- 24 Dec, 2015 1 commit
-
-
MATSUMOTO, Ryosuke authored
Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
- 23 Dec, 2015 8 commits
-
-
Pavel Emelyanov authored
The mountpoints.c test creates such mount and criu will try to kerndat-check one, so this fs should be on "host". Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Pavel Emelyanov authored
The mountpoints.c test creates such mount and criu will try to kerndat-check one, so this fs should be on "host". Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrew Vagin authored
Signed-off-by:
Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrew Vagin authored
Signed-off-by:
Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrew Vagin authored
A static test should not change its state during C/R Signed-off-by:
Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrew Vagin authored
and call mknod with correct argumetns Signed-off-by:
Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Kirill Tkhai authored
Similar to devtmpfs and devpts, skip binfmt_misc mount if it's not virtual. Signed-off-by:
Kirill Tkhai <ktkhai@odin.com> Acked-by:
Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Pavel Emelyanov authored
V2: Fix the test/Makefile Signed-off-by:
Pavel Emelyanov <xemul@parallels.com> Acked-by:
Andrew Vagin <avagin@virtuozzo.com>
-
- 22 Dec, 2015 10 commits
-
-
Andrei Vagin authored
Signed-off-by:
Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrei Vagin authored
Signed-off-by:
Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrei Vagin authored
Signed-off-by:
Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrew Vagin authored
Signed-off-by:
Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrew Vagin authored
A static test should not change its state during C/R. Signed-off-by:
Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrew Vagin authored
Signed-off-by:
Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrey Vagin authored
Cc: Kirill Tkhai <ktkhai@odin.com> Signed-off-by:
Andrey Vagin <avagin@openvz.org> Signed-off-by:
Andrew Vagin <avagin@virtuozzo.com> Acked-by:
Kirill Tkhai <ktkhai@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Cyrill Gorcunov authored
Signed-off-by:
Cyrill Gorcunov <gorcunov@openvz.org> Acked-by:
Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Cyrill Gorcunov authored
Should be @child_fd instead of @fd Signed-off-by:
Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrew Vagin authored
Reported-by: Mr Jenkins Signed-off-by:
Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
- 21 Dec, 2015 15 commits
-
-
Andrew Vagin authored
Otherwise we can see this error: 5: Old files lost: set([]) 5: New files appeared: set(['5', '6']) Reported-by: Mr Jenkins Signed-off-by:
Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Stanislav Kinsburskiy authored
Signed-off-by:
Stanislav Kinsburskiy <skinsbursky@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrew Vagin authored
Signed-off-by:
Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Pavel Tikhomirov authored
Do so as in user-namespace on mainstream kernel writing to file with suid bit set always cleares these bit, regardless to CAP_FSETID. (see in should_remove_suid plane capable() is used, and same in VZ7) Also we have an alternative to wait while several patches will get in MS kernel: [PATCH v4 0/7] Initial support for user namespace owned mounts https://lkml.org/lkml/2015/9/23/591 [PATCH v2 12/18] fs: Don't remove suid for CAP_FSETID in s_user_ns http://www.spinics.net/lists/linux-fsdevel/msg92533.html Got error while suspending/resuming file_attr test in VZ7CT: CT-102 criu# cat test/zdtm/live/static/file_attr.out 13:11:01.952: 30635: FAIL: file_attr.c:96: permissions have changed (errno = 11 (Resource temporarily unavailable)) https://jira.sw.ru/browse/PSBM-41401Signed-off-by:
Pavel Tikhomirov <ptikhomirov@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrey Ryabinin authored
Currently criu dump may hang indefinitely. E.g. in wait for task that blocked in vfork() or task could be in D state for some other reason. This patch adds time limit on collecting tasks during the dump operation. If collecting processes takes too long, the dump process will be terminated. Timeout is 5 seconds by default, but it could be changed via parameter. Signed-off-by:
Andrey Ryabinin <aryabinin@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrey Ryabinin authored
This moves cleanup code from cr_dump_tasks()/cr_pre_dump_tasks() into separte functions. No functional changes here. Signed-off-by:
Andrey Ryabinin <aryabinin@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrey Ryabinin authored
Obviously we should print pre_dump_ret value if pre-dump failed. Signed-off-by:
Andrey Ryabinin <aryabinin@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrey Ryabinin authored
Use 'goto err;' everywhere. Remove 'pstree_switch_state(root_item, TASK_ALIVE)' on error path as all collect_pstree() callers do this if collect_pstree() failed. Signed-off-by:
Andrey Ryabinin <aryabinin@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Dmitry Safonov authored
1. Use PROC_SELF instead pid as prepare_pid_* used on restore only to set value to current process. 2. Do not set default values. Signed-off-by:
Dmitry Safonov <dsafonov@odin.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Stanislav Kinsburskiy authored
Signed-off-by:
Stanislav Kinsburskiy <skinsbursky@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Stanislav Kinsburskiy authored
Signed-off-by:
Stanislav Kinsburskiy <skinsbursky@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Stanislav Kinsburskiy authored
Signed-off-by:
Stanislav Kinsburskiy <skinsbursky@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Stanislav Kinsburskiy authored
v2: Added free of original cg->path. Signed-off-by:
Stanislav Kinsburskiy <skinsbursky@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Stanislav Kinsburskiy authored
v2: Check for empty string is simplified Signed-off-by:
Stanislav Kinsburskiy <skinsbursky@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Stanislav Kinsburskiy authored
This patch brings add_to_string() and construct_string() helpers. They allow to create a string with variable amount of parameters in sprintf() manner, but supporting string allocation (and reallocation if necessary) v2: 1) Helpers were renamed to xstrcat() and xsprintf() respectively. 2) Added printf attributes to force compiler check Signed-off-by:
Stanislav Kinsburskiy <skinsbursky@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
- 18 Dec, 2015 6 commits
-
-
Tycho Andersen authored
restore_creds uses prctl, so if we block this call in the seccomp filter test, it causes things to fail (hang actually, seems we have some unhandled error path here). Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
Note that this doesn't actually fix the problem, because seccomp could block the setuid call, and since we're now restoring when the task isn't ptraced and in SECCOMP_SUSPEND mode, we can't guarantee that the seccomp filters won't be suspended. Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Tycho Andersen authored
Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrew Vagin authored
In order to restore seccomp correctly, we need to do it before restore_creds() in the restorer blob. But, if the seccomp policy forbids e.g. prctl, if the task doesn't have SUSPEND_SECCOMP set it will die when trying to restore creds. To solve this, we break attach_to_tasks up into two parts: 1. we attach and set SUSPEND_SECCOMP (but let the tasks continue normally), and then after the RESTORE_CREDS stage we 2. attach to the tasks and stop them on the final sigreturn. Signed-off-by:
Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrew Vagin authored
We call mount from one namespace and umount from another namespace, so we check that their parents are from one shared group. Signed-off-by:
Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Andrew Vagin authored
Signed-off-by:
Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-