CR in namespace

Revision as of 17:58, 24 August 2016 by Xemul (talk | contribs) (Created page with "This page describes the criu-ns script that has appeared in criu-dev branch after 2.5 and is aimed at 2.6. == Problem == When restoring a process tree without namespaces (i....")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This page describes the criu-ns script that has appeared in criu-dev branch after 2.5 and is aimed at 2.6.

Problem

When restoring a process tree without namespaces (i.e. -- into the namespaces in which criu lives) one may frequently hit a "pid mismatch" problem. It is when a process we'd like to restore has a PID which is already owned by some other process living in this pid-namespace. There's no way one can restore a process tree in this namespace, so the only solution is to unshare the new pid namespace and restore the tree into it.

When doing so we have two problems

  1. In the new pid namespace someone has to become the "init" process
  2. In the new pid namespace we'd need to have new /proc mount which implies unsharing the mount namespace as well

And even if one solves the above problems, there will appear the third one -- when trying to dump the restore process tree again criu will likely refuse to dump the mount namespace, as it will be a complete clone of the original one and thus would likely contain many many unsupported mounts such as real devices, securityfs, trace/debug-fs etc. The latter can still be solved by nsenter-ing the process' pid and mount namespaces and doing the dump.

Solution

All of the above -- the need to unshare stuff, getting pseudo-init, re-mounting /proc on dump and setns-ing on restore -- is solved by the scripts/criu-ns script. Just replace running one instead of regular criu run would do all of this, there's no need in doing anything with the CLI options, the API is fully compatible.

Known issues

  1. The shell jobs are not supported
  2. The swrk mode is not supported
  3. Only the dump and restore is supported, so no Incremental dumps possible yet