[criu] restore/cgroup: make root task enter cgroups before setup-namespaces acs

Submitted by Pavel Tikhomirov on Oct. 31, 2017, 9:23 a.m.

Details

Message ID 20171031092331.22608-1-ptikhomirov@virtuozzo.com
State New
Series "restore/cgroup: make root task enter cgroups before setup-namespaces acs"
Headers show

Commit Message

Pavel Tikhomirov Oct. 31, 2017, 9:23 a.m.
Before these we had host cgroup roots shown in CT after c/r:
CT-9ef573e3 /# cat /proc/1/cgroup
16:ve:/
15:pids:/machine.slice/9ef573e3-f11d-43f9-9ee3-17f4e19d03e4
14:devices:/machine.slice/9ef573e3-f11d-43f9-9ee3-17f4e19d03e4
13:freezer:/machine.slice/9ef573e3-f11d-43f9-9ee3-17f4e19d03e4
12:perf_event:/machine.slice/9ef573e3-f11d-43f9-9ee3-17f4e19d03e4
11:hugetlb:/machine.slice/9ef573e3-f11d-43f9-9ee3-17f4e19d03e4
7:cpuacct,cpu:/machine.slice/9ef573e3-f11d-43f9-9ee3-17f4e19d03e4
6:net_prio,net_cls:/machine.slice/9ef573e3-f11d-43f9-9ee3-17f4e19d03e4
4:name=systemd:/9ef573e3-f11d-43f9-9ee3-17f4e19d03e4
3:beancounter:/
2:memory:/
1:blkio:/machine.slice/9ef573e3-f11d-43f9-9ee3-17f4e19d03e4

https://jira.sw.ru/browse/PSBM-64756

Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
---
 criu/cr-restore.c | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

Patch hide | download patch | download mbox

diff --git a/criu/cr-restore.c b/criu/cr-restore.c
index eb9f50d8f..af9df5620 100644
--- a/criu/cr-restore.c
+++ b/criu/cr-restore.c
@@ -1617,20 +1617,29 @@  static int restore_task_with_children(void *_arg)
 			goto err;
 	}
 
-	/* Wait prepare_userns */
-	if (current->parent == NULL &&
-			restore_finish_ns_stage(CR_STATE_ROOT_TASK, CR_STATE_PREPARE_NAMESPACES) < 0)
-		goto err;
-
 	/*
 	 * Call this _before_ forking to optimize cgroups
 	 * restore -- if all tasks live in one set of cgroups
 	 * we will only move the root one there, others will
 	 * just have it inherited.
+	 *
+	 * Call this _before_ CR_STATE_PREPARE_NAMESPACES so
+	 * that setup-namespaces action script is called then
+	 * the root task is already in all it's cgroups. We
+	 * need it as we write START to ve cgroup from these
+	 * action script, and these initializes ve cgroup.
+	 * In it's turn these initialization sets CGRP_VE_ROOT
+	 * bits on each cgroup of init task, so that we know
+	 * that they are root.
 	 */
 	if (prepare_task_cgroup(current) < 0)
 		goto err;
 
+	/* Wait prepare_userns */
+	if (current->parent == NULL &&
+			restore_finish_ns_stage(CR_STATE_ROOT_TASK, CR_STATE_PREPARE_NAMESPACES) < 0)
+		goto err;
+
 	/* Restore root task */
 	if (current->parent == NULL) {
 		if (fdstore_init())