher Covington <cov@codeaurora.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
If criu process attaches to the root task (it happens for opts.swrk_restore
and opts.restore_detach) with ptrace, then any signal delivered to the root
would be also delivered to criu. The latter woult treat the former to die
due to this delivery and would abort the restore.
Fix it by checking that criu (current == NULL) gets ptrace notification
(si_code == CLD_TRAPPED) about signal delivered (si_status = SIGCHLD,
no other signals are allowed by the restoring tasks).
This patch fixes the following error of static/zombie00:
Execute zdtm/live/static/zombie00
./zombie00 --pidfile=zombie00.pid --outfile=zombie00.out
Dump 2207
Restore
Test: zdtm/live/static/zombie00, Result: FAIL
==================================== ERROR ====================================
Restore log: /root/git/orig/criu/test/dump/static/zombie00/2207/1/restore.log
(00.026826) Error (cr-restore.c:1085): 2207 killed by signal 17
(00.026985) Error (cr-restore.c:1706): Restoring FAILED.
================================= ERROR OVER =================================
Reported-by: Mr Jenkins
Cc: Pavel Emelyanov <xemul@parallels.com>
Cc: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Before the patch cg tree section from cgroup00 test looked like this
{
cnames: "name=zdtmtst"
dirs: {
path: "/subcg"
children: {
path: "/subcg/subsubcg"
children: <empty>
properties: <empty>
}
properties: <empty>
}
}
this /subsg in the children is excessive. Turn this into directory names.
Now the section looks like
{
cnames: "name=zdtmtst"
dirs: {
dir_name: "subcg"
children: {
dir_name: "subsubcg"
children: <empty>
properties: <empty>
}
properties: <empty>
}
}
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Tycho Andersen <tycho.andersen@canonical.com>
When we omit the --manage-cgroups on dump the controllers section
in cgroups image lacks the none-d entries (the name=systemd is the
most typical).
If it happens, that init task lives in non-criu cgset (it can be
so if we do --shell-job dump from another terminal and see criu
and root task living in different user.slice systemd cgroups) then
on restore the move_in_cgroup() would fail to lookup the required
controller.
In order to fix this we should still call the collect_cgroups()
on dump, so that it adds the none-d controllers into the list,
but don't dump the dirs tree itself.
The patch looks ugly, but it just moves the current_controller
evaluation from the middle of the loop upwards (and renames the
char *opts variable not to conflict with global opts).
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Tycho Andersen <tycho.andersen@canonical.com>
We need to use CLONE_PARENT to prevent processes from immediately dying due to
pdeath_sig when they are restored in detached mode.
[ xemul: One more place which requires check for restore-detach
is in sigactions preparation ]
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We are going to execute tests concurrently, but if auto_msgmni is
enabled, the msgmni is recalcalated each time, when ipcns is created
or removed.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
It isn't required. The kernel has a bug in handling auto_msgmni and
if we send extra symbols, a new value isn't applied.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Because setting of auto_msgmni recalculates a value of msgmni
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The kernel has a bug in handling auto_msgmni and if we send extra
symbols, a new value isn't applied.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Fixes a bug in how PARASITE_MAX_GROUPS was calculated, and adds a
compiler check to assert that parasite_dump_creds doesn't exceed
the page size.
Signed-off-by: Sophie Blee-Goldman <ableegoldman@google.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
When doing a restore for LXC, we store some other metadata (which bridge a veth
was on) in the image directory so that the restore script can correctly unlock
a network device and attach it to the right interface. This patch is needed so
that the script can find this metadata.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This is inspired by two problems we have with cgroup* tests.
1. Tests cannot easily clean after themselves -- one cannot
remove a cg dir with tasks in it and the root task of
a test is in a cgroup it tries to remove.
2. After dump old cgroup dirs are remained after the test,
while criu should restore them (this is what we write
tests for).
The proposal is to introduce per-test hooks, for now two of
them: --pre-restore and --clean. For cgroup tests both hooks
will remove the created directories.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Arrays and "&&" in test are not supported by Busybox v1.19.4. The
`set` command can put field-separated arguments into the positional
parameters, which is relatively equivalent to using an array.
Signed-off-by: Christopher Covington <cov@codeaurora.org>
Acked-by: Andrew Vagin <avagin@parallels.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
If we're dumping namespaced tasks, the fl_owner value we see
are the real pids of tasks, while we need virtual ones.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Otherwise static/socket-tcp and streaming/socket-tcp have the same path
to images and they can affect each other.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
They are now in per-pid images, but every entry contains a
pid to which it "belongs". This belonging is fake -- it's
just a pid of a task who placed the lock, while locks really
belong to files. We even have a bug when task that locked
a file exited and "delegated" the lock to its child.
This images merge reduces the amount of image files criu
generates and may simplify the fix of mentioned above issue.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
A bit later we'd need to check whether cinfo collector
opened an image or not due to file absense.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
criu managed cgroups is now an opt-in thing, so by default criu does not manage
(i.e. dump or restore) cgroups. This allows users to use the previous behavior.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
