]>
Commit | Line | Data |
---|---|---|
e29fe1dd TA |
1 | /* |
2 | * lxc: linux Container library | |
3 | * | |
4 | * Copyright © 2014-2015 Canonical Ltd. | |
5 | * | |
6 | * Authors: | |
7 | * Tycho Andersen <tycho.andersen@canonical.com> | |
8 | * | |
9 | * This library is free software; you can redistribute it and/or | |
10 | * modify it under the terms of the GNU Lesser General Public | |
11 | * License as published by the Free Software Foundation; either | |
12 | * version 2.1 of the License, or (at your option) any later version. | |
13 | * | |
14 | * This library is distributed in the hope that it will be useful, | |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
17 | * Lesser General Public License for more details. | |
18 | * | |
19 | * You should have received a copy of the GNU Lesser General Public | |
20 | * License along with this library; if not, write to the Free Software | |
21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA | |
22 | */ | |
23 | #define _GNU_SOURCE | |
9b945f13 | 24 | #include <inttypes.h> |
e29fe1dd TA |
25 | #include <linux/limits.h> |
26 | #include <sched.h> | |
27 | #include <stdio.h> | |
28 | #include <stdlib.h> | |
29 | #include <string.h> | |
30 | #include <sys/mount.h> | |
31 | #include <sys/types.h> | |
32 | #include <sys/wait.h> | |
33 | #include <unistd.h> | |
34 | ||
35 | #include "config.h" | |
36 | ||
e29fe1dd TA |
37 | #include "cgroup.h" |
38 | #include "conf.h" | |
dc259399 | 39 | #include "commands.h" |
e29fe1dd TA |
40 | #include "criu.h" |
41 | #include "log.h" | |
42 | #include "lxc.h" | |
43 | #include "lxclock.h" | |
44 | #include "network.h" | |
28d832c4 | 45 | #include "storage.h" |
e29fe1dd TA |
46 | #include "utils.h" |
47 | ||
5f4e44a2 TA |
48 | #if IS_BIONIC |
49 | #include <../include/lxcmntent.h> | |
50 | #else | |
51 | #include <mntent.h> | |
52 | #endif | |
53 | ||
9de31d5a CB |
54 | #ifndef HAVE_STRLCPY |
55 | #include "include/strlcpy.h" | |
56 | #endif | |
57 | ||
c33b0338 | 58 | #define CRIU_VERSION "2.0" |
73d46752 TA |
59 | |
60 | #define CRIU_GITID_VERSION "2.0" | |
61 | #define CRIU_GITID_PATCHLEVEL 0 | |
62 | ||
f1954503 | 63 | #define CRIU_IN_FLIGHT_SUPPORT "2.4" |
46c8ffd5 | 64 | #define CRIU_EXTERNAL_NOT_VETH "2.8" |
f1954503 | 65 | |
e29fe1dd TA |
66 | lxc_log_define(lxc_criu, lxc); |
67 | ||
73d46752 | 68 | struct criu_opts { |
5af85cb1 TA |
69 | /* the thing to hook to stdout and stderr for logging */ |
70 | int pipefd; | |
71 | ||
73d46752 TA |
72 | /* The type of criu invocation, one of "dump" or "restore" */ |
73 | char *action; | |
74 | ||
b2c3710f TA |
75 | /* the user-provided migrate options relevant to this action */ |
76 | struct migrate_opts *user; | |
73d46752 TA |
77 | |
78 | /* The container to dump */ | |
79 | struct lxc_container *c; | |
80 | ||
73d46752 | 81 | /* dump: stop the container or not after dumping? */ |
4b54788e | 82 | char tty_id[32]; /* the criu tty id for /dev/console, i.e. "tty[${rdev}:${dev}]" */ |
73d46752 TA |
83 | |
84 | /* restore: the file to write the init process' pid into */ | |
