- 09 Mar, 2016 1 commit
-
-
Svyatoslav Vlasov authored
Add new action script tmp-files.sh, which allows user to add files that can be lost between checkpoint and restore to the dump. User files are stored in .tar.gz archive. Tar command does all the file paths and attributes related work. Fixes #65 Signed-off-by:
Svyatoslav Vlasov <svloyso@gmail.com> Signed-off-by:
Eugene Batalov <eabatalov89@gmail.com> Signed-off-by:
Pavel Emelyanov <xemul@virtuozzo.com>
-
- 07 Mar, 2016 1 commit
-
-
Pavel Emelyanov authored
So, here it is. We planned not only to re-shuffle the code, but also to provide compel thing to people, but have only managed to do the former. OK, the compel then would go in 2.1 :) But, we also change the dev-n-release model, so from now on we have 2 branches and release stable one every month to show new stuff earlier. Have fun! Signed-off-by:
-
- 06 Mar, 2016 2 commits
-
-
Andrew Vagin authored
otherwise this mount will not be propagated into non-existant mounts Signed-off-by:
Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
-
Tycho Andersen authored
We could do the math on the consuming side (and indeed, I tried), but it seems much cleaner to just not include this in the first place so that all consumers of it don't need to do the same thing. Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
-
- 04 Mar, 2016 2 commits
-
-
Tycho Andersen authored
As the comment says, we don't need to restore speical cpuset props twice, and indeed it can cause the restore to fail, e.g.: (00.092356) Error (cgroup.c:1240): cg: Failed writing 0-3 to cpuset//lxc/centoss/cpuset.cpus (00.582490) 18: Error (cgroup.c:1009): cg: Can't move 18 into systemd//lxc/centos/system.slice/systemd-journald.service/tasks (-1/-1): No such file or directory (00.582497) 18: Error (cgroup.c:1124): cg: Can't move into systemd//lxc/centos/system.slice/systemd-journald.service/tasks (-1/-1): No such file or directory (00.582567) 43: Error (cgroup.c:1009): cg: Can't move 43 into systemd//lxc/centos/system.slice/console-getty.service/tasks (-1/-1): No such file or directory (00.582573) 43: Error (cgroup.c:1124): cg: Can't move into systemd//lxc/centos/system.slice/console-getty.service/tasks (-1/-1): No such file or directory (00.582886) 1: Error (cr-restore.c:1306): 18 exited, status=1 (00.594670) Error (cr-restore.c:1308): 7906 killed by signal 9 (00.623099) Error (cr-restore.c:2138): Restoring FAILED. Signed-off-by:
-
Tycho Andersen authored
The errno here is useful information for debugging, we should also print it. Signed-off-by:
-
- 03 Mar, 2016 16 commits
-
-
Tycho Andersen authored
Instead of all the flags and checks in dump_task_cgroup, let's just collect every new non-criu cgset. Signed-off-by:
-
Andrew Vagin authored
Signed-off-by:
Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by:
-
Pavel Emelyanov authored
The call to unshare(CLONE_NEWCGROUP) is done unconditionally in prepare_cgns(), which is wrong -- some detection of the fact that we have this ns should be there. This detection (as I see it) -- is whether we've found at least one cgroup with cgns prefix. Signed-off-by: -
Andrew Vagin authored
The current code doesn't work becuase ghost files and directories have different formats. ghost directories are created from a root task, but they are cleaned up from the criu process, so reg_file_info is allocated from shared memory and is_dir is added into it. Fixes #120 Signed-off-by:
-
Andrew Vagin authored
I suggest to inject a fault and than try to execute the same command again without a fault to check that it will complete successfully. v2: skip a parasite blob when we are checking vma-s v3: remove a loop for two iterations v4: clean up v5: call fault hooks from one place Signed-off-by:
-
Tycho Andersen authored
