ns: add an ability to not dump properties for a specified namespace

Docker requested an option, when network devices and routes are not dumped and not restored. Instead of this Docker will call libnetwork hook to tune netns from the setup-namespaces action. Cc: Saied Kazemi <saied@google.com> Tested-by: Ross Boucher <boucher@gmail.com> Signed-off-by: Andrew Vagin <avagin@virtuozzo.com> Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>

ns: add an ability to not dump properties for a specified namespace
Docker requested an option, when network devices and routes are not dumped and not restored. Instead of this Docker will call libnetwork hook to tune netns from the setup-namespaces action. Cc: Saied Kazemi <saied@google.com> Tested-by: Ross Boucher <boucher@gmail.com> Signed-off-by: Andrew Vagin <avagin@virtuozzo.com> Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
1741438f · Andrew Vagin · Pavel Emelyanov · b13a132e · 1741438f · 1741438f
Commit 1741438f authored Feb 12, 2016 by Andrew Vagin Committed by Pavel Emelyanov Feb 17, 2016
Showing with 49 additions and 23 deletions

cr-service.c criu/cr-service.c +7 -0

crtools.c criu/crtools.c +13 -0

cr_options.h criu/include/cr_options.h +1 -0

net.c criu/net.c +27 -23

rpc.proto images/rpc.proto +1 -0

No files found.
--- a/criu/cr-service.c
+++ b/criu/cr-service.c
@@ -13,6 +13,7 @@
 #include <sys/wait.h>
 #include <sys/stat.h>
 #include <arpa/inet.h>
+#include <sched.h>
 #include "crtools.h"
 #include "cr_options.h"
@@ -459,6 +460,12 @@ static int setup_opts_from_req(int sk, CriuOpts *req)
 	if (req->has_ghost_limit)
 		opts.ghost_limit = req->ghost_limit;
+	if (req->has_empty_ns) {
+		opts.empty_ns = req->empty_ns;
+		if (req->empty_ns & ~(CLONE_NEWNET))
+			goto err;
+	}
 	if (req->n_irmap_scan_paths) {
 		for (i = 0; i < req->n_irmap_scan_paths; i++) {
 			if (irmap_scan_path_add(req->irmap_scan_paths[i]))

--- a/criu/crtools.c
+++ b/criu/crtools.c
@@ -67,6 +67,7 @@ void init_opts(void)
 	opts.ps_socket = -1;
 	opts.ghost_limit = DEFAULT_GHOST_LIMIT;
 	opts.timeout = DEFAULT_TIMEOUT;
+	opts.empty_ns = 0;
 }
 static int parse_ns_string(const char *ptr)
@@ -272,6 +273,7 @@ int main(int argc, char *argv[], char *envp[])
 		{ "lsm-profile",		required_argument,	0, 1071 },
 		{ "timeout",			required_argument,	0, 1072 },
 		{ "external",			required_argument,	0, 1073	},
+		{ "empty-ns",			required_argument,	0, 1074	},
 		{ },
 	};
@@ -543,6 +545,14 @@ int main(int argc, char *argv[], char *envp[])
 			if (add_external(optarg))
 				return 1;
 			break;
+		case 1074:
+			if (!strcmp("net", optarg))
+				opts.empty_ns |= CLONE_NEWNET;
+			else {
+				pr_err("Unsupported empty namespace: %s", optarg);
+				return 1;
+			}
+			break;
 		case 'V':
 			pr_msg("Version: %s\n", CRIU_VERSION);
 			if (strcmp(CRIU_GITID, "0"))
@@ -792,6 +802,9 @@ usage:
 "                            tty[rdev:dev]\n"
 "                            pipe[inode]\n"
 "                            socket[inode]\n"
+"  --empty-ns {net}\n"
+"			Create a namespace, but don't restore its properies.\n"
+"			An user will retore them from action scripts.\n"
 "\n"
 "* Logging:\n"
 "  -o|--log-file FILE    log file name\n"

--- a/criu/include/cr_options.h
+++ b/criu/include/cr_options.h
@@ -106,6 +106,7 @@ struct cr_options {
 	bool			lsm_supplied;
 	char			*lsm_profile;
 	unsigned int		timeout;
+	unsigned int		empty_ns;
 };
 extern struct cr_options opts;

--- a/criu/net.c
+++ b/criu/net.c
@@ -1062,16 +1062,18 @@ int dump_net_ns(int ns_id)
 		return -1;
 	ret = mount_ns_sysfs();
-	if (!ret)
+	if (!(opts.empty_ns & CLONE_NEWNET)) {
-		ret = dump_netns_conf(fds);
+		if (!ret)
-	if (!ret)
+			ret = dump_netns_conf(fds);
-		ret = dump_links(fds);
+		if (!ret)
-	if (!ret)
+			ret = dump_links(fds);
-		ret = dump_ifaddr(fds);
+		if (!ret)
-	if (!ret)
+			ret = dump_ifaddr(fds);
-		ret = dump_route(fds);
+		if (!ret)
-	if (!ret)
+			ret = dump_route(fds);
-		ret = dump_rule(fds);
+		if (!ret)
+			ret = dump_rule(fds);
+	}
 	if (!ret)
 		ret = dump_iptables(fds);
 	if (!ret)
@@ -1088,21 +1090,23 @@ int dump_net_ns(int ns_id)
 int prepare_net_ns(int pid)
 {
-	int ret;
+	int ret = 0;
 	NetnsEntry *netns = NULL;
-	ret = restore_netns_conf(pid, &netns);
+	if (!(opts.empty_ns & CLONE_NEWNET)) {
-	if (!ret)
+		ret = restore_netns_conf(pid, &netns);
-		ret = restore_links(pid, &netns);
+		if (!ret)
-	if (netns)
+			ret = restore_links(pid, &netns);
-		netns_entry__free_unpacked(netns, NULL);
+		if (netns)
+			netns_entry__free_unpacked(netns, NULL);
-	if (!ret)
-		ret = restore_ifaddr(pid);
+		if (!ret)
-	if (!ret)
+			ret = restore_ifaddr(pid);
-		ret = restore_route(pid);
+		if (!ret)
-	if (!ret)
+			ret = restore_route(pid);
-		ret = restore_rule(pid);
+		if (!ret)
+			ret = restore_rule(pid);
+	}
 	if (!ret)
 		ret = restore_iptables(pid);
 	if (!ret)

--- a/images/rpc.proto
+++ b/images/rpc.proto
@@ -89,6 +89,7 @@ message criu_opts {
 	optional uint32			ghost_limit	= 35 [default = 0x100000];
 	repeated string			irmap_scan_paths = 36;
 	repeated string			external	= 37;
+	optional uint32			empty_ns	= 38;
 }
 message criu_dump_resp {