- 27 Apr, 2016 1 commit
-
-
Andrew Vagin authored
We found that linkat for "unsafe" files doesn't work in userns if a file uid isn't equal to the currect fsuid. This issue was fixed by changing fsuid before calling linkat. But in this case we are not able to createa link if a target directory doesn't have write premissions. Starting with the 4.3 kernel, it's possible to create links of "unsafe files": f2ca379642d7 ("namei: permit linking with CAP_FOWNER in userns") So we can try to call linkat() without changing fsuid and make one more attempt with changing fsuid if the first one failed with EPERM. Signed-off-by:Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@virtuozzo.com>
-
- 21 Apr, 2016 11 commits
-
-
Cyrill Gorcunov authored
When not set up it leaves empty making setup of pycriu python library wrong. Define it as root. Reported-by:
Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by:
-
Andrew Vagin authored
Cc: Kirill Tkhai <ktkhai@virtuozzo.com> Signed-off-by:
Kirill Tkhai <ktkhai@virtuozzo.com> Signed-off-by:
-
Kirill Tkhai authored
Do not fail, if task doesn't have open files. This fixes zdtm/static/fd test, which is broken now: (00.004411) Error (cr-dump.c:1312): Dump files (pid: 25) failed with -1 (00.004548) Error (cr-dump.c:1614): Dumping FAILED. Signed-off-by:
-
Cyrill Gorcunov authored
It might be nil on predump, so dereference only when present. Signed-off-by:
Cyrill Gorcunov <gorcunov@virtuozzo.com> Acked-by:
-
Andrei Vagin authored
Signed-off-by:
-
Stanislav Kinsburskiy authored
The only one (so far) "post-resume" script needs some pid to join its Signed-off-by:
Stanislav Kinsburskiy <skinsbursky@virtuozzo.com> Signed-off-by:
-
Pavel Emelyanov authored
TCP code doesn't need one any longer. Signed-off-by: -
Pavel Emelyanov authored
Don't mess with sysctl, just try sending queues in greedy mode shrinking the max_chunk eventually. This is needed for 2 reasons -- first, to get rig of reading the max_rshare sysctl and to make libsoccr possible and simple. Signed-off-by: -
Andrew Vagin authored
CID 159475 (#1 of 1): Unchecked return value from library (CHECKED_RETURN) 1. check_return: Calling lseek(img_raw_fd(img), pkt->entry->length, 1) without checking return value. This library function may fail and return an error code. Signed-off-by:
-
Stanislav Kinsburskiy authored
The only one (so far) "post-resume" script needs some pid to join its namespaces. Let it be containers root. v4: 1) Enviroonment setup has been was moved to run_scripts 2) Environment variable NS_PID was renamed to CRTOOLS_INIT_PID Signed-off-by:
-
Stanislav Kinsburskiy authored
This hook is called at the very end, when everything is restored and processes were resumed. Can be used for some actions, which require operation container, like restarting of systemd autofs services. v3: Call "post-resume" scripts before detach option check (to make sure, that restored process(es) are still alive v2: Remove code chunk, escaped from debugging Signed-off-by:
-
- 11 Apr, 2016 1 commit
-
-
Pavel Emelyanov authored
Here's the first once-a-month release with whatever is there in the master branch. We have quite a few new features, but a lot of bugifxes :) Signed-off-by:
-
- 07 Apr, 2016 25 commits
-
-
Andrew Vagin authored
Signed-off-by:
-
Andrew Vagin authored
Currently criu can't handle a processes with more than 1024 file descriptors. In this patch, criu dumps file descriptors for a few iterations. Fixes https://github.com/xemul/criu/issues/145 v2: don't move the collect stage Signed-off-by:
-
Andrew Vagin authored
We are going to remove the PARASITE_MAX_FDS limit and this patch is a preparation for this. Signed-off-by:
-
Dengguangxing authored
Signed-off-by:
Deng Guangxing <dengguangxing@huawei.com> Signed-off-by:
-
Tycho Andersen authored
These devices are injected into every network namespace when the ip_gre module is loaded. They cannot be configured as usable tunnels, so let's just ignore them. Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
-
Cyrill Gorcunov authored
Signed-off-by:
Dmitry Safonov <dsafonov@virtuozzo.com> Signed-off-by:
-
Cyrill Gorcunov authored
In case of error inside collect_cgroups we need - @ctls list has been spliced into @cs->ctls so we cant just free it, but rather use put_ctls on @cs->ctls - delete @cs->l from global @cg_sets list before free it Signed-off-by:
