- 10 Oct, 2013 2 commits
-
-
Pavel Emelyanov authored
Signed-off-by:Pavel Emelyanov <xemul@parallels.com>
-
Cyrill Gorcunov authored
There is no much point to strdup this value obtained from command line. It sits in environment and we don't modify it at all. Signed-off-by:
Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by:
-
- 04 Oct, 2013 1 commit
-
-
Cyrill Gorcunov authored
The maximal size which may be used in the kernel for sending TCP data on restore is varies depending on how many memory installed on the system, moreover the memory allocated for "read queue" is bigger than used for "write queue". Thus when we checkpointed a big slab of data we need to figure out which size is allowed for sending data on restore. For this we read /proc/sys/net/ipv4/tcp_[wmem|rmem] on restore and calculate the size needed, then we simply chop data to segements and send it in a loop. Typical output on restore is something like | (00.013001) 30110: TCP queue memory limits are 2097152:3145728 https://bugzilla.openvz.org/show_bug.cgi?id=2751 [xemul: moved stuff to kerndat.c] Reported-by:
Andrey Vagin <avagin@openvz.org> Signed-off-by:
-
- 09 Oct, 2013 2 commits
-
-
Cyrill Gorcunov authored
We usually print error messages starting with capital letter. Signed-off-by:
-
Cyrill Gorcunov authored
Signed-off-by:
-
- 03 Oct, 2013 3 commits
-
-
Pavel Emelyanov authored
It was written but wasn't included into standard run because ip tool with needed functionality wasn't available "upstream". Signed-off-by: -
Pavel Emelyanov authored
Signed-off-by: -
Pavel Emelyanov authored
By default just use the iptables-save and iptables-restore commands. User may define CR_IPTABLES variable, in this case the "sh -c $CR_IPTABLES" would be called. Signed-off-by:
-
- 02 Oct, 2013 8 commits
-
-
Pavel Emelyanov authored
Signed-off-by: -
Ruslan Kuprieiev authored
Signed-off-by:
Ruslan Kuprieiev <kupruser@gmail.com> Signed-off-by:
-
Ruslan Kuprieiev authored
Signed-off-by:
-
Ruslan Kuprieiev authored
Lets use one default log filename. User can set if in request, if needed. Signed-off-by:
-
Ruslan Kuprieiev authored
Add restore to rpc.proto. Signed-off-by:
-
Andrey Vagin authored
We need to detect parasite crashes to not hangs on socket operations. CRIU ptraces parasite. So if it crashes, SIGCHLD is received. If a parasite daemon crashed, we can to do nothing. The state of current process can't be restored, because we can't to drop the signal. The state of other processes are consistent. Probably the best choise in this case is to exit. Signed-off-by:
-
Andrey Vagin authored
We are going to detect parasite crashes. For that we are goint to check all unwaited processes in SIGCHLD handler. cr_system blocks SIGCHLD and unblocks it after waiting a target process. Signed-off-by:
-
Andrey Vagin authored
We use unix socket to communicate with parasite. Before we used SOCK_STREAM, but it doesn't guaranty that the message boundaries will be save. Signed-off-by:
-
- 28 Sep, 2013 3 commits
-
-
Pavel Emelyanov authored
When dumping/restoring for unpriveledged user, check for all sets of IDs to match, just like ptrace-may-attach in the kernel. Signed-off-by: -
Pavel Emelyanov authored
Signed-off-by: -
Pavel Emelyanov authored
It's not enough to check only uids on dump and restore -- we need to check e-ids and s-ids now (and caps in the future). Signed-off-by:
-
- 02 Oct, 2013 4 commits
-
-
Ruslan Kuprieiev authored
v2: remove redundant functions and variables. Signed-off-by:
-
Ruslan Kuprieiev authored
Lets rename CriuDumpReq to CriuOpts, for the sake of readability and to avoid coping code for restore mechanism, as CriuDumpReq and CriuRestoreResp would have almost the same fields. Also, it would be easier to introduce other types of requests. Signed-off-by:
Ruslan Kuprieiev <kurpuser@gmail.com> Signed-off-by:
-
Ruslan Kuprieiev authored
[xemul: Simplified !log_file case and renumbered .proto fields] Signed-off-by:
-
Ruslan Kuprieiev authored
When dump/pre-dump failed before initializing vmas, free_mappings(&vmas) is called and this cause segfault. Lets initialize vmas in the very beginning of dump. Signed-off-by:
-
- 01 Oct, 2013 1 commit
-
-
Andrey Vagin authored
./zdtm.sh: line 231: local: `lname,': not a valid identifier ./zdtm.sh: line 251: local: `ldir,': not a valid identifier https://bugzilla.openvz.org/show_bug.cgi?id=2763Signed-off-by:
-
- 28 Sep, 2013 11 commits
-
-
Pavel Emelyanov authored
Zero is bad for checks, as peer-less sockets have such. BUG introduced in cfe72ab7 :( Signed-off-by:
-
Pavel Emelyanov authored
Signed-off-by: -
Pavel Emelyanov authored
Signed-off-by: -
Pavel Emelyanov authored
Right now we have an ability to launch the C/R service from root and execure dump requests from unpriviledged users. Not to be bad guys, we deny dumping tasks belonging to user, that cannot be "watched" (traced, read /proc, etc.) by the dumper. In the future we will use this "engine" when launched with suid bit, and (probably) will have more sophisticated policy. Signed-off-by: -
Pavel Emelyanov authored
I'm about to get rid of service state struct. Signed-off-by: -
Pavel Emelyanov authored
* Close fd only once at the end * Close listener socket Signed-off-by: -
Pavel Emelyanov authored
This fd is an internal thing of the service. Remove it from externally available structure. Signed-off-by: -
Pavel Emelyanov authored
Signed-off-by: -
Pavel Emelyanov authored
Signed-off-by: -
Pavel Emelyanov authored
Signed-off-by: -
Pavel Emelyanov authored
Signed-off-by:
-
- 01 Oct, 2013 5 commits
-
-
Andrey Vagin authored
Before this patch only namespaces of the root task are dumped. Now we dump all namespace, which have been collected. I'm not sure, that we want to create a new process for each namespace. Signed-off-by:
-
Andrey Vagin authored
Before we dumped namespace of the root task only. Now we are going to dump nested namespaces, so we need to know a pid of any process, which lives in the target namespace. Signed-off-by:
-
Andrey Vagin authored
Signed-off-by:
-
Andrey Vagin authored
Signed-off-by:
-
Andrey Vagin authored
We are going to replace pid on id in names of image files. The id is uniq for each namespace, so it's more convient, if image files are opened per namespace. Signed-off-by:
-
