-
Andrei Vagin authored
Starting with iptables 1.6.2, we have to use the --wait option, but it doesn't work properly with userns, because in this case, we don't have enough rights to open /run/xtables.lock. (00.174703) 1: Running iptables-restore -w for iptables-restore -w Fatal: can't open lock file /run/xtables.lock: Permission denied (00.192058) 1: Error (criu/util.c:842): exited, status=4 (00.192080) 1: Error (criu/net.c:1738): iptables-restore -w failed (00.192088) 1: Error (criu/net.c:2389): Can't create net_ns (00.192131) 1: Error (criu/util.c:1567): Can't wait or bad status: errno=0, status=65280 This patch workarounds this problem by mounting tmpfs into /run. Net namespaces are restored in a separate process, so we can create a new mount namespace and create new mounts. https://github.com/checkpoint-restore/criu/issues/469 Cc: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> Cc: Kirill Tkhai <ktkhai@virtuozzo.com> Signed-off-by:
Andrei Vagin <avagin@openvz.org> Signed-off-by:
Andrei Vagin <avagin@virtuozzo.com>
2af17257
