Create bind mount mountpoints during restore#1968
Create bind mount mountpoints during restore#1968crosbymichael merged 2 commits intoopencontainers:masterfrom
Conversation
|
Any other comments? From my point of view |
|
LGTM |
|
@rst0git I just pushed one more commit which now also creates /proc and /sys on restore just as they are created during initial container creation. With this your migration test from containers/podman#2272 should now work. |
|
@adrianreber I can confirm that the new commit resolves the issue, but is there a more generic solution, rather than specifying |
Not sure, I just tried to do the same as in |
This patch set will look good to me when you fix this issue. Thanks! |
|
@avagin Thanks for your feedback. |
During rootfs setup all mountpoints (directory and files) are created before bind mounting the bind mounts. This does not happen during container restore via CRIU. If restoring in an identical but newly created rootfs, the restore fails right now. This just factors out the code to create the bind mount mountpoints so that it also can be used during restore. Signed-off-by: Adrian Reber <areber@redhat.com>
runc creates all missing mountpoints when it starts a container, this commit also creates those mountpoints during restore. Now it is possible to restore a container using the same, but newly created rootfs just as during container start. Signed-off-by: Adrian Reber <areber@redhat.com>
|
Updated and force pushed. This time mountpoints for all type of mounts are created during restore (just as during creation), but this time no mountpoints are made if the are overmounted by tmpfs. |
|
Any comments for someone else? |
|
Can I get two more reviews to get this merged if ready? |
|
Any more comments from reviewers for this? |
|
LGTM |
|
@opencontainers/runc-maintainers ptal. |
|
LGTM |
| func isPathInPrefixList(path string, prefix []string) bool { | ||
| for _, p := range prefix { | ||
| if strings.HasPrefix(path, p+"/") { | ||
| return false |
There was a problem hiding this comment.
According to the function name, it has to return true in this cases, doesn't it?
This includes an improved fix for CVE-2019-5736 to reduce the increased memory-consumption introduced by the original patch, RHEL 7.6 getting into a loop due to a kernel bug in those kernels, and improve compatibility with older kernels. changes included: - opencontainers/runc#1973 Vendor opencontainers/runtime-spec 29686dbc - opencontainers/runc#1978 Remove detection for scope properties, which have always been broken - opencontainers/runc#1963 Vendor in go-criu and use it for CRIU's RPC definition - opencontainers/runc#1995 exec: expose --preserve-fds - opencontainers/runc#2000 fix preserve-fds flag may cause runc hang - opencontainers/runc#1968 Create bind mount mountpoints during restore - opencontainers/runc#1984 nsenter: cloned_binary: "memfd" cleanups Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This includes an improved fix for CVE-2019-5736 to reduce the increased memory-consumption introduced by the original patch, RHEL 7.6 getting into a loop due to a kernel bug in those kernels, and improve compatibility with older kernels. changes included: - opencontainers/runc#1973 Vendor opencontainers/runtime-spec 29686dbc - opencontainers/runc#1978 Remove detection for scope properties, which have always been broken - opencontainers/runc#1963 Vendor in go-criu and use it for CRIU's RPC definition - opencontainers/runc#1995 exec: expose --preserve-fds - opencontainers/runc#2000 fix preserve-fds flag may cause runc hang - opencontainers/runc#1968 Create bind mount mountpoints during restore - opencontainers/runc#1984 nsenter: cloned_binary: "memfd" cleanups Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit b8d40b3) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This includes an improved fix for CVE-2019-5736 to reduce the increased memory-consumption introduced by the original patch, RHEL 7.6 getting into a loop due to a kernel bug in those kernels, and improve compatibility with older kernels. changes included: - opencontainers/runc#1973 Vendor opencontainers/runtime-spec 29686dbc - opencontainers/runc#1978 Remove detection for scope properties, which have always been broken - opencontainers/runc#1963 Vendor in go-criu and use it for CRIU's RPC definition - opencontainers/runc#1995 exec: expose --preserve-fds - opencontainers/runc#2000 fix preserve-fds flag may cause runc hang - opencontainers/runc#1968 Create bind mount mountpoints during restore - opencontainers/runc#1984 nsenter: cloned_binary: "memfd" cleanups Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit b8d40b3) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
runc creates all bind mount mountpoints when it starts a container, this commit also creates those mountpoints during restore. Now it is possible to restore a container using the same, but newly created rootfs just as during container start.
Additionally this PR wires the CRIU option
--ext-mount-map autothrough to make it available during container restore usingrunc restore --autodetect-external-mounts.These changes are necessary for containers/podman#1618
CC: @avagin, @rst0git this are some of the necessary changes as described on the mailing list