0ab5703f | 85 | struct lxc_handler *handler; |
4b54788e TA |
86 | int console_fd; |
87 | /* The path that is bind mounted from /dev/console, if any. We don't | |
88 | * want to use `--ext-mount-map auto`'s result here because the pts | |
89 | * device may have a different path (e.g. if the pty number is | |
3aed4934 | 90 | * different) on the target host. NULL if lxc.console.path = "none". |
4b54788e TA |
91 | */ |
92 | char *console_name; | |
f1954503 AR |
93 | |
94 | /* The detected version of criu */ | |
95 | char *criu_version; | |
73d46752 TA |
96 | }; |
97 | ||
4b54788e TA |
98 | static int load_tty_major_minor(char *directory, char *output, int len) |
99 | { | |
100 | FILE *f; | |
101 | char path[PATH_MAX]; | |
102 | int ret; | |
103 | ||
104 | ret = snprintf(path, sizeof(path), "%s/tty.info", directory); | |
105 | if (ret < 0 || ret >= sizeof(path)) { | |
106 | ERROR("snprintf'd too many chacters: %d", ret); | |
107 | return -1; | |
108 | } | |
109 | ||
110 | f = fopen(path, "r"); | |
111 | if (!f) { | |
112 | /* This means we're coming from a liblxc which didn't export | |
3aed4934 CB |
113 | * the tty info. In this case they had to have lxc.console.path |
114 | * = * none, so there's no problem restoring. | |
4b54788e TA |
115 | */ |
116 | if (errno == ENOENT) | |
117 | return 0; | |
118 | ||
119 | SYSERROR("couldn't open %s", path); | |
120 | return -1; | |
121 | } | |
122 | ||
123 | if (!fgets(output, len, f)) { | |
124 | fclose(f); | |
125 | SYSERROR("couldn't read %s", path); | |
126 | return -1; | |
127 | } | |
128 | ||
129 | fclose(f); | |
130 | return 0; | |
131 | } | |
132 | ||
74ad3607 FB |
133 | static int cmp_version(const char *v1, const char *v2) |
134 | { | |
135 | int ret; | |
136 | int oct_v1[3], oct_v2[3]; | |
137 | ||
138 | memset(oct_v1, -1, sizeof(oct_v1)); | |
139 | memset(oct_v2, -1, sizeof(oct_v2)); | |
140 | ||
141 | ret = sscanf(v1, "%d.%d.%d", &oct_v1[0], &oct_v1[1], &oct_v1[2]); | |
142 | if (ret < 1) | |
143 | return -1; | |
144 | ||
145 | ret = sscanf(v2, "%d.%d.%d", &oct_v2[0], &oct_v2[1], &oct_v2[2]); | |
146 | if (ret < 1) | |
147 | return -1; | |
148 | ||
149 | /* Major version is greater. */ | |
150 | if (oct_v1[0] > oct_v2[0]) | |
151 | return 1; | |
152 | ||
153 | if (oct_v1[0] < oct_v2[0]) | |
154 | return -1; | |
155 | ||
156 | /* Minor number is greater.*/ | |
157 | if (oct_v1[1] > oct_v2[1]) | |
158 | return 1; | |
159 | ||
160 | if (oct_v1[1] < oct_v2[1]) | |
161 | return -1; | |
162 | ||
163 | /* Patch number is greater. */ | |
164 | if (oct_v1[2] > oct_v2[2]) | |
165 | return 1; | |
166 | ||
167 | /* Patch numbers are equal. */ | |
168 | if (oct_v1[2] == oct_v2[2]) | |
169 | return 0; | |
170 | ||
171 | return -1; | |
172 | } | |
173 | ||
2202afc9 | 174 | static void exec_criu(struct cgroup_ops *cgroup_ops, struct criu_opts *opts) |
e29fe1dd TA |
175 | { |
176 | char **argv, log[PATH_MAX]; | |
19d1509c | 177 | int static_args = 23, argc = 0, i, ret; |
e29fe1dd TA |
178 | int netnr = 0; |
179 | struct lxc_list *it; | |
5f4e44a2 TA |
