[RESEND,v1,55/55] ns: Nested pid_ns support

Submitted by Kirill Tkhai on March 24, 2017, 3:17 p.m.

Details

Message ID 149036865925.23093.16654592976142490342.stgit@localhost.localdomain
State New
Series "Nested pid namespaces support"
Headers show

Commit Message

Kirill Tkhai March 24, 2017, 3:17 p.m.
Allow nested pid_ns, but turn restoring of pgid and sid off for the cases,
when there are child pid namespaces. This functionality will be realized
by Pavel Tikhomirov, he is working on that.

Also, current criu has a problem with restoring tun if nested net namespaces
exist. See my letter "[net_ns] Problem of restoring tun in nested net namespace".
So, I've turned tun test off for a while.

Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
---
 criu/cr-restore.c         |    5 +++++
 criu/include/namespaces.h |    2 +-
 criu/pstree.c             |    2 ++
 test/zdtm/static/tun.desc |    2 +-
 4 files changed, 9 insertions(+), 2 deletions(-)

Patch hide | download patch | download mbox

diff --git a/criu/cr-restore.c b/criu/cr-restore.c
index bb5abd70..8bb045b3 100644
--- a/criu/cr-restore.c
+++ b/criu/cr-restore.c
@@ -1263,6 +1263,8 @@  static void restore_sid(void)
 {
 	pid_t sid;
 
+	if (!list_empty(&top_pid_ns->children))
+		return;
 	/*
 	 * SID can only be reset to pid or inherited from parent.
 	 * Thus we restore it right here to let our kids inherit
@@ -1306,6 +1308,9 @@  static void restore_pgid(void)
 
 	pid_t pgid, my_pgid = last_level_pid(current->pgid);
 
+	if (!list_empty(&top_pid_ns->children))
+		return;
+
 	pr_info("Restoring %d to %d pgid\n", vpid(current), my_pgid);
 
 	pgid = getpgrp();
diff --git a/criu/include/namespaces.h b/criu/include/namespaces.h
index d8126eb5..068d9e66 100644
--- a/criu/include/namespaces.h
+++ b/criu/include/namespaces.h
@@ -39,7 +39,7 @@ 
 #define CLONE_ALLNS	(CLONE_NEWPID | CLONE_NEWNET | CLONE_NEWIPC | CLONE_NEWUTS | CLONE_NEWNS | CLONE_NEWUSER | CLONE_NEWCGROUP)
 
 /* Nested namespaces are supported only for these types */
-#define CLONE_SUBNS	(CLONE_NEWNS | CLONE_NEWNET | CLONE_NEWUSER)
+#define CLONE_SUBNS	(CLONE_NEWNS | CLONE_NEWNET | CLONE_NEWUSER | CLONE_NEWPID)
 
 #define MAX_NS_NESTING	32
 #define EXTRA_SIZE	20
diff --git a/criu/pstree.c b/criu/pstree.c
index 09a7ac8c..f3492010 100644
--- a/criu/pstree.c
+++ b/criu/pstree.c
@@ -858,6 +858,8 @@  static int prepare_pstree_ids(void)
 	struct pstree_item *item, *child, *helper, *tmp;
 	LIST_HEAD(helpers);
 
+	if (!list_empty(&top_pid_ns->children))
+		return 0;
 	pid_t current_pgid = getpgid(getpid());
 
 	/*
diff --git a/test/zdtm/static/tun.desc b/test/zdtm/static/tun.desc
index 8c7cfe86..eac32c2d 100644
--- a/test/zdtm/static/tun.desc
+++ b/test/zdtm/static/tun.desc
@@ -1 +1 @@ 
-{'flavor': 'ns uns', 'flags': 'suid', 'feature': 'tun'}
+{'flavor': 'ns uns', 'flags': 'suid noauto', 'feature': 'tun'}

Comments

Andrey Vagin March 27, 2017, 6:08 p.m.
On Fri, Mar 24, 2017 at 06:17:39PM +0300, Kirill Tkhai wrote:
> Allow nested pid_ns, but turn restoring of pgid and sid off for the cases,
> when there are child pid namespaces. This functionality will be realized
> by Pavel Tikhomirov, he is working on that.

