[lxc-devel] [PATCH 2/3] c/r: escape cgroups before exec()ing criu
Serge Hallyn
serge.hallyn at ubuntu.com
Wed Dec 9 03:02:57 UTC 2015
Quoting Tycho Andersen (tycho.andersen at canonical.com):
> Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> ---
> src/lxc/criu.c | 12 ++++++++++++
> 1 file changed, 12 insertions(+)
>
> diff --git a/src/lxc/criu.c b/src/lxc/criu.c
> index c0ce965..062289f 100644
> --- a/src/lxc/criu.c
> +++ b/src/lxc/criu.c
> @@ -56,6 +56,18 @@ void exec_criu(struct criu_opts *opts)
>
> char buf[4096];
>
> + /* If we are currently in a cgroup /foo/bar, and the container is in a
> + * cgroup /lxc/foo, lxcfs will give us an ENOENT if some task in the
> + * container has an open fd that points to one of the cgroup files
> + * (systemd always opens its "root" cgroup). So, let's escape to the
> + * /actual/ root cgroup so that lxcfs thinks criu has enough rights to
> + * see all cgroups.
> + */
> + if (!cgroup_escape()) {
> + ERROR("failed to escape cgroups");
> + return;
> + }
> +
> /* The command line always looks like:
> * criu $(action) --tcp-established --file-locks --link-remap --force-irmap \
> * --manage-cgroups action-script foo.sh -D $(directory) \
> --
> 2.6.2
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
More information about the lxc-devel
mailing list