180 | FILE *mnts; |
181 | struct mntent mntent; | |
e29fe1dd | 182 | |
0e4be3cf | 183 | char buf[4096], ttys[32]; |
a17fa3c0 | 184 | size_t pos; |
5af85cb1 | 185 | |
e9195050 TA |
186 | /* If we are currently in a cgroup /foo/bar, and the container is in a |
187 | * cgroup /lxc/foo, lxcfs will give us an ENOENT if some task in the | |
188 | * container has an open fd that points to one of the cgroup files | |
189 | * (systemd always opens its "root" cgroup). So, let's escape to the | |
190 | * /actual/ root cgroup so that lxcfs thinks criu has enough rights to | |
191 | * see all cgroups. | |
192 | */ | |
2202afc9 | 193 | if (!cgroup_ops->escape(cgroup_ops)) { |
e9195050 TA |
194 | ERROR("failed to escape cgroups"); |
195 | return; | |
196 | } | |
197 | ||
e29fe1dd | 198 | /* The command line always looks like: |
19d1509c | 199 | * criu $(action) --tcp-established --file-locks --link-remap \ |
5f178bc9 | 200 | * --manage-cgroups=full --action-script foo.sh -D $(directory) \ |
e29fe1dd TA |
201 | * -o $(directory)/$(action).log --ext-mount-map auto |
202 | * --enable-external-sharing --enable-external-masters | |
4b54788e | 203 | * --enable-fs hugetlbfs --enable-fs tracefs --ext-mount-map console:/dev/pts/n |
e29fe1dd TA |
204 | * +1 for final NULL */ |
205 | ||
aef3d51e | 206 | if (strcmp(opts->action, "dump") == 0 || strcmp(opts->action, "pre-dump") == 0) { |
dc259399 TA |
207 | /* -t pid --freeze-cgroup /lxc/ct */ |
208 | static_args += 4; | |
e29fe1dd | 209 | |
aef3d51e | 210 | /* --prev-images-dir <path-to-directory-A-relative-to-B> */ |
b2c3710f | 211 | if (opts->user->predump_dir) |
aef3d51e TA |
212 | static_args += 2; |
213 | ||
74eb576c | 214 | /* --page-server --address <address> --port <port> */ |
b2c3710f | 215 | if (opts->user->pageserver_address && opts->user->pageserver_port) |
74eb576c NE |
216 | static_args += 5; |
217 | ||
aef3d51e | 218 | /* --leave-running (only for final dump) */ |
b2c3710f | 219 | if (strcmp(opts->action, "dump") == 0 && !opts->user->stop) |
e29fe1dd | 220 | static_args++; |
4b54788e TA |
221 | |
222 | /* --external tty[88,4] */ | |
223 | if (opts->tty_id[0]) | |
224 | static_args += 2; | |
19d1509c TA |
225 | |
226 | /* --force-irmap */ | |
227 | if (!opts->user->preserves_inodes) | |
228 | static_args++; | |
b2b7b0d2 TA |
229 | |
230 | /* --ghost-limit 1024 */ | |
231 | if (opts->user->ghost_limit) | |
232 | static_args += 2; | |
e29fe1dd TA |
233 | } else if (strcmp(opts->action, "restore") == 0) { |
234 | /* --root $(lxc_mount_point) --restore-detached | |
0ab5703f | 235 | * --restore-sibling |
13389b29 TA |
236 | * --lsm-profile apparmor:whatever |
237 | */ | |
0ab5703f | 238 | static_args += 6; |
4b54788e | 239 | |
0e4be3cf CB |
240 | ttys[0] = 0; |
241 | if (load_tty_major_minor(opts->user->directory, ttys, sizeof(ttys))) | |
4b54788e TA |
242 | return; |
243 | ||
244 | /* --inherit-fd fd[%d]:tty[%s] */ | |
0e4be3cf | 245 | if (ttys[0]) |
4b54788e | 246 | static_args += 2; |
e29fe1dd TA |
247 | } else { |
248 | return; | |
249 | } | |
250 | ||
2202afc9 CB |
