zdtm: enable mounts-v2 on restore with --mounts-v2 optionTemporary disable bind-mount-unix test as it is unsupported in mounts-v2.
https://jira.sw.ru/browse/PSBM-58617
v3: fix nits
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
zdtm: remove external sharing check from mnt_ext_sharingWith mounts-v2 it is unsupported. If there is an external sharing between
container and the host mounts mounted in container will propagate to host. This
is likely not what we want.
https://jira.sw.ru/browse/PSBM-58617
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
mount: add new mounts-v2 engineDesign of mounts-v2:
New function prepare_mnt_ns_v2 is our main entry point.
- First we do pre-namespace work.
We classify mounts in groups by (shared_id, master_id) in new
resolve_shared_mounts_v2.
We walk the mount tree and mount each mount in plain mountpoint not in
mount tree but as a sub-directory of root_yard_mp. New can_mount_now_v2
only prohibits mounting external bind...
mount: add plain mountpointsThis is a preparation of mounts-v2 new algorithm for mount restore, we
add an alternative mountpoints to each mount, so that if we mount mounts
in these mountpoints they will be "plain": each mount in separate
sub-directory of root_yard, mounts will be mounted without tree. Tree
reconstruction will be done in separate step.
Also rename parse_options to parse_autofs_options, to remove collision...
config/rpc: add new option --mounts-v2 to enable new engine for mountsWith use of virtuozzo kernel hacks we can make mount restore more
reliable, see full description in next patches.
https://jira.sw.ru/browse/PSBM-58617
v3: fix nits
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
files-reg: teach create_spfs and open_remap_spfs_linked to work with mountsWhile mounts-v2 mounts all mounts plain without tree in service mntns we can't
just use path relative to mntns to find remap. Make it mount related, it is
also compatible with mounts-v1.
I doubt that open_remap_spfs_linked was right before this, because it calls
spfs_remap_path with "link_remap + root_len + strlen(mi->ns_mountpoint)" where
link_remap is a path for rrfi and mi is a mountpoint f...
files-reg: teach clean_one_remap to work with plain mountsWhile mounts-v2 mounts all mounts plain without tree in service mntns we can't
just use path relative to mntns to find remap. Make it mount related, it is
also compatible with mounts-v1.
Also we don't need openat unlinkat here as we opened rmntns_root just before
that, lets switch to "non-at" variants.
https://jira.sw.ru/browse/PSBM-58617
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozz...
files-reg: teach create_ghost to work with plain mountsWhile mounts-v2 mounts all mounts plain without tree in service mntns we can't
just use path relative to mntns to find remap. Make it mount related, it is
also compatible with mounts-v1.
Also handle no-mntns case separately in nomntns_create_ghost.
https://jira.sw.ru/browse/PSBM-58617
v3: fix possible buffer overflow in create_ghost
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
mount: add service_mountpoint getter for ->mountpointThis getter should be used when we wan't to access the mount on the filesystem.
In next patches we want to be able to change the location of the mount on
restore in service mount namespace, while not changing ->mountpoint string.
All places where we don't want to access the mount but instead want to
determine relations between mounts in the initial mount tree or just print path
should use ns_mo...
mount: use ns_mountpoint instead of mountpoint where possibleOn dump ->mountpoint and ->ns_mountpoint is the same, but on restore
->mountpoint can be changed by plain mount tree setup and remap (and who knows
what else =) ). It is not good to use ->mountpoint for path comparison between
mounts if we are not explictly need to compare "changed" paths. Imagine the
remap change will make two mounts have different prefixes in ->mountpoint and
we won't be able...
mount: use ns_mountpoint in mnt_depthFunction mnt_depth is only used on real mounts when building mount tree for
single namespace, thats why we can compare those mounts with ns_mountpoint
safely.
https://jira.sw.ru/browse/PSBM-58617
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
mount: use ns_mountpoint in aufs_parseAt this point ns_mountpoint is equal to mountpoint.
https://jira.sw.ru/browse/PSBM-58617
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
mount: use ns_mountpoint in collect_mntinfoAt this point ns_mountpoint is equal to mountpoint.
https://jira.sw.ru/browse/PSBM-58617
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
mount: use ns_mountpoint in mnt_get_sibling_path for relative pathNeed to prohibit parent to be root_yard_mp, it's ok because we want sibling
path, only if our parent is real mount.
