Create a session leader and it's child - session member, make leader
zombie. To restore this criu will need to create a helper task a child
of our zombie so that member can inherit session. Before fixes in this
patchset we segfault on empty ids and fail to restore cgroups because of
empty cg_set
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
We permanently have issues like this:
./test/jenkins/criu-iter.sh: 3: source: not found
It looks like a good idea to use one shell to run our jenkins scripts.
Signed-off-by: Andrei Vagin <avagin@gmail.com>
One can pass --stream to zdtm.py for testing criu with image streaming.
criu-image-streamer should be installed in ../criu-image-streamer
relative to the criu project directory. But any path will do providing
that criu-image-streamer can be found in the PATH env.
Added a few tests to run on travis-ci to make sure streaming works.
We run test that are likely to fail. However, it would be good to once
in a while run all tests with `--stream -a`.
Signed-off-by: Nicolas Viennot <Nicolas.Viennot@twosigma.com>
The newest version of flake reports errors that variable names like 'l'
should not be used, because they are hard to read.
This changes 'l' to 'line' to make flake8 happy.
Signed-off-by: Adrian Reber <areber@redhat.com>
When using zdtm.py with --tls it started to fail as the certificates
seem to have expired. Following commands have been used to re-generate
the certificate:
# Generate CA key and certificate
echo -ne "ca\ncert_signing_key" > temp
certtool --generate-privkey > cakey.pem
certtool --generate-self-signed \
--template temp \
--load-privkey cakey.pem \
--outfile cacert.pem
# Generate server key and certificate
echo -ne "cn=$HOSTNAME\nencryption_key\nsigning_key" > temp
certtool --generate-privkey > key.pem
certtool --generate-certificate \
--template temp \
--load-privkey key.pem \
--load-ca-certificate cacert.pem \
--load-ca-privkey cakey.pem \
--outfile cert.pem
rm temp cakey.pem
Without this tests will fail in Travis.
Signed-off-by: Adrian Reber <areber@redhat.com>
We should follow Linux Kernel Codding Style:
... the closing brace is empty on a line of its own, except in the cases
where it is followed by a continuation of the same statement, ie ... an
else in an if-statement ...
https://www.kernel.org/doc/html/v4.10/process/coding-style.html#placing-braces-and-spaces
Automaticly fixing with:
:!git grep --files-with-matches "^\s*else[^{]*{" | xargs
:argadd <files>
:argdo :%s/}\s*\n\s*\(else[^{]*{\)/} \1/g | update
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
This test checks that monotonic and boottime don't jump after C/R.
In ns and uns flavors, the test is started in a separate time namespace
with big offsets, so if criu will restore a time namespace incorrectly
the test will detect the big delta of clocks values before and after C/R.
Signed-off-by: Andrei Vagin <avagin@gmail.com>
The helper function removes code duplication from tests that want to
initialize unix socket address to an absolute file path, derived from
current working directory of the test + relative filename of a resulting
socket. Because the former code used cwd = get_current_dir_name() as
part of absolute filename generation, the resulting filepath could later
cause failure of bind systcall due to unchecked permissions and
introduce confusing permission errors.
Signed-off-by: Valeriy Vdovin <valeriy.vdovin@virtuozzo.com>
Any filesystem syscall, that needs to navigate to inode by it's
absolute path performs successive lookup operations for each part of the
path. Lookup operation includes access rights check.
Usually but not always zdtm tests processes fall under 'other' access
category. Also, usually directories don't have 'x' bit set for other.
In case when bit 'x' is not set and user-ID and group-ID of a process
relate it to 'other', test's will not succeed in performing these
syscalls which are most of filesystem api, that has const char *path
as part of it arguments (open, openat, mkdir, bind, etc).
The observable behavior of that is that zdtm tests fail at file
creation ops on one system and pass on the other. The above is not
immediately clear to the developer by just looking at failed test's logs.
Investigation of that is also not quick for a developer due to the
complex structure of zdtm runtime where nested clones with
NAMESPACE flags take place alongside with bind-mounts.
As an additional note: 'get_current_dir_name' is documented as returning
EACCESS in case when some part of the path lacks read/list permissions.
But in fact it's not always so. Practice shows, that test processes can
get false success on this operation only to fail on later call to
something like mkdir/mknod/bind with a given path in arguments.
'get_cwd_check_perm' is a wrapper around 'get_current_dir_name'. It also
checks for permissions on the given filepath and logs the error. This
directs the developer towards the right investigation path or even
eliminates the need for investigation completely.
Signed-off-by: Valeriy Vdovin <valeriy.vdovin@virtuozzo.com>
We should ignore (not parse) images that has non-crtool format,
that images has no magic number (RAW_IMAGE_MAGIC equals 0).
nftables images has format compatible with `nft -f /proc/self/fd/0`
input format.