251 | if (cgroup_ops->num_hierarchies(cgroup_ops) > 0) |
252 | static_args += 2 * cgroup_ops->num_hierarchies(cgroup_ops); | |
0ab5703f | 253 | |
b2c3710f | 254 | if (opts->user->verbose) |
e29fe1dd TA |
255 | static_args++; |
256 | ||
b9ee6643 TA |
257 | if (opts->user->action_script) |
258 | static_args += 2; | |
259 | ||
5f4e44a2 TA |
260 | static_args += 2 * lxc_list_len(&opts->c->lxc_conf->mount_list); |
261 | ||
b2c3710f | 262 | ret = snprintf(log, PATH_MAX, "%s/%s.log", opts->user->directory, opts->action); |
e29fe1dd | 263 | if (ret < 0 || ret >= PATH_MAX) { |
9f1f54b0 | 264 | ERROR("logfile name too long"); |
e29fe1dd TA |
265 | return; |
266 | } | |
267 | ||
268 | argv = malloc(static_args * sizeof(*argv)); | |
269 | if (!argv) | |
270 | return; | |
271 | ||
272 | memset(argv, 0, static_args * sizeof(*argv)); | |
273 | ||
274 | #define DECLARE_ARG(arg) \ | |
275 | do { \ | |
276 | if (arg == NULL) { \ | |
277 | ERROR("Got NULL argument for criu"); \ | |
278 | goto err; \ | |
279 | } \ | |
280 | argv[argc++] = strdup(arg); \ | |
281 | if (!argv[argc-1]) \ | |
282 | goto err; \ | |
283 | } while (0) | |
284 | ||
285 | argv[argc++] = on_path("criu", NULL); | |
286 | if (!argv[argc-1]) { | |
9f1f54b0 | 287 | ERROR("Couldn't find criu binary"); |
e29fe1dd TA |
288 | goto err; |
289 | } | |
290 | ||
291 | DECLARE_ARG(opts->action); | |
292 | DECLARE_ARG("--tcp-established"); | |
293 | DECLARE_ARG("--file-locks"); | |
294 | DECLARE_ARG("--link-remap"); | |
0a5fc6df | 295 | DECLARE_ARG("--manage-cgroups=full"); |
e29fe1dd TA |
296 | DECLARE_ARG("--ext-mount-map"); |
297 | DECLARE_ARG("auto"); | |
298 | DECLARE_ARG("--enable-external-sharing"); | |
299 | DECLARE_ARG("--enable-external-masters"); | |
dd62857a TA |
300 | DECLARE_ARG("--enable-fs"); |
301 | DECLARE_ARG("hugetlbfs"); | |
5b454329 TA |
302 | DECLARE_ARG("--enable-fs"); |
303 | DECLARE_ARG("tracefs"); | |
e29fe1dd | 304 | DECLARE_ARG("-D"); |
b2c3710f | 305 | DECLARE_ARG(opts->user->directory); |
e29fe1dd TA |
306 | DECLARE_ARG("-o"); |
307 | DECLARE_ARG(log); | |
308 | ||
2202afc9 | 309 | for (i = 0; i < cgroup_ops->num_hierarchies(cgroup_ops); i++) { |
0ab5703f | 310 | char **controllers = NULL, *fullname; |
31b204e4 | 311 | char *path, *tmp; |
0ab5703f | 312 | |
2202afc9 | 313 | if (!cgroup_ops->get_hierarchies(cgroup_ops, i, &controllers)) { |
0ab5703f TA |
314 | ERROR("failed to get hierarchy %d", i); |
315 | goto err; | |
316 | } | |
317 | ||
318 | /* if we are in a dump, we have to ask the monitor process what | |
319 | * the right cgroup is. if this is a restore, we can just use | |
320 | * the handler the restore task created. | |
321 | */ | |
322 | if (!strcmp(opts->action, "dump") || !strcmp(opts->action, "pre-dump")) { | |
323 | path = lxc_cmd_get_cgroup_path(opts->c->name, opts->c->config_path, controllers[0]); | |
324 | if (!path) { | |
325 | ERROR("failed to get cgroup path for %s", controllers[0]); | |
326 | goto err; | |
327 | } | |
328 | } else { | |
329 | const char *p; | |
330 | ||
