- 24 Feb, 2016 3 commits
-
-
Tycho Andersen authored
While this commit is logically part of the "implement cgns support" commit, it's worth noting this separately I think: since cgns requires each task to look at its own proc file, we can now no longer dump unprivileged tasks whose /proc doesn't belong to them. This is because unprivileged tasks can't mount /proc, so if their /proc doesn't belong to them and they need to read it (because they're in a cgns), the pie code can't do anything about it. For cgns, we could solve this problem by simply fork()ing and setns()ing to the tasks pid and cgroup namespaces, and then reading the /proc from that task instead. (And perhaps we should implement it that way so we can still dump tasks whose /proc doesn't belong to them, although I don't think that's a common case.) Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@virtuozzo.com>
-
Tycho Andersen authored
cgroup namespaces are imminent to be merged into the kernel (indeed, they went into and out of 4.5 for minor issues), and will be carried as a patchset in the ubuntu 16.04 kernel. Here's an attempt at c/r. There are essentially three key steps: * on dump, in parse_task_cgroup, we should ask the task what cgroups it thinks it is in (unless it has the same cgroup ns id as its parent, then we should just take the prefixes from the parent's set), and set the prefix on the cg set * add a new restore step, prepare_cgroup_namespace(), which happens in prepare_task_cgroup() that does an unshare() if necessary * when restoring, in move_in_cgroup, if we're going to restore via usernsd, leave the full path. if not, use (cgset->path + len(cgset->cgns_prefix) as the path, since we will have already moved into the cgns_prefix and unshared. Another observation here is that we can support nesting, since these are restored heirarchically by nature. v2: * store cgns prefix length instead of full prefix in images * set has_cgroup_ns_id conditionally * drop unused argument to move_in_cgroup * add extra comments about what is happening when unsharing() on restore * add extra comments about what is happening when computing the actual cgns prefix Signed-off-by: -
Tycho Andersen authored
v2: print a warning when cgroup ns is not present. Signed-off-by:
-
- 20 Feb, 2016 25 commits
-
-
Andrey Vagin authored
v2: create a separate job for each arch Signed-off-by:
Andrey Vagin <avagin@openvz.org> Signed-off-by:
-
Andrey Vagin authored
Fixes: afae962c ("dockerfile: extract a common part in one file") Signed-off-by:
-
Tycho Andersen authored
precise's libc headers are extremly old and don't define SYS_*. trusty's do, so let's run the travis tests there. Signed-off-by:
-
Pavel Emelyanov authored
Tests are often run in VMs and 5 seconds on loaded environments might be not enough to catch transition zdtm tests. Signed-off-by: -
Pavel Emelyanov authored
Signed-off-by: -
Cyrill Gorcunov authored
Current zdtm building procedure depends on impilcit make fules, so bring them back until we moved to nmk build engine. Reported-by:
Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by:
-
Cyrill Gorcunov authored
Otherwise linking may be executed twice as a forced target. Signed-off-by:
-
Ivan Shapovalov authored
Signed-off-by:
Ivan Shapovalov <intelfx@intelfx.name> Signed-off-by:
-
Ivan Shapovalov authored
Signed-off-by:
-
Ivan Shapovalov authored
AIO rings internally are memory mappings, so they may have restorable madvise bits on them. Create the mappings before restoring their properties. Signed-off-by:
-
Pavel Emelyanov authored
Signed-off-by: -
Cyrill Gorcunov authored
Fixes #95 Signed-off-by:
-
Andrew Vagin authored
Cc: Jann Horn <jann@thejh.net> Reporte-by:
Jann Horn <jann@thejh.net> Signed-off-by:
Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
-
Andrew Vagin authored
> 21.01.2016 02:56, Jann Horn writes: > Call chain: > > cr_dump_tasks -> collect_namespaces(true) -> > collect_user_namespaces(true) -> walk_namespaces -> collect_user_ns > -> dump_user_ns -> check_user_ns > > This method enters a user namespace with unknown owner with > euid==(kuid 0). Linux does not guarantee that this is safe; with > the current upstream kernel, the namespace owner can attach to the > CRIU process via ptrace and use it to write into /etc/shadow or > whatever. Cc: Jann Horn <jann@thejh.net> Reported-by:
-
Pavel Emelyanov authored
Signed-off-by: -
Pavel Emelyanov authored
Move static and transition into zdtm top. We can't move all the micro tests themselves, as we need to distinguish static from non static (zdtm.py makes additional checks on static ones). Signed-off-by: -
Pavel Emelyanov authored
These two sets are the same -- they test something and ask to be C/R-ed at the time they do it. No other differences. Signed-off-by: -
Pavel Emelyanov authored
Signed-off-by: -
Andrew Vagin authored
Signed-off-by:
-
Cyrill Gorcunov authored
Signed-off-by:
-
Dmitry Safonov authored
To add a new feature test - add it to FEATURES_LIST. Cc: Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by:
Dmitry Safonov <dsafonov@virtuozzo.com> Acked-by:
-
Dmitry Safonov authored
map is very good at generating rules. Just map gen function to array of it's parameters. Don't forget to eval the result. I'll use it in feature-tests generation and in someday coming compat 32-bit mode - in x86 makefiles. Cc: Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by:
-
Tycho Andersen authored
Closes #115 Reported-by: Coverity Signed-off-by:
-
Cyrill Gorcunov authored
Signed-off-by:
-
Pavel Emelyanov authored
This reverts commit a98014f3. As per Saied Kazemi, actually dump works without seccomp support from the kernel on non-seccomped tasks. The only problem was with criu check, but this would be addressed separately. Reverting the commit not to burden the API with (yet) unneeded stuff. Conflicts: lib/c/criu.h
-
- 19 Feb, 2016 6 commits
-
-
Andrew Vagin authored
Signed-off-by:
-
Andrew Vagin authored
Signed-off-by:
-
Andrew Vagin authored
Signed-off-by:
-
Andrei Vagin authored
Signed-off-by:
-
Cyrill Gorcunov authored
As was intended from the scratch. Signed-off-by:
-
Cyrill Gorcunov authored
Fixes #114 Signed-off-by:
-
- 18 Feb, 2016 6 commits
-
-
Tycho Andersen authored
The pie sprintf implementation doesn't know about `z', so let's just use %lu instead. Signed-off-by:
-
Dmitry Safonov authored
As no user does it explicitly, do this in define, it shall look nicer than: parasite_blob: Error (pie/piegen/main.c:121): Can't open file file.oNo such file or directory Signed-off-by:
-
Dmitry Safonov authored
One may specify other parameters, but not 'f'. Piegen should output usage() instead of trying to open "file.o" as -f is explicit. Signed-off-by:
-
Cyrill Gorcunov authored
Currently our @tar target imples that there is a tag in form of "vX.X", if such tag is not present in the repo we're in trouble. So make it sane - if tag present then create tar from this tag - if tag is not present simply use git describe helper Signed-off-by:
-
Cyrill Gorcunov authored
- drop unneeded @built-in.o rule - use proper @CRIU_SO for -soname option - add dep on version change Signed-off-by:
-
Cyrill Gorcunov authored
- define all versions in Makefile.versions toplevel file - rename CRTOOLSVERSION to CRIU_VERSION (and add CRIU_ prefixes) - rename versions for C librabry Signed-off-by:
-