Reported-by: Mr Jenkins
Signed-off-by: Alexander Mikhalitsyn (Virtuozzo) <alexander@mihalicyn.com>
On these test without the patch ("fown: Don't fail on dumping files opened
wit O_PATH") we trigger these errors:
Error (criu/pie/parasite.c:340): fcntl(4, F_GETOWN_EX) -> -9
Error (criu/files.c:403): Can't get owner signum on 18: Bad file descriptor
Error (criu/files-reg.c:1887): Can't restore file pos: Bad file descriptor
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Signed-off-by: Alexander Mikhalitsyn (Virtuozzo) <alexander@mihalicyn.com>
python 2.7 doesn't call the read system call if it's read file to the
end once. The next seek allows to workaround this problem.
inhfd/memfd.py hangs due to this issue.
Reported-by: Mr Jenkins
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Testing for all the memfd features, namely support for CR of:
* the same fd shared by multiple processes
* the same file shared by multiple processes
* the memfd content
* file flags and fd flags
* mmaps, MAP_SHARED and MAP_PRIVATE
* seals, excluding F_SEAL_FUTURE_WRITE because this feature only exists
in recent kernels (5.1 and up)
* inherited fd
Signed-off-by: Nicolas Viennot <Nicolas.Viennot@twosigma.com>
File pairs naturally block on read() until the write() happen (or the
writer is closed). This is not the case for regular files, so we
take extra precaution for these.
Also cleaned-up an extra my_file.close()
Signed-off-by: Nicolas Viennot <Nicolas.Viennot@twosigma.com>
Include warnings that the kernel uses during compilation:
-Wstrict-prototypes: enforces full declaration of functions.
Previously, when declaring extern void func(), one can call func(123)
and have no compilation error. This is dangerous. The correct declaration
is extern void func(void).
Signed-off-by: Nicolas Viennot <Nicolas.Viennot@twosigma.com>
[Generated a commit message from the pull request]
Signed-off-by: Dmitry Safonov <dima@arista.com>
Include warnings that the kernel uses during compilation:
-Wdeclaration-after-statement: enforces having variables declared at the top of scopes
Signed-off-by: Nicolas Viennot <Nicolas.Viennot@twosigma.com>
[Generated a commit message from the pull request]
Signed-off-by: Dmitry Safonov <dima@arista.com>
Test checks that if the /proc/sys/net/unix/max_dgram_qlen value has
been changed in process net namespace, then it is saved after c/r.
Signed-off-by: Alexander Mikhalitsyn <alexander@mihalicyn.com>
Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com>
Fixes the following compile-error:
> CC socket-tcp-fin-wait1.o
> socket-tcp-fin-wait1.c:144:26: error: adding 'int' to a string does not append to the string [-Werror,-Wstring-plus-int]
> if (write(fd, TEST_MSG + 2, sizeof(TEST_MSG) - 2) != sizeof(TEST_MSG) - 2) {
> ~~~~~~~~~^~~
> socket-tcp-fin-wait1.c:144:26: note: use array indexing to silence this warning
> if (write(fd, TEST_MSG + 2, sizeof(TEST_MSG) - 2) != sizeof(TEST_MSG) - 2) {
> ^
> & [ ]
> 1 error generated.
Signed-off-by: Dmitry Safonov <dima@arista.com>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Helps to cross-compile zdtm tests in case somebody needs it.
Signed-off-by: Dmitry Safonov <dima@arista.com>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
The very same hack to build aarch32 zdtm tests on armv8 Travis-CI
as in the commit dfa0a1edcb ("Makefile hack for travis
aarch64/armv8l")
Signed-off-by: Dmitry Safonov <dima@arista.com>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Instead of doing additional `uname -m` - use provided $(SUBARCH) to detect
what architecture flavour the build should produce the result for.
Fixes two things:
- zdtm make now correctly supplies $(USERCFLAGS)
- subtly fixes cross compilation by providing a way to specify $(SUBARCH)
Signed-off-by: Dmitry Safonov <dima@arista.com>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
SRCARCH is always equal ARCH. There are no rules when to use one or
another and architectures may forget to set one of them up.
No need for a second variable meaning the same and confusing people.
Remove it completely.
Self-correction [after some debug]: SRCARCH was different in one place:
zdtm Makefile by some unintentional mistake:
> ifeq ($(ARCH),arm64)
> ARCH ?= aarch64
> SRCARCH ?= aarch64
> endif
That meant to be "ARCH := aarch64" because "?=" would never work inside
that ifeq. Fix up this part of mess too.
Signed-off-by: Dmitry Safonov <dima@arista.com>
Signed-off-by: Andrei Vagin <avagin@gmail.com>
Update zdtm tests to verify that CRIU does not require the --root
path to be accessible to the unprivileged user being restored when
restoring user namespace.
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
