restore: create the root netns before running setup-namespaces scripts

runc restore executes criu with --emptyns network and set a setup-namespaces script to restore a network namespace. https://github.com/xemul/criu/issues/314 Looks-good-to: Pavel Emelyanov <xemul@virtuozzo.com> Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com> Fixes: 2189b9c71d3d ("net: allow to dump and restore more than one network namespace") Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>

restore: create the root netns before running setup-namespaces scripts
runc restore executes criu with --emptyns network and set a setup-namespaces script to restore a network namespace. https://github.com/xemul/criu/issues/314 Looks-good-to: Pavel Emelyanov <xemul@virtuozzo.com> Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com> Fixes: 2189b9c71d3d ("net: allow to dump and restore more than one network namespace") Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
95f2d407 · Andrei Vagin · ef65d98a · 95f2d407 · 95f2d407
Commit 95f2d407 authored May 04, 2017 by Andrei Vagin
Hide whitespace changes
Inline Side-by-side

Showing with 32 additions and 6 deletions

cr-restore.c criu/cr-restore.c +17 -4

net.c criu/net.c +15 -2

No files found.
--- a/criu/cr-restore.c
+++ b/criu/cr-restore.c
@@ -1564,10 +1564,23 @@ static int restore_task_with_children(void *_arg)
 			goto err;
 	}

-	/* Wait prepare_userns */
-	if (current->parent == NULL &&
-			restore_finish_ns_stage(CR_STATE_ROOT_TASK, CR_STATE_PREPARE_NAMESPACES) < 0)
-		goto err;
+	if (current->parent == NULL) {
+		/*
+		 * The root task has to be in its namespaces before executing
+		 * ACT_SETUP_NS scripts, so the root netns has to be created here
+		 */
+		if (root_ns_mask & CLONE_NEWNET) {
+			ret = unshare(CLONE_NEWNET);
+			if (ret) {
+				pr_perror("Can't unshare net-namespace");
+				goto err;
+			}
+		}
+
+		/* Wait prepare_userns */
+		if (restore_finish_ns_stage(CR_STATE_ROOT_TASK, CR_STATE_PREPARE_NAMESPACES) < 0)
+			goto err;
+	}

 	/*
 	 * Call this _before_ forking to optimize cgroups

--- a/criu/net.c
+++ b/criu/net.c
@@ -2172,6 +2172,9 @@ int dump_net_ns(struct ns_id *ns)
 			ret = dump_iptables(fds);
 		if (!ret)
 			ret = dump_netns_conf(ns, fds);
+	} else if (ns->type != NS_ROOT) {
+		pr_err("Unable to dump more than one netns if the --emptyns is set\n");
+		ret = -1;
 	}
 	if (!ret)
 		ret = dump_nf_ct(fds, CR_FD_NETNF_CT);
@@ -2304,13 +2307,23 @@ static int do_create_net_ns(struct ns_id *ns)
 static int __prepare_net_namespaces(void *unused)
 {
 	struct ns_id *nsid;
+	int root_ns;
+
+	root_ns = open_proc(PROC_SELF, "ns/net");
+	if (root_ns < 0)
+		return -1;

+	/* Pin one with a file descriptor */
 	for (nsid = ns_ids; nsid != NULL; nsid = nsid->next) {
 		if (nsid->nd != &net_ns_desc)
 			continue;

-		if (do_create_net_ns(nsid))
-			goto err;
+		if (nsid->type == NS_ROOT) {
+			nsid->net.ns_fd = root_ns;
+		} else {
+			if (do_create_net_ns(nsid))
+				goto err;
+		}
 	}

 	for (nsid = ns_ids; nsid != NULL; nsid = nsid->next) {