Before we were unshare(CLONE_NEWCGROUP)ing in a child task, which meant that we couldn't c/r this test once we forbid nested cgroup namespaces. Instead, use a new strategy for testing cgroup namespaces: set up the namespace before forking the test task so there is no nesting, and then do a setns back to init's ns to check the cgroup namespace of the test. This doesn't work in the 'ns' flavor because init in the test's pid ns is the test itself. There is a bit of a chicken and egg problem here, though, because if we set it up after test_init(), we can't unshare because that would be a nested cgroup ns. Signed-off-by:
-
Tycho Andersen authored
Signed-off-by:
-
Tycho Andersen authored
Signed-off-by:
-
Tycho Andersen authored
Because we don't support nested cgroup namespaces, we can just grab the cgns prefixes from the root cgset's prefix list. This means we only have to query one task for its cgroup file, instead of potentially each of them. Signed-off-by:
-
Tycho Andersen authored
Basically, instead of --cgroup-root replacing the actual root, when a cgns is present, it just replaces the namespace prefix. See patch comments for details. Signed-off-by:
-
Tycho Andersen authored
We rely on the synchronous-ness of the behavior because we assume that the task is in all the right cgroups when forking its children. If it's not, and the child has the same cgroups as its parent but not all the moves are done, it might end up in /. Signed-off-by:
-
Pavel Emelyanov authored
Signed-off-by: -
Tycho Andersen authored
These flags are restored differently, so let's not make extra namespaces where we don't need them. Signed-off-by:
-
Tycho Andersen authored
Instead of doing all the work in collect_cgroup() to figure out whether or not we've collected this cgroup already, let's only call it if we created a new cgset in the first place. Signed-off-by:
-
Tycho Andersen authored
After some discussion with Serge Hallyn, it seems that the current implementation of cgroup namespaces doesn't really support nesting. It's not a quick fix, so let's disable this for now (not that it matters, since probably nobody is nesting these anyways right now :) Signed-off-by:
-
Tycho Andersen authored
b428a3a2 allows dumping containers with multi-headed freezer cgroups, but we can't restore these containers without some help at restore time too. Signed-off-by:
-
- 02 Mar, 2016 3 commits
-
-
Pavel Emelyanov authored
When working with mntns, the absolute path in parent symlink will not be open-able on restore. However, completely banning this case is not good. Affects #116 Signed-off-by:
Pavel Emelyanov <xemul@parallels.com> Signed-off-by:
-
Dmitry Safonov authored
nr_gotpcrel is the last variable which name we can't set with piegen's option. Let's introduce option for that. It will help for including two generated blobs simultaneously. Cc: Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by:
Dmitry Safonov <dsafonov@virtuozzo.com> Acked-by:
-
Andrew Vagin authored
Signed-off-by:
-
- 01 Mar, 2016 8 commits
-
-
Tycho Andersen authored
Travis uses cpusets in such a way [1] that we can't actually write to cpuset.cpu_exclusive ever, so none of these tests will work. They'll still work in jenkins, though, so disabling them is probably ok. Closes #118 [1]: https://github.com/travis-ci/worker/blob/master/backend/docker.go#L66Signed-off-by:
-
Tycho Andersen authored
Some libcs buffer writes to FILE*, which means that we error on fclose instead of write, which makes it hard to figure out what property actually failed writing. Also shorten the error path a bit. Hopefully this patch will help with debugging #118 Signed-off-by:
Andrew Vagin <avagin@openvz.org> Signed-off-by:
-
Andrew Vagin authored