Pavel implements restore of a processes tree with additional
sub-reapers. I don't understand why we can't set sid and group, if we
have a whole tree (when all session leaders are alive)

> 
> Also, current criu has a problem with restoring tun if nested net namespaces
> exist. See my letter "[net_ns] Problem of restoring tun in nested net namespace".
> So, I've turned tun test off for a while.

I don't understand why we have to disable it. This test doesn't create
nested network namespace and it works now. How does this series affect
it?

> 
> Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
> ---
>  criu/cr-restore.c         |    5 +++++
>  criu/include/namespaces.h |    2 +-
>  criu/pstree.c             |    2 ++
>  test/zdtm/static/tun.desc |    2 +-
>  4 files changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/criu/cr-restore.c b/criu/cr-restore.c
> index bb5abd70..8bb045b3 100644
> --- a/criu/cr-restore.c
> +++ b/criu/cr-restore.c
> @@ -1263,6 +1263,8 @@ static void restore_sid(void)
>  {
>  	pid_t sid;
>  
> +	if (!list_empty(&top_pid_ns->children))
> +		return;
>  	/*
>  	 * SID can only be reset to pid or inherited from parent.
>  	 * Thus we restore it right here to let our kids inherit
> @@ -1306,6 +1308,9 @@ static void restore_pgid(void)
>  
>  	pid_t pgid, my_pgid = last_level_pid(current->pgid);
>  
> +	if (!list_empty(&top_pid_ns->children))
> +		return;
> +
>  	pr_info("Restoring %d to %d pgid\n", vpid(current), my_pgid);
>  
>  	pgid = getpgrp();
> diff --git a/criu/include/namespaces.h b/criu/include/namespaces.h
> index d8126eb5..068d9e66 100644
> --- a/criu/include/namespaces.h
> +++ b/criu/include/namespaces.h
> @@ -39,7 +39,7 @@
>  #define CLONE_ALLNS	(CLONE_NEWPID | CLONE_NEWNET | CLONE_NEWIPC | CLONE_NEWUTS | CLONE_NEWNS | CLONE_NEWUSER | CLONE_NEWCGROUP)
>  
>  /* Nested namespaces are supported only for these types */
> -#define CLONE_SUBNS	(CLONE_NEWNS | CLONE_NEWNET | CLONE_NEWUSER)
> +#define CLONE_SUBNS	(CLONE_NEWNS | CLONE_NEWNET | CLONE_NEWUSER | CLONE_NEWPID)
>  
>  #define MAX_NS_NESTING	32
>  #define EXTRA_SIZE	20
> diff --git a/criu/pstree.c b/criu/pstree.c
> index 09a7ac8c..f3492010 100644
> --- a/criu/pstree.c
> +++ b/criu/pstree.c
> @@ -858,6 +858,8 @@ static int prepare_pstree_ids(void)
>  	struct pstree_item *item, *child, *helper, *tmp;
>  	LIST_HEAD(helpers);
>  
> +	if (!list_empty(&top_pid_ns->children))
> +		return 0;
>  	pid_t current_pgid = getpgid(getpid());
>  
>  	/*
> diff --git a/test/zdtm/static/tun.desc b/test/zdtm/static/tun.desc
> index 8c7cfe86..eac32c2d 100644
> --- a/test/zdtm/static/tun.desc
> +++ b/test/zdtm/static/tun.desc
> @@ -1 +1 @@
> -{'flavor': 'ns uns', 'flags': 'suid', 'feature': 'tun'}
> +{'flavor': 'ns uns', 'flags': 'suid noauto', 'feature': 'tun'}
>
Kirill Tkhai March 28, 2017, 9:59 a.m.
On 27.03.2017 21:08, Andrei Vagin wrote:
> On Fri, Mar 24, 2017 at 06:17:39PM +0300, Kirill Tkhai wrote:
>> Allow nested pid_ns, but turn restoring of pgid and sid off for the cases,
>> when there are child pid namespaces. This functionality will be realized
>> by Pavel Tikhomirov, he is working on that.
> 
> Pavel implements restore of a processes tree with additional
> sub-reapers. I don't understand why we can't set sid and group, if we
> have a whole tree (when all session leaders are alive)

If session leaders are alive, it's not guaranteed, we can restore a tree
without subreapers. I disabled restore_before_setsid, because I want to minimize
number of dependencies in task creation order. Dependencies simply give deadlocks.