Andrew Vagin <avagin@openvz.org> Acked-by:
-
Cyrill Gorcunov authored
If add_cgroup_properties failed we have @ncd sitting in @match->children or @current_controller->heads list, and then we free @ncd entry leaving those lists carrying dead pointers. Add proper rollback action. Signed-off-by:
-
Cyrill Gorcunov authored
Since we're freeing list entries don't forget to initialize list then, otherwise it gets out with free entries and may hit use-after-free bug. Signed-off-by:
-
Dmitry Safonov authored
We will still able to distinguish if it's garbage in ax register, but this is definitely prettier: (00.036900) 687 was trapped (00.036903) 687 is going to execute the syscall 158 (00.036928) 687 was trapped (00.036931) 687 is going to execute the syscall 173 Than that: (00.024403) 687 was trapped (00.024407) 687 is going to execute the syscall 9e (00.024419) 687 was trapped (00.024421) 687 is going to execute the syscall ad Signed-off-by:
-
Cyrill Gorcunov authored
Previously when we've been on early stage we tried to workaround lack of prlimit libc call simply providing own implementation, but it cause problems on some libc configurations so simply use rlimit64 and __NR_prlimit64 syscall directly. The kernel must support __NR_prlimit64 syscall and provide rlimit64 structure as well. Signed-off-by:
-
Pavel Emelyanov authored
The option was in use when we didn't have the /proc/pid/ns links and thus ns ids. Later we used it at restore time to tell which namespaces to restore the pstree into. Right now ids are always generated and this option has no effect (and meaning). Signed-off-by: -
Pavel Emelyanov authored
We've been writing this file since 0.4, hopefully nobody's using such an oldie :) v2: Don't BUG_ON, but return error, as this can be triggered by corrupting images. Signed-off-by: -
Cyrill Gorcunov authored
This helper is used in both PIE and non-PIE code. For the second we can use normal pr_perror. Signed-off-by:
-
Andrew Vagin authored
Atomic operations doesn't work for non-aligned pointers. =[log]=> dump/zdtm/static/autofs/30/2/restore.log ------------------------ grep Error ------------------------ (00.185037) 5: Error (/root/git/criu/criu/include/lock.h:78): BUG at /root/git/criu/criu/include/lock.h:78 (00.207193) Error (cr-restore.c:1407): 100 killed by signal 9: Killed (00.219187) Error (cr-restore.c:2237): Restoring FAILED. ------------------------ ERROR OVER ------------------------ 4339 futex(0x7fa79c1561da, FUTEX_WAKE, 2147483647 <unfinished ...> 4339 <... futex resumed> ) = -1 EINVAL (Invalid argument) Signed-off-by:
-
Andrew Vagin authored
v2: copy aio00.desc Signed-off-by:
-
Kirill Tkhai authored
Since AIO ring is never pre-dumped, it never has a parent in pre-dump. Make generate_iovs() to know this. Signed-off-by:
-
Kirill Tkhai authored
Signed-off-by:
-
Kirill Tkhai authored
Description: 1)Create io context, submit several io operations and get events of some of them. 2)Sleep on signal. 3)Check tail, head and nr events restored correct. 4)Emit one more io operation. 5)Check tail has moved one number forward (i.e. synchronize in-kernel and userspace tails if they were different). Signed-off-by:
-
Kirill Tkhai authored
Check nr in aio header during dump and correctness of tail, head and nr during restore. Signed-off-by:
-
Kirill Tkhai authored
1)Dump/restore mmaped aio ring like any other private vma entry, with the only exception we do not predump it. 2)Create io context, set head and tail using write to /dev/null. 3)Copy aio ring restored in (1) to created in (2). 4)Remap (2) to address of (1). Signed-off-by:
-
Kirill Tkhai authored
Signed-off-by:
-
Kirill Tkhai authored
Signed-off-by:
-
Kirill Tkhai authored
Move the declaration from .c to header file. Also rename parasite_check_aios() since we have one more function with the same name. Signed-off-by:
-
Adrian Reber authored
The page server already knows how to create a TCP server and client. The code has been hidden behind static-s in page-xfer.c. This commit moves the common TCP server/client code to util.c to be able to also use it in the upcoming remote lazy-server/lazy-client userfaultfd enhanced criu. Signed-off-by:
Adrian Reber <areber@redhat.com> Signed-off-by:
-
- 04 Apr, 2016 2 commits
-
-
Andrew Vagin authored
Signed-off-by:
-
Dmitry Safonov authored
Impact: no functional changes, cleanup. Signed-off-by:
-