*** CID 158458: Memory - corruptions (NEGATIVE_RETURNS) /criu/pie/parasite.c: 321 in get_proc_fd() 315 316 ret = sys_readlinkat(AT_FDCWD, "/proc/self", buf, sizeof(buf)); 317 if (ret < 0 && ret != -ENOENT) { 318 pr_err("Can't readlink /proc/self (%d)\n", ret); 319 return ret; 320 } >>> CID 158458: Memory - corruptions (NEGATIVE_RETURNS) >>> Using variable "ret" as an index to array "buf". 321 buf[ret] = 0; 322 323 /* Fast path -- if /proc belongs to this pidns */ 324 if (pie_atoi(buf) == sys_getpid()) 325 return sys_open("/proc", O_RDONLY, 0); 326 Signed-off-by: -
Andrew Vagin authored
*** CID 158459: Uninitialized variables (UNINIT) /criu/proc_parse.c: 2218 in parse_task_cgroup() 2212 2213 int parse_task_cgroup(int pid, struct parasite_dump_cgroup_args *args, struct list_head *retl, unsigned int *n) 2214 { 2215 FILE *f; 2216 int ret; 2217 LIST_HEAD(internal); >>> CID 158459: Uninitialized variables (UNINIT) >>> Declaring variable "n_internal" without initializer. 2218 unsigned int n_internal; 2219 struct cg_ctl *intern, *ext; 2220 2221 f = fopen_proc(pid, "cgroup"); 2222 if (!f) { 2223 pr_perror("couldn't open task cgroup file"); ** CID 158458: Memory - corruptions (NEGATIVE_RETURNS) /criu/pie/parasite.c: 321 in get_proc_fd() Signed-off-by: -
Tycho Andersen authored
The restore process uses these modules as well, so let's modprobe them. This prevents: (00.217856) 1: Running ip rule delete (00.218970) 1: Running ip rule delete (00.220059) 1: Running ip rule delete (00.221695) 1: Running ip rule restore (00.223068) 1: Running iptables-restore for iptables-restore (00.439385) 1: Running ip6tables-restore for ip6tables-restore modprobe: ERROR: could not insert 'ip6_tables': Operation not permitted ip6tables-restore v1.6.0: ip6tables-restore: unable to initialize table 'filter' Error occurred at line: 2 Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information. Signed-off-by:
-
Tycho Andersen authored
Signed-off-by:
-
Andrew Vagin authored
Signed-off-by:
-
Cyrill Gorcunov authored
When we run "make install" the python's setup script prepares all directories for modules but if we need to run crit from the source tree without its install then we fall in trouble because python doesn't know where the fetch pycriu from. Thus simply provide the symlink to the modules emulating that instalation complete. Note this is for developers conveniency only because for end users "make install" always must has place. Reported-by:
-
- 29 Feb, 2016 7 commits
-
-
Tycho Andersen authored
At one point in the cgns patchsets I had removed this, but somehow it got lost in the shuffle. Since we support this now, let's remove this restriction. Signed-off-by:
-
Tycho Andersen authored
Signed-off-by:
-
Andrey Ryabinin authored
We don't have a way to dump proccess blocked in vfork(), hence mark this test as expected to fail. Signed-off-by:
Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
-
Andrey Ryabinin authored
execlp() fails when we run vfork00 test inside namespace because we don't have '/bin/true' there. Instead of execlp() in vfork-child we can just _exit(). Signed-off-by:
-
Andrey Vagin authored
$ echo test//home/avagin/git/criu test//home/avagin/git/criu v2: use double quotes to run pwd Signed-off-by:
-
Tycho Andersen authored
Consider the case where --freeze-cgroup=/lxc/foo, but (e.g. with systemd in lxc), all of the tasks actually live in a set of sub cgroups, e.g. /lxc/foo/init.scope and others. In this case, we will have a multi-headed controller, since there is nothing in the common parent. We should just save the freezer value in all of these heads instead of failing. Note that this doesn't address the larger problem that only the top level freezer.state file is c/r'd, or waht happens when the container itself has frozen tasks but not at the top level. After some discussion, there is no nice way to atomically test-and-set the cgroup freezer, so we'll need some other kernel help. But I'll ignore this for now :) Signed-off-by:
-
Pavel Emelyanov authored
Signed-off-by:
-