2202afc9 | 331 | p = cgroup_ops->get_cgroup(cgroup_ops, controllers[0]); |
0ab5703f TA |
332 | if (!p) { |
333 | ERROR("failed to get cgroup path for %s", controllers[0]); | |
334 | goto err; | |
335 | } | |
336 | ||
337 | path = strdup(p); | |
338 | if (!path) { | |
339 | ERROR("strdup failed"); | |
340 | goto err; | |
341 | } | |
342 | } | |
343 | ||
31b204e4 CB |
344 | tmp = lxc_deslashify(path); |
345 | if (!tmp) { | |
346 | ERROR("Failed to remove extraneous slashes from \"%s\"", | |
347 | path); | |
0ab5703f TA |
348 | free(path); |
349 | goto err; | |
350 | } | |
31b204e4 CB |
351 | free(path); |
352 | path = tmp; | |
0ab5703f TA |
353 | |
354 | fullname = lxc_string_join(",", (const char **) controllers, false); | |
355 | if (!fullname) { | |
356 | ERROR("failed to join controllers"); | |
357 | free(path); | |
358 | goto err; | |
359 | } | |
360 | ||
361 | ret = sprintf(buf, "%s:%s", fullname, path); | |
362 | free(path); | |
363 | free(fullname); | |
364 | if (ret < 0 || ret >= sizeof(buf)) { | |
365 | ERROR("sprintf of cgroup root arg failed"); | |
366 | goto err; | |
367 | } | |
368 | ||
369 | DECLARE_ARG("--cgroup-root"); | |
370 | DECLARE_ARG(buf); | |
371 | } | |
372 | ||
b2c3710f | 373 | if (opts->user->verbose) |
e29fe1dd TA |
374 | DECLARE_ARG("-vvvvvv"); |
375 | ||
b9ee6643 TA |
376 | if (opts->user->action_script) { |
377 | DECLARE_ARG("--action-script"); | |
378 | DECLARE_ARG(opts->user->action_script); | |
379 | } | |
380 | ||
5ef5c9a3 | 381 | mnts = make_anonymous_mount_file(&opts->c->lxc_conf->mount_list); |
5f4e44a2 TA |
382 | if (!mnts) |
383 | goto err; | |
384 | ||
385 | while (getmntent_r(mnts, &mntent, buf, sizeof(buf))) { | |
19d2422b | 386 | char *fmt, *key, *val, *mntdata; |
5f4e44a2 | 387 | char arg[2 * PATH_MAX + 2]; |
19d2422b TA |
388 | unsigned long flags; |
389 | ||
390 | if (parse_mntopts(mntent.mnt_opts, &flags, &mntdata) < 0) | |
391 | goto err; | |
392 | ||
393 | free(mntdata); | |
394 | ||
395 | /* only add --ext-mount-map for actual bind mounts */ | |
396 | if (!(flags & MS_BIND)) | |
397 | continue; | |
5f4e44a2 TA |
398 | |
399 | if (strcmp(opts->action, "dump") == 0) { | |
400 | fmt = "/%s:%s"; | |
401 | key = mntent.mnt_dir; | |
402 | val = mntent.mnt_dir; | |
403 | } else { | |
404 | fmt = "%s:%s"; | |
405 | key = mntent.mnt_dir; | |
406 | val = mntent.mnt_fsname; | |
407 | } | |
408 | ||
409 | ret = snprintf(arg, sizeof(arg), fmt, key, val); | |
410 | if (ret < 0 || ret >= sizeof(arg)) { | |
411 | fclose(mnts); | |
412 | ERROR("snprintf failed"); | |
413 | goto err; | |
414 | } | |
415 | ||
416 | DECLARE_ARG("--ext-mount-map"); | |
417 | DECLARE_ARG(arg); | |
418 | } | |
419 | fclose(mnts); | |
420 | ||
aef3d51e | 421 | if (strcmp(opts->action, "dump") == 0 || strcmp(opts->action, "pre-dump") == 0) { |
dc259399 | 422 | char pid[32], *freezer_relative; |
e29fe1dd TA |
423 | |
424 | if (sprintf(pid, "%d", opts->c->init_pid(opts->c)) < 0) | |
425 | goto err; | |
426 | ||
427 | DECLARE_ARG("-t"); | |
428 | DECLARE_ARG(pid); | |
dc259399 TA |
429 | |
