Another pr_perror spring cleaning time!
As pr_perror adds a semicolon, an strerror(errno), and a newline,
there's no need to add one manually.
Brought to you by
for f in $(git grep -l pr_perror); do
test -f $f || continue
echo $f
sed -i '\%^[[:space:]]*pr_perror(.*\\n"%s/\\n//' $f
done
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Send an RTM_SETLINK request with a negative IFLA_NEW_IFINDEX. If
IFLA_NEW_IFINDEX is supported, the kernel will return ERANGE.
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Running zdtm tests does not require input and therefore it is not
necessary to use -it. This change also allows to run the test in CI
where it currently fails with:
the input device is not a TTY
make: *** [Makefile:388: docker-test] Error 1
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
All zdtm tests pass on Fedora 33 for `make docker-build && make docker-test`
with devicemapper storage driver.
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
The test/zdtm_mount_cgroups script fails with 'permission denied'
when running tests with private cgroup namespace.
Using the host network namespace allows us to test criu as if
it is running on the host, sharing iptables rules etc.
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
In order to be able to run the zdtm tests inside a container,
we have to make sure that all protobuf sources have been compiled.
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
The 'make docker-build' command creates a copy of all files from the
in local CRIU clone inside a container.
Then it runs 'make mrproper' inside the container, followed by
compilation of criu, followed by another 'make mrproper'.
After the last mrproper command, it attempts to check if
the clean was successful by running 'git clean'.
However, this check fails when the local repository contains
files that are not part of the repository.
For example, the vscode editor creates the folder '.vscode/'
which would be copied inside the docker container and cause
'make docker-build' to fail.
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
return value of is_empty_dir:
* < 0 : open directory stream failed
* 0 : directory is not empty
* 1 : directory is empty
Signed-off-by: Liu Hua <weldonliu@tencent.com>
This introduces a new option
--external netdev[IFNAME]:ORIGNAME
which informs CRIU that this is pre-created network device that it is
supposed to move into a target network namespace. The "netdev" name was
chosen to make it flexible enough to e.g. also cover physical devices if
that is desirable at some point. For example:
--external netdev[eth0]:vethA23adf3
would instruct CRIU to move the network device with the name
"vethA23adf3" into a target network namespace renaming it to "eth0"
while doing so.
In order to restore ip addresses and additional data correctly CRIU
needs to move the network device into the target netns with the recorded
ifindex. This requires a kernel patch as discussed in [1]. The patch has
been merged into net-next and is expected to show up in the v5.13
release (cf. [2])
The motivating use-case can be found in [1]. But I'm repeating it mostly
verbatim here:
Assume a container with a standard veth tunnel for an unprivileged container:
<veth-host> <-> <bridge-host> <-> <veth-container>
When LXD starts a container it will create the veth pair in the host
namespaces with random names, let's assume:
<veth-host> := vethHOST
<veth-container> := vethCONT
The LXD generates a config for the container and tells the container to
use vethCONT as network device and usually also tells it to rename that
device to something more sensible like eth3. The container will then use
netlink to move and rename the vethCONT device into it's network
namespace as eth3 during startup.
Users may use lxc snapshot --stateful to create a CRIU dump.
And they can restore via
lxc restore --stateful <container-name> <stateful-snapshot-name>
And this is where things get hairy currently. LXD's network models
requires it to always be in control of all network devices and so
similar to regular startup it will precreate the two veth devices
vethHOST and vethCONT and tell LXC about it.
What we would like CRIU to be able to do is to add a commandline option
to tell CRIU to not bother creating the veth device but instead to
simply assume that someone else will create, move, and rename it and
instead just restore routes, iptables, addresses and so on.
