1. 02 Mar, 2018 4 commits
    • Pavel Tikhomirov's avatar
      mount: make open_mountpoint handle overmouts properly · b364f4fd
      Pavel Tikhomirov authored
      dump of VZ7 ct fails, if we have overmounted tmpfs inside:
      
      [root@silo ~]# prlctl enter su-test-2
      entered into CT
      CT-829e7b28 /# mkdir /mnt/overmntedtmp
      CT-829e7b28 /# mount -t tmpfs tmpfs /mnt/overmntedtmp/
      CT-829e7b28 /# mount -t tmpfs tmpfs /mnt
      CT-829e7b28 /# logout
      
      [root@silo ~]# prlctl suspend su-test-2
      Suspending the CT...
      Failed to suspend the CT: PRL_ERR_VZCTL_OPERATION_FAILED (Details: Will skip in-flight TCP connections
      (01.657913) Error (criu/mount.c:1202): mnt: Can't open ./mnt/overmntedtmp: No such file or directory
      (01.662528) Error (criu/util.c:709): exited, status=1
      (01.664329) Error (criu/util.c:709): exited, status=1
      (01.664694) Error (criu/cr-dump.c:2005): Dumping FAILED.
      Failed to checkpoint the Container
      All dump files and logs were saved to /vz/private/829e7b28-f204-4bce-b09f-d203b99befd4/dump/Dump.fail
      Checkpointing failed
      )
      
      Criu wants to dump the contents of /mnt/overmntedtmp/ mount but it is
      unavailable. So we copy the mount namespace in such a case and unmount
      overmounts to access what we want to dump.
      
      Actual usecase here is dumping CT with active mariadb and ssh
      connection. Together they happen to create such overmount. As by default
      systemd creates a separate mount namespace for mysql and also mounts
      tmpfs to /run/user in it, and when ssh(root) is connected - systemd also
      mounts tmpfs in container root mount namespace to /run/user/0 for user
      files. As /run is slave mount /run/user/0 also propagates to mysql's
      mount namespace and initially becomes overmounted by /run/user.
      
      https://jira.sw.ru/browse/PSBM-57362
      
      remove __maybe_unused for mnt_is_overmounted and umount_overmounts
      
      changes in v2:
      1) Use clone not fork, share resources with parent same as in
      call_in_child_process.
      2) Do not enter userns (create helper) for non-overmounted mounts. Thus
      return back setns/resorens logic.
      3) Helper opens fd for parent directly due to CLONE_FILES, remove futex.
      4) Check helper exit status properly.
      5) Add get_clean_fd helper.
      6) Add better comments.
      
      changes in v3:
      1) Pass fd from helper through args instead of ret code, fix ret code
      checking.
      2) Add \n to pr_err in open_mountpoint
      
      changes in v5:
      Make comments even better.
      Signed-off-by: 's avatarPavel Tikhomirov <ptikhomirov@virtuozzo.com>
      Signed-off-by: 's avatarAndrei Vagin <avagin@virtuozzo.com>
      b364f4fd
    • Pavel Tikhomirov's avatar
      mount add umount_overmounts helper to make mount visible · 83df8649
      Pavel Tikhomirov authored
      also remove __maybe_unused for __umount_children_overmounts
      
      note: leave it __maybe_unused yet
      Signed-off-by: 's avatarPavel Tikhomirov <ptikhomirov@virtuozzo.com>
      Signed-off-by: 's avatarAndrei Vagin <avagin@virtuozzo.com>
      83df8649
    • Pavel Tikhomirov's avatar
      mount: add __umount_children_overmounts helper to make mount visible · d17bad63
      Pavel Tikhomirov authored
      note: leave it __maybe_unused yet
      Signed-off-by: 's avatarPavel Tikhomirov <ptikhomirov@virtuozzo.com>
      Signed-off-by: 's avatarAndrei Vagin <avagin@virtuozzo.com>
      d17bad63
    • Pavel Tikhomirov's avatar
      mount: add mnt_is_overmounted helper to check mount visibility · 2bed6e9f
      Pavel Tikhomirov authored
      note: leave it __maybe_unused yet
      Signed-off-by: 's avatarPavel Tikhomirov <ptikhomirov@virtuozzo.com>
      Signed-off-by: 's avatarAndrei Vagin <avagin@virtuozzo.com>
      2bed6e9f
  2. 15 Feb, 2018 36 commits