The only dependence remaining is INIT_PID of a pid_ns must be created before
other tasks from this namespace. But they may be sorted wrong in parent->children.
It's a problem, and I do not solve it in any way, because it's one of the problems,
which are being solved by Pavel at the moment.

>>
>> Also, current criu has a problem with restoring tun if nested net namespaces
>> exist. See my letter "[net_ns] Problem of restoring tun in nested net namespace".
>> So, I've turned tun test off for a while.
> 
> I don't understand why we have to disable it. This test doesn't create
> nested network namespace and it works now. How does this series affect
> it?

Patch "[PATCH RESEND v1 06/55] net: Do not change net_ns of root_item in create_net_ns()"
pops up a problem I talked you in "[net_ns] Problem of restoring tun in nested net namespace".

I disabled tun in the end of the series just to not a create a separate patch for that.
If it s more clear, I may disable the test in [6/55] in next version.
 
>>
>> Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
>> ---
>>  criu/cr-restore.c         |    5 +++++
>>  criu/include/namespaces.h |    2 +-
>>  criu/pstree.c             |    2 ++
>>  test/zdtm/static/tun.desc |    2 +-
>>  4 files changed, 9 insertions(+), 2 deletions(-)
>>
>> diff --git a/criu/cr-restore.c b/criu/cr-restore.c
>> index bb5abd70..8bb045b3 100644
>> --- a/criu/cr-restore.c
>> +++ b/criu/cr-restore.c
>> @@ -1263,6 +1263,8 @@ static void restore_sid(void)
>>  {
>>  	pid_t sid;
>>  
>> +	if (!list_empty(&top_pid_ns->children))
>> +		return;
>>  	/*
>>  	 * SID can only be reset to pid or inherited from parent.
>>  	 * Thus we restore it right here to let our kids inherit
>> @@ -1306,6 +1308,9 @@ static void restore_pgid(void)
>>  
>>  	pid_t pgid, my_pgid = last_level_pid(current->pgid);
>>  
>> +	if (!list_empty(&top_pid_ns->children))
>> +		return;
>> +
>>  	pr_info("Restoring %d to %d pgid\n", vpid(current), my_pgid);
>>  
>>  	pgid = getpgrp();
>> diff --git a/criu/include/namespaces.h b/criu/include/namespaces.h
>> index d8126eb5..068d9e66 100644
>> --- a/criu/include/namespaces.h
>> +++ b/criu/include/namespaces.h
>> @@ -39,7 +39,7 @@
>>  #define CLONE_ALLNS	(CLONE_NEWPID | CLONE_NEWNET | CLONE_NEWIPC | CLONE_NEWUTS | CLONE_NEWNS | CLONE_NEWUSER | CLONE_NEWCGROUP)
>>  
>>  /* Nested namespaces are supported only for these types */
>> -#define CLONE_SUBNS	(CLONE_NEWNS | CLONE_NEWNET | CLONE_NEWUSER)
>> +#define CLONE_SUBNS	(CLONE_NEWNS | CLONE_NEWNET | CLONE_NEWUSER | CLONE_NEWPID)
>>  
>>  #define MAX_NS_NESTING	32
>>  #define EXTRA_SIZE	20
>> diff --git a/criu/pstree.c b/criu/pstree.c
>> index 09a7ac8c..f3492010 100644
>> --- a/criu/pstree.c
>> +++ b/criu/pstree.c
>> @@ -858,6 +858,8 @@ static int prepare_pstree_ids(void)
>>  	struct pstree_item *item, *child, *helper, *tmp;
>>  	LIST_HEAD(helpers);
>>  
>> +	if (!list_empty(&top_pid_ns->children))
>> +		return 0;
>>  	pid_t current_pgid = getpgid(getpid());
>>  
>>  	/*
>> diff --git a/test/zdtm/static/tun.desc b/test/zdtm/static/tun.desc
>> index 8c7cfe86..eac32c2d 100644
>> --- a/test/zdtm/static/tun.desc
>> +++ b/test/zdtm/static/tun.desc
>> @@ -1 +1 @@
>> -{'flavor': 'ns uns', 'flags': 'suid', 'feature': 'tun'}
>> +{'flavor': 'ns uns', 'flags': 'suid noauto', 'feature': 'tun'}
>>