- 06 May, 2016 4 commits
-
-
Pavel Emelyanov authored
We effectively have two modes of actions -- call shell scripts and call RPC. So make ths code work such. As a side effect -- we don't mess with environment variables in case of RPC notifications. Signed-off-by:Pavel Emelyanov <xemul@virtuozzo.com>
-
Pavel Emelyanov authored
This lets us clean the action-script.c eventually. Signed-off-by: -
Pavel Emelyanov authored
The same -- it's internal action-scripts.c business. Signed-off-by: -
Pavel Emelyanov authored
It's used purely inside action-scripts.c, so move it there not to pollute the global opts. Signed-off-by:
-
- 04 May, 2016 1 commit
-
-
Pavel Emelyanov authored
Signed-off-by:
-
- 27 Apr, 2016 13 commits
-
-
Andrew Vagin authored
Fixes: 1dc2f87b33ce ("util: shutdown log in cr_system_userns if error fd is negative") Cc: Stanislav Kinsburskiy <skinsbursky@virtuozzo.com> Signed-off-by:Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
-
Cyrill Gorcunov authored
While most are handled from the scratch there is a significant problem with python setup. So I added some preliminaty solution, probably someohe with good knowledge of how setup.py works improve it later. Signed-off-by:
Cyrill Gorcunov <gorcunov@openvz.org> Reviewed-by:
Dmitry Safonov <dsafonov@virtuozzo.com> Signed-off-by:
-
Cyrill Gorcunov authored
Will need it for uninstall action. Signed-off-by:
-
Stanislav Kinsburskiy authored
Otherwise error in case of exec error won't be printed The problem is that when err fd is negative, it's replaced by log fd. Then err is moved to STDERR (that means, that log_fd is _closed_). But log facility still consider log fd as valid and tries to use it to print error message in case of exec failure. Which is equal to writing to /dev/null, basically. This patch shutdown log, if err fd was negative, thus forcing criu to output exec error to STDERR (which was replaced by log fs, btw). Signed-off-by:
Stanislav Kinsburskiy <skinsbursky@virtuozzo.com> Signed-off-by:
-
Kirill Tkhai authored
If several copies of binfmt_misc test are running, we may fail because of duplicate names. Fix that by giving a custom name for registered /proc/sys/fs/binfmt_misc/xxx. ################## Test zdtm/static/binfmt_misc FAIL at start ################## Test output: ================================ 18:03:33.594: 4: string: :magic_file:M:9:\x73\x51\xff\x4a\xec\x29\xcd\xba\xab\xf2::/bin/interpreter:OCP 18:03:33.594: 4: FAIL: binfmt_misc.c:133: write magic_file (errno = 22 (Invalid argument)) 18:03:33.594: 3: ERR: test.c:204: Test exited unexpectedly with code 1 Signed-off-by:
Kirill Tkhai <ktkhai@virtuozzo.com> Signed-off-by:
-
Andrew Vagin authored
When user namespace are stepping in we should wait for their preparation to complete before start using userns daemon (internally the kernel checks for uids and if uids are not set -EINVAL will be returned when usersn calls for sendmsg()). v2: change stages correctly v3: Wait prepare_userns() before making any calls to usernsd() Cc: Cyrill Gorcunov <gorcunov@gmail.com> Acked-by:
Cyrill Gorcunov <gorcunov@gmail.com> Signed-off-by:
-
Dmitry Safonov authored
Fixes small bug: __open_proc() macro is called from parse_pid_loginuid as: > fd = __open_proc(pid, (ignore_noent) ? ENOENT : 0, > O_RDONLY, "loginuid"); So, ier parameter is badly expanded with current version: > if (__fd < 0 && (errno != (ignore_noent) ? ENOENT : 0) Which in result does not hide "No such file" error on feature test (at least with arm-gcc). Not a big deal, tho. Reported-by:
alex vk <avankemp@gmail.com> Signed-off-by:
-
Dmitry Safonov authored
Impact: little optimization Signed-off-by:
-
Andrew Vagin authored
Signed-off-by:
-
Pavel Tikhomirov authored
Signed-off-by:
Pavel Tikhomirov <ptikhomirov@virtuozzo.com> Signed-off-by:
-
Pavel Tikhomirov authored
Signed-off-by:
-
Pavel Tikhomirov authored
drop_unicast_in_l2_multicast and drop_gratuitous_arp appeared in MS: commit 12b74dfadb5a ("ipv4: add option to drop unicast encapsulated in L2 multicast") commit 97daf3314550 ("ipv4: add option to drop gratuitous ARP packets") Signed-off-by: -
Andrew Vagin authored
We found that linkat for "unsafe" files doesn't work in userns if a file uid isn't equal to the currect fsuid. This issue was fixed by changing fsuid before calling linkat. But in this case we are not able to createa link if a target directory doesn't have write premissions. Starting with the 4.3 kernel, it's possible to create links of "unsafe files": f2ca379642d7 ("namei: permit linking with CAP_FOWNER in userns") So we can try to call linkat() without changing fsuid and make one more attempt with changing fsuid if the first one failed with EPERM. Signed-off-by:
-
- 21 Apr, 2016 11 commits
-
-
Cyrill Gorcunov authored
When not set up it leaves empty making setup of pycriu python library wrong. Define it as root. Reported-by:
-
Andrew Vagin authored
Cc: Kirill Tkhai <ktkhai@virtuozzo.com> Signed-off-by:
-
Kirill Tkhai authored
Do not fail, if task doesn't have open files. This fixes zdtm/static/fd test, which is broken now: (00.004411) Error (cr-dump.c:1312): Dump files (pid: 25) failed with -1 (00.004548) Error (cr-dump.c:1614): Dumping FAILED. Signed-off-by:
-
Cyrill Gorcunov authored
It might be nil on predump, so dereference only when present. Signed-off-by:
Cyrill Gorcunov <gorcunov@virtuozzo.com> Acked-by:
-
Andrei Vagin authored
Signed-off-by:
-
Stanislav Kinsburskiy authored
The only one (so far) "post-resume" script needs some pid to join its Signed-off-by:
-
Pavel Emelyanov authored
TCP code doesn't need one any longer. Signed-off-by: -
Pavel Emelyanov authored
Don't mess with sysctl, just try sending queues in greedy mode shrinking the max_chunk eventually. This is needed for 2 reasons -- first, to get rig of reading the max_rshare sysctl and to make libsoccr possible and simple. Signed-off-by: -
Andrew Vagin authored
CID 159475 (#1 of 1): Unchecked return value from library (CHECKED_RETURN) 1. check_return: Calling lseek(img_raw_fd(img), pkt->entry->length, 1) without checking return value. This library function may fail and return an error code. Signed-off-by:
-
Stanislav Kinsburskiy authored
The only one (so far) "post-resume" script needs some pid to join its namespaces. Let it be containers root. v4: 1) Enviroonment setup has been was moved to run_scripts 2) Environment variable NS_PID was renamed to CRTOOLS_INIT_PID Signed-off-by:
-
Stanislav Kinsburskiy authored
This hook is called at the very end, when everything is restored and processes were resumed. Can be used for some actions, which require operation container, like restarting of systemd autofs services. v3: Call "post-resume" scripts before detach option check (to make sure, that restored process(es) are still alive v2: Remove code chunk, escaped from debugging Signed-off-by:
-
- 11 Apr, 2016 1 commit
-
-
Pavel Emelyanov authored
Here's the first once-a-month release with whatever is there in the master branch. We have quite a few new features, but a lot of bugifxes :) Signed-off-by:
-
- 07 Apr, 2016 10 commits
-
-
Andrew Vagin authored
Signed-off-by:
-
Andrew Vagin authored
Currently criu can't handle a processes with more than 1024 file descriptors. In this patch, criu dumps file descriptors for a few iterations. Fixes https://github.com/xemul/criu/issues/145 v2: don't move the collect stage Signed-off-by:
-
Andrew Vagin authored
We are going to remove the PARASITE_MAX_FDS limit and this patch is a preparation for this. Signed-off-by:
-
Dengguangxing authored
Signed-off-by:
Deng Guangxing <dengguangxing@huawei.com> Signed-off-by:
-
Tycho Andersen authored
These devices are injected into every network namespace when the ip_gre module is loaded. They cannot be configured as usable tunnels, so let's just ignore them. Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
-
Cyrill Gorcunov authored
Signed-off-by:
-
Cyrill Gorcunov authored
In case of error inside collect_cgroups we need - @ctls list has been spliced into @cs->ctls so we cant just free it, but rather use put_ctls on @cs->ctls - delete @cs->l from global @cg_sets list before free it Signed-off-by:
Andrew Vagin <avagin@openvz.org> Acked-by:
-
Cyrill Gorcunov authored
If add_cgroup_properties failed we have @ncd sitting in @match->children or @current_controller->heads list, and then we free @ncd entry leaving those lists carrying dead pointers. Add proper rollback action. Signed-off-by:
-
Cyrill Gorcunov authored
Since we're freeing list entries don't forget to initialize list then, otherwise it gets out with free entries and may hit use-after-free bug. Signed-off-by:
-
Dmitry Safonov authored
We will still able to distinguish if it's garbage in ax register, but this is definitely prettier: (00.036900) 687 was trapped (00.036903) 687 is going to execute the syscall 158 (00.036928) 687 was trapped (00.036931) 687 is going to execute the syscall 173 Than that: (00.024403) 687 was trapped (00.024407) 687 is going to execute the syscall 9e (00.024419) 687 was trapped (00.024421) 687 is going to execute the syscall ad Signed-off-by:
-