Also while on it instead of comparing mountpoints compare mountinfos, and fix
comment.
https://jira.sw.ru/browse/PSBM-58617
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
mount: use ns_mountpoint for children-overmount checkThe result of strcmp will be equal for mountpoints and ns_mountpoints.
https://jira.sw.ru/browse/PSBM-58617
igned-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
mount: use ns_mountpoint in root_path_from_parentFail root_path_from_parent if parent is root_yard, we wan't to only lookup root
path in real parent mounts.
Now it is safe to use ns_mountpoint instead of mountpoint as both children and
parent have it and they are relative.
https://jira.sw.ru/browse/PSBM-58617
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
mount: use ns_mountpoint in validate_children_collisionFunction validate_children_collision is both called on dump and on restore. On
dump mountpoint and ns_mountpoint are the same. On restore as we never call
validate_children_collision on the root_yard_mp, for all other mounts strcmp
results would be the same with mountpoint and ns_mountpoint.
https://jira.sw.ru/browse/PSBM-58617
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
mount: skip root yard children from mnt_needs_remap checkThere is no point of remaping ns root mounts they can't overmount anybody.
This also allows us to switch mnt_needs_remap from ->mountpoint to
->ns_mountpoint for mount comparison in overmount detection.
https://jira.sw.ru/browse/PSBM-58617
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
mount: move set_is_overmounted before doing trees mergeFunction mnt_is_overmounted is designed to detect if mount is overmounted in
current tree using comparison of mountpoints of neighbour mounts for detection.
We wan't to get actual overmounts in dumped tree, we don't expect that helper
mounts we add or merging will introduce new overmounts. So let's do overmount
detection earlier before adding helpers and doing merge
Also use ->ns_mountpoint in...
mount: add helper mnt_get_external_nodevWill use it to find shared mount we can bind from and also can inherit
external slavery. Device-external can't give us external slavery.
https://jira.sw.ru/browse/PSBM-58617
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
autofs: fix autofs_create_dentries1) Use get_relative_path in autofs_create_dentries as it is more general,
before that we can't mention if mountpoint of child of autofs mount is
multilevel subdirectory of parent mountpoint, and always created them as single
level subdirectory.
2) Also free path on mkdir error in autofs_create_dentries.
3) Replace ->mountpoint with ->ns_mountpoint for determining relations between
mounts.
ht...
util: add get_relative_path helperThis is a smart way of getting relative paths:
1) Always returns relative path, no unexpected starting '/';
2) Detects subpath even if path formats are different, only real directory
names matter.
We have many places where we need to cut subpath from path. Different code
blocks doing this job spread widely across the codebase for instance see:
cut_root_for_bind and root_path_from_parent. But ...
mount: add mnt_get_root helperHelper mnt_get_root is similar to __mnt_get_external. It indicates that mount
can be bind-mounted from the root mount (which in it's turn from opts.root).
Use it in validate_mounts: we should skip unsupported mount from fsroot check
if we know it will be bindmounted from root mount, is_ns_root check was wrong.
Also fix root mount check in dump_one_fs, root mounts in non root mntns should
be d...
mount: apply superblock flags to nested ns rootsBefore this change we didn't apply sb-flags if we mount the root mount of
non-root mntns. There is no point in it, if we got to do_new_mount this root
mount is not external bind, so we won't change sb-flags on host if we change it
for this mount. So we just loose sb-flags on some regular container mount for
no reason. Fix it.
https://jira.sw.ru/browse/PSBM-58617
Signed-off-by: Pavel Tikhomiro...
mount: do search_bindmounts earlierWe can search it just after we've collected them and after reading them
from image just before populating mounts.
Should manually setup mnt_no_bind for all helper mounts as they now
added after search_bindmounts.
Also while on it, compare mounts with plain s_dev comparison in
search_bindmounts, if device is the same then superblocks are the same
too. Other checks may unexpectedly break the mn...
mount: replace CRTIME_MNT_ID with HELPER_MNT_IDRoot yard mount also has mnt_id == 0 so it will look better with a new name.
Also in near future we might want to create additional mount helpers to support
mounts in CT with no fsroot mounted.