With this kernel patch applied I can successfully dump and restore a
LXD containers:
ubuntu@f2-vm:~/src/bin$ lxc launch images:alpine/edge alp1
Creating alp1
Starting alp1
ubuntu@f2-vm:~/src/bin$ lxc snapshot --stateful alp1
ubuntu@f2-vm:~/src/bin$ lxc list
+------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| alp1 | RUNNING | 10.47.211.144 (eth0) | fd42:8722:277d:69cf:216:3eff:fe69:9b8b (eth0) | CONTAINER | 1 |
+------+---------+----------------------+-----------------------------------------------+-----------+-----------+
ubuntu@f2-vm:~/src/bin$ lxc restore --stateful alp1 snap0
ubuntu@f2-vm:~/src/bin$ lxc list
+------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| alp1 | RUNNING | 10.47.211.144 (eth0) | fd42:8722:277d:69cf:216:3eff:fe69:9b8b (eth0) | CONTAINER | 1 |
+------+---------+----------------------+-----------------------------------------------+-----------+-----------+
ubuntu@f2-vm:~/src/bin$ lxc exec alp1 -- sh
~ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
15: eth0@if18: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 00:16:3e:69:9b:8b brd ff:ff:ff:ff:ff:ff
inet 10.47.211.144/24 brd 10.47.211.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fd42:8722:277d:69cf:216:3eff:fe69:9b8b/64 scope global dynamic flags 100
valid_lft 86355sec preferred_lft 86355sec
inet6 fe80::216:3eff:fe69:9b8b/64 scope link
valid_lft forever preferred_lft forever
[1]: https://github.com/checkpoint-restore/criu/issues/1421
[2]: https://patchwork.kernel.org/project/netdevbpf/patch/20210406075448.203816-1-avagin@gmail.com/Fixes: #1421
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
The ENV1 variable was first introduced with commit
7290de5 (travis: enable ccache for docker/qemu builds)
and it is not used anymore.
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
This changes the license of all files in the images/ directory from
GPLv2 to the Expat license (so-called MIT).
According to git the files have been authored by:
Abhishek Dubey
Adrian Reber
Alexander Mikhalitsyn
Alice Frosi
Andrei Vagin (Andrew Vagin, Andrey Vagin)
Cyrill Gorcunov
Dengguangxing
Dmitry Safonov
Guoyun Sun
Kirill Tkhai
Kir Kolyshkin
Laurent Dufour
Michael Holzheu
Michał Cłapiński
Mike Rapoport
Nicolas Viennot
Nikita Spiridonov
Pavel Emelianov (Pavel Emelyanov)
Pavel Tikhomirov
Radostin Stoyanov
rbruno@gsd.inesc-id.pt
Sebastian Pipping
Stanislav Kinsburskiy
Tycho Andersen
Valeriy Vdovin
The Expat license (so-called MIT) can be found here:
https://opensource.org/licenses/MIT
According to that link the correct SPDX short identifier is 'MIT'.
https://spdx.org/licenses/MIT.html
Signed-off-by: Adrian Reber <areber@redhat.com>
This fixes the others/crit test to work again and extends it to make
sure all possible input and output options are correctly handled by
crit.
Signed-off-by: Adrian Reber <areber@redhat.com>
CI sometimes errors out encoding/decoding extra pipe data.
This should fix extra pipe data for Python 3 and still keep it working
on Python 2.
Signed-off-by: Adrian Reber <areber@redhat.com>
This changes stdin to be opened as binary if the input is not a tty.
This changes stdout to be opened as binary if encoding or if the output
is not a tty.
Signed-off-by: Adrian Reber <areber@redhat.com>
In image dump directory, there are 2 parent symlink error cases:
- Parent symlink does not exist
- Parent symlink exists but points to invalid target
At the moment, 2 cases are handled exactly the same (do full dump). However, while
the first case happen when parent path is not provided, the second one is likely
user's mistake when provides invalid parent path.
So we throw an error in the latter case instead of performing the full dump.
Signed-off-by: Bui Quang Minh <minhquangbui99@gmail.com>
Closes: #1408
CRIU_REQ_TYPE__FEATURE_CHECK was failing, this was caused by two
things in handle_feature_check():
1. setup_opts_from_req() was used and it could be NULL
(kerndat_init() is enough for feature checking)
2. resp.success was always set to false
Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
The recent fix to make Jenkins run crit-recode again broke
Python 2 support (because Python 2 based CI was not running).
This should fix the Python 2 based test run.
Signed-off-by: Adrian Reber <areber@redhat.com>
Previously we only skipped replacing sid for shell job if root_item was
session leader, but there is other case where root_item sid is the same
as current_sid we can safely skip replacing for this case. Same applies
to gid-s.
Now after we have pid collision check we not only "can" but should skip
pid collision checks for the latter case. It is quite obvious that
there are tasks in tree with sid==current_sid if current_sid==old_sid.
