If a parent mount point is shared with exteranl mntns, a child will be
umounted from the external mntns too.
For example:
$ mount -t tmpfs xxx /root/tmp/
$ mount --make-shared tmp
$ mkdir tmp/xxx
$ mount -t tmpfs xxx /root/tmp/xxx
$ touch tmp/xxx/a
$ unshare -m umount tmp/xxx
$ ls -l tmp/xxx/a
ls: cannot access tmp/xxx/a: No such file or directory
This patch changes a parent mnt to private for umounting childrens.
v2: exit if a mount point can not be marked ad private
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
If we meet shared mount point without share master belonging
to us -- it means we might fail on restore, thus require both
master/slave mount peers to be collected on dump.
In other words, the output will be like
| (00.077025) Error (mount.c:421): Mount 49 (master_id: 2 shared_id: 0) has unreachable sharing
| (00.077123) Error (mount.c:472): Can't proceed 4237's mountinfo
| (00.077865) Error (namespaces.c:442): Namespaces dumping finished with error 65280
https://bugzilla.openvz.org/show_bug.cgi?id=2608
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Allocate it with xzalloc instead of massive
NULL assignment. Moreover, don't forget to
initialize @siblings.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This will be needed for fast parsing of procfs ns references.
[ xemul: Add user_ns_desc here ]
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
when mntns_collect_root->readlinkat call faild, we should close pdf
Signed-off-by: Libo Chen <libo.chen@huawei.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Information about mount points is used for dumping fanotify.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
mnt_entry contains a few strings and they should be release too
CID 996198 (#4 of 4): Resource leak (RESOURCE_LEAK)
20. leaked_storage: Variable "pm" going out of scope leaks the storage
it points to.
CID 996190 (#1 of 1): Resource leak (RESOURCE_LEAK)
13. leaked_storage: Variable "new" going out of scope leaks the storage
it points to.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
simfs is used in OpenVZ containers, so lets understand it
and don't fail on its meeting.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Otherwise we will clean up the root mntns too.
Signed-off-by: Andrew Vagin <avagin@openvz.org>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Otherwise if the root is mounted with MS_SHARED, pivot_root fails with EINVAL.
Signed-off-by: Andrew Vagin <avagin@openvz.org>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
mnt_entry::fstype is a part of image ABI, thus we need
to provide some "common" encoding outside tools would
know about this field encoding.
Thus we instorduce fstype enum in .proto file and use it
in source code as well.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
These are structs that (now) tie together ns string
and the CLONE_ flag. It's nice to have one (some code
becomes simpler) and will help us with auto-namespaces
detection.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We will need to lookup mount points by mount id
and device for fanotify restore.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Because /proc could not be umounted, if any its file is opened.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
* The following files goes into the directory arch/x86/include/asm unmodified:
- include/atomic.h,
- include/linkage.h,
- include/memcpy_64.h,
- include/types.h,
- include/bitops.h,
- pie/parasite-head-x86-64.S,
- include/processor-flags.h,
- include/syscall-x86-64.def.
* Changed include directives in the source files that include the headers
listed above.
* Modified build scripts to reflect the source moves.
Signed-off-by: Alexander Kartashov <alekskartashov@parallels.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Many image files opened by open_image_ro weren't closed before return, fix
them all in this patch.
Signed-off-by: Huang Qiang <h.huangqiang@huawei.com>
Acked-by: Andrew Vagin <avagin@parallels.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We don't need to clean_mnt_ns(), if we are goning to do pivot_root().
"""
pivot_root moves the root file system of the current process to the
directory put_old and makes new_root the new root file system.
"""
So I suggest to do pivot_root() and then detach the old root, all
other mount points will be unmounted automatically.
This patch fixes a problem, when a new root is mounted above a non-root
mount point. It's a default configuration for OpenVZ.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Restore of namespaces requires executions of external tools
(ip, tar, etc). We want to know return codes, so we should
block a default sigchld handler. Before we did that for each
command, I suggest to block SIGCHLD, then restore namespace and
unblock SIGCHLD.
The default sigchld handler is used for catching target processes,
but all this processes (except a current one ) are started after
restoring namespaces.
Currently we forgot to block SIGCHLD before executing "ip",
and this bug was caught.
Reported-by: Stanislav Kinsbursky <skinsbursky@parallels.com>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The devpts fs should be mounted and its content is restored,
when crtools restores terminals.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
When dumping a tmpfs mount we need to take its contents with us.
So, use tar for it and put it into the image dir.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Binfmt is global fs. We could check for its inhabitants intersect on
source and destination, but for the 1st time it's enough just to check
this one being empty.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The routines are supposed to provide a DIR * for a givem mountpoint. Currently
it aborts when a mountpoint is overmounted, but this should be fixed eventually.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We need to dump content of some fs like binfmt_misc, tmpfs, ... To facilitate
this the existing list of filesystems is turned into an array of structures
with dump and restore callbacks. Each FS may declare them they need.
v2: rework encode/decode_fstype not to do it twice.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
It's global, so it doesn't require any actions, they should be only mounted.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The pb_read thing is no longer a macros. This will allow to
factor out objects collecting on restore.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
- Use sizeof instead of PATH_MAX constant
- Place EOS exactly after read data end
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Acked-by: Andrew Vagin <avagin@parallels.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The option is -r|--pivot-root and an argument is a path to new root.
A root task will make pivot_root. LXC CT does that, so we need that
for restoring.
v2: s/pivot-root/root/
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
The list of mounts is used by inotify to restore a watch with open-by-handle. The problem
is that after the clean_mnt_ns is done the mntinfo list is no longer relevant.
Fix it by freeing the old one and initializing the new with the read-from-image stuff.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
If we dump tasks with mntns, we should look at pathes from point of a mntns root.
Now we support a situation when a root of an init task has the same root as the
mntns root, because we have not another way to get a root of mntns.
A path to an unix socket is copied, because the origin copy will be gone
out from the function, where it was created.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This one walks the 'plain' image file, i.e. the one with straignt <magi>[<size><entry>]*
format, and prints each message. Saves lots of lines of code.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
1. Mountinfo should be collected after we have forked into new namespace (strictly
speaking this is so)
2. When restoring a mnt ns we can reuse the collected mntinfos rather than reading
them again.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Only support virtual filesystems mount. No bindmounts or disk fs
due to non trivial resolving of devices names and binmount sources.
Will be implemented later.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