Also on restore crtime mount is mounted as a child of the root yard so we don't
need to umount them. All helper mounts should be destroyed together with service
mount namespace.
https://jira.sw.ru/bro...
Revert "docker: skip mount errors to be able to run docker POC"This reverts commit 12e920a71c770410fa3772efbc5c59b2ebf88048.
https://jira.sw.ru/browse/PSBM-58617
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
spfs: remove unused mountpoint variableLooks like a leftover.
https://jira.sw.ru/browse/PSBM-58617
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
zdtm: add c/r test for several IPC namespaceshttps://jira.sw.ru/browse/PSBM-103858
https://jira.sw.ru/browse/PSBM-58611
Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com>
zdtm: add c/r test for several UTS namespaceshttps://jira.sw.ru/browse/PSBM-103863
https://jira.sw.ru/browse/PSBM-58612
Signed-off-by: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com>
namespaces: add prepare_namespaces(), restore_task_ns() helpersThis patch adds prepare_namespaces(struct ns_desc *nd) and
restore_task_ns(struct pstree_item *current, unsigned int _nsid, struct ns_desc *nd)
helpers that simplify restore of namespaces that not envolved into tasks hierarhy
such as UTS, IPC.
https://jira.sw.ru/browse/PSBM-103863
https://jira.sw.ru/browse/PSBM-58612
https://jira.sw.ru/browse/PSBM-103858
https://jira.sw.ru/browse/PSBM-58611
S...
namespaces: make nsfd_id/ns_fd union common for all namespacesThis patch is preparational and moves nsfd_id/ns_fd union in
struct ns_id from net namespace specific structure to the root
of struct ns_id. In next patch we introduce general helpers
for restoring namespaces that not envolved into tasks hierarhy.
In general approach of restoring such namespaces we will store
namespaces fd in fdstore for later usage when doing setns on tasks
restore and also w...
docker: skip mount errors to be able to run docker POCFIXME: This should be reverted and fixed properly!
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
mount: allow nested mount namespaces with different rootsOnly root in root-mntns is special (see rst_mnt_is_root) all other
mounts are mounted regulary there is no difference between ns root and
any other mount or bind-mount.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
userns: disable nested usernsDocker is not using userns-es by default so we can disable it for now
until we will need it.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
zdtm: Mark ns tests as autoCheck the features and delete "noauto".
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
rebase: add more tests
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
zdtm: test pgid is restored fine in nested pidnses1) On restore pgid 29 is first added as shortcut variant through
lookup_replaceable_item for process 27 and then replaced adding
pgid for process 30 which is in aditional pidns.
2) Processes 33..35 first as leaders wait their pgid is received
by 32..34 respectively and only after change the group to their
real pgid.
(pid, sid, pgid, namespaces...)
session04(6, 6, 6,pid)-+-session04(8, 8, 8)--...
ns: Nested pid_ns supportAllow nested pid_ns, but turn restoring of pgid and sid off for the cases,
when there are child pid namespaces. This functionality will be realized
by Pavel Tikhomirov, he is working on that.
v4: Also make restore_before_setsid() always return false if there are
child pid namespaces
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
rebase: ...
pstree: leaders wait group members temporary setpgid to their pidThat is becaues group leader can create group, give it to members
and then change own pgid to some other group, becoming non-leader.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
rebase: don't need to reenable pgid for nested pidns, session leaders
are not refcounted pgrp_member_cnt, inherit pgid for shell job
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
pstree: add set_pgid function to check everything before real syscallset_pgid(curr, item, pgid, ...)
1) pgid must be valid
2) pgid should not be set already
3) curr should be parent of item or same task
4) curr should see pgid.leader
(curr should be in same pidns with leader(on curr's top pidns level))
5) item should not be a session leader
6) all tasks should be forked
7) if pgid.leader != item, pgid.leader.pgid whould be pgid
8) all tasks should share same se...
pstree: check that all processes see their group leaderWe only restore process group for process if it can see the leader
of group, tricky cases when task inherits group and than enters
pidns and then forks again so that even parent can't see the leader
are not supported now, as sometimes it would leed to hard to track
restore deadlocks.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
rebase: skip check when receiving external pgid fr...
ns: add get_relative_pid helperThis will be used to get the pid one task can refer to another in it's
own pidns.
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Denis Silakov
Pavel Tikhomirov
Alexander Mikhalitsyn