[lxc-devel] [PATCH 2/3] c/r: escape cgroups before exec()ing criu

Serge Hallyn serge.hallyn at ubuntu.com
Wed Dec 9 03:02:57 UTC 2015


Quoting Tycho Andersen (tycho.andersen at canonical.com):
> Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>

Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

> ---
>  src/lxc/criu.c | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
> 
> diff --git a/src/lxc/criu.c b/src/lxc/criu.c
> index c0ce965..062289f 100644
> --- a/src/lxc/criu.c
> +++ b/src/lxc/criu.c
> @@ -56,6 +56,18 @@ void exec_criu(struct criu_opts *opts)
>  
>  	char buf[4096];
>  
> +	/* If we are currently in a cgroup /foo/bar, and the container is in a
> +	 * cgroup /lxc/foo, lxcfs will give us an ENOENT if some task in the
> +	 * container has an open fd that points to one of the cgroup files
> +	 * (systemd always opens its "root" cgroup). So, let's escape to the
> +	 * /actual/ root cgroup so that lxcfs thinks criu has enough rights to
> +	 * see all cgroups.
> +	 */
> +	if (!cgroup_escape()) {
> +		ERROR("failed to escape cgroups");
> +		return;
> +	}
> +
>  	/* The command line always looks like:
>  	 * criu $(action) --tcp-established --file-locks --link-remap --force-irmap \
>  	 * --manage-cgroups action-script foo.sh -D $(directory) \
> -- 
> 2.6.2
> 
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel


More information about the lxc-devel mailing list