Fixes: #1400
Fixes: 77968d43c ("pstree: check for pid collision before switching to
new sid/gid")
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
With the switch to Python3 and binary output it is not possible to use
code like: 'f.write('\0' * (rounded - size))'. Switching to binary
helps.
Signed-off-by: Adrian Reber <areber@redhat.com>
fromstring() and tostring() are deprecated since Python 3.2 and have
been removed in 3.9. Both functions were just aliases and this patch
changes images.py to directly call fromybytes() and tobytes().
Signed-off-by: Adrian Reber <areber@redhat.com>
The criu-ns script creates a new PID namespace where criu is the "init"
process. When using the --restore-detached option with criu-ns, users
expect criu-ns to exit without killing the restored process tree.
Thus, criu-ns should not pass the --restore-detached to criu to prevent
it from terminating, and it should exit instead of waiting for criu's
exit status.
Resolves#1278
Suggested-by: Andrei Vagin <avagin@gmail.com>
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
This change extracts some of the duplicated code from
set_pidns() and set_mntns() functions.
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
This test should be run with at least 1 pre-dump to trigger the problem as mentioned in commit 4d9bf608b5.
Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
ccache was set up in Travis to speed up compilation by re-using the
.ccache directory from previous CI runs. As we are no longer using
Travis we can remove all CI related ccache setup.
Signed-off-by: Adrian Reber <areber@redhat.com>
We were running crit-recode in CI only on the output of
zdtm/static/env00.
This adds zdtm/transition/fork and zdtm/static/ghost_holes00
to run through crit-recode as the image files from those test
triggered errors in Jenkins we did not see in CI.
Signed-off-by: Adrian Reber <areber@redhat.com>
Although we are running crit-recode.py also in all CI runs we never seen
following error except in Jenkins:
Traceback (most recent call last):
File "/usr/lib/python3.8/base64.py", line 510, in _input_type_check
m = memoryview(s)
TypeError: memoryview: a bytes-like object is required, not 'str'
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "./test/crit-recode.py", line 25, in recode_and_check
r_img = pycriu.images.dumps(pb)
File "/var/lib/jenkins/workspace/Q/test/pycriu/images/images.py", line 635, in dumps
dump(img, f)
File "/var/lib/jenkins/workspace/Q/test/pycriu/images/images.py", line 626, in dump
handler.dump(img['entries'], f)
File "/var/lib/jenkins/workspace/Q/test/pycriu/images/images.py", line 289, in dump
f.write(base64.decodebytes(item['extra']))
File "/usr/lib/python3.8/base64.py", line 545, in decodebytes
_input_type_check(s)
File "/usr/lib/python3.8/base64.py", line 513, in _input_type_check
raise TypeError(msg) from err
TypeError: expected bytes-like object, not str
This commit fixes this by encoding the string to bytes.
Signed-off-by: Adrian Reber <areber@redhat.com>
This removes extending LDFLAGS with '-Wl,-z,now'. This was added as
workaround but never really worked. It is correctly fixed with
pull request #1379
Signed-off-by: Adrian Reber <areber@redhat.com>
python3 fails to encode image with the following:
> [dima@Mindolluin criu]$ ./crit/crit encode -i tmp -o tmp.1
> Traceback (most recent call last):
> File "/home/dima/src/criu/./crit/crit", line 6, in <module>
> cli.main()
> File "/home/dima/src/criu/crit/pycriu/cli.py", line 410, in main
> opts["func"](opts)
> File "/home/dima/src/criu/crit/pycriu/cli.py", line 50, in encode
> pycriu.images.dump(img, outf(opts))
> File "/home/dima/src/criu/crit/pycriu/images/images.py", line 617, in dump
> f.write(struct.pack('i', magic.by_name['IMG_COMMON']))
> TypeError: write() argument must be str, not bytes
Opening the output file as binary seems to help.
Signed-off-by: Dmitry Safonov <dima@arista.com>
By default docker writes logs in a run-time directory unique for each
container. To be able to read this file, we can specify the path in
CRIU's configuration file for runc.
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
Without this check we can hit the BUG in lookup_create_item just a few
steps later (if one thread in images has same pid with new sid/gid). And
also this check saves us from different sorts of unexpected errors on
restore (if one non-thread task in images has same pid/sid/gid already).
Fixes: #1332
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