430 | freezer_relative = lxc_cmd_get_cgroup_path(opts->c->name, | |
431 | opts->c->config_path, | |
432 | "freezer"); | |
433 | if (!freezer_relative) { | |
434 | ERROR("failed getting freezer path"); | |
435 | goto err; | |
436 | } | |
437 | ||
438 | ret = snprintf(log, sizeof(log), "/sys/fs/cgroup/freezer/%s", freezer_relative); | |
439 | if (ret < 0 || ret >= sizeof(log)) | |
440 | goto err; | |
441 | ||
f1954503 AR |
442 | if (!opts->user->disable_skip_in_flight && |
443 | strcmp(opts->criu_version, CRIU_IN_FLIGHT_SUPPORT) >= 0) | |
444 | DECLARE_ARG("--skip-in-flight"); | |
445 | ||
dc259399 TA |
446 | DECLARE_ARG("--freeze-cgroup"); |
447 | DECLARE_ARG(log); | |
448 | ||
4b54788e | 449 | if (opts->tty_id[0]) { |
36d2096c TA |
450 | DECLARE_ARG("--ext-mount-map"); |
451 | DECLARE_ARG("/dev/console:console"); | |
452 | ||
4b54788e TA |
453 | DECLARE_ARG("--external"); |
454 | DECLARE_ARG(opts->tty_id); | |
455 | } | |
456 | ||
b2c3710f | 457 | if (opts->user->predump_dir) { |
aef3d51e | 458 | DECLARE_ARG("--prev-images-dir"); |
b2c3710f | 459 | DECLARE_ARG(opts->user->predump_dir); |
9f99a33f | 460 | DECLARE_ARG("--track-mem"); |
74eb576c | 461 | } |
4c0c0319 | 462 | |
b2c3710f | 463 | if (opts->user->pageserver_address && opts->user->pageserver_port) { |
74eb576c NE |
464 | DECLARE_ARG("--page-server"); |
465 | DECLARE_ARG("--address"); | |
b2c3710f | 466 | DECLARE_ARG(opts->user->pageserver_address); |
74eb576c | 467 | DECLARE_ARG("--port"); |
b2c3710f | 468 | DECLARE_ARG(opts->user->pageserver_port); |
74eb576c | 469 | } |
aef3d51e | 470 | |
19d1509c TA |
471 | if (!opts->user->preserves_inodes) |
472 | DECLARE_ARG("--force-irmap"); | |
473 | ||
b2b7b0d2 TA |
474 | if (opts->user->ghost_limit) { |
475 | char ghost_limit[32]; | |
476 | ||
9b945f13 | 477 | ret = sprintf(ghost_limit, "%"PRIu64, opts->user->ghost_limit); |
b2b7b0d2 | 478 | if (ret < 0 || ret >= sizeof(ghost_limit)) { |
9b945f13 | 479 | ERROR("failed to print ghost limit %"PRIu64, opts->user->ghost_limit); |
b2b7b0d2 TA |
480 | goto err; |
481 | } | |
482 | ||
483 | DECLARE_ARG("--ghost-limit"); | |
484 | DECLARE_ARG(ghost_limit); | |
485 | } | |
486 | ||
aef3d51e | 487 | /* only for final dump */ |
b2c3710f | 488 | if (strcmp(opts->action, "dump") == 0 && !opts->user->stop) |
e29fe1dd TA |
489 | DECLARE_ARG("--leave-running"); |
490 | } else if (strcmp(opts->action, "restore") == 0) { | |
491 | void *m; | |
492 | int additional; | |
13389b29 | 493 | struct lxc_conf *lxc_conf = opts->c->lxc_conf; |
e29fe1dd TA |
494 | |
495 | DECLARE_ARG("--root"); | |
496 | DECLARE_ARG(opts->c->lxc_conf->rootfs.mount); | |
497 | DECLARE_ARG("--restore-detached"); | |
498 | DECLARE_ARG("--restore-sibling"); | |
e29fe1dd | 499 | |
0e4be3cf | 500 | if (ttys[0]) { |
97e4f1a9 | 501 | if (opts->console_fd < 0) { |
3aed4934 | 502 | ERROR("lxc.console.path configured on source host but not target"); |
97e4f1a9 TA |
503 | goto err; |
504 | } | |
505 | ||
0e4be3cf | 506 | ret = snprintf(buf, sizeof(buf), "fd[%d]:%s", opts->console_fd, ttys); |
4b54788e TA |
507 | if (ret < 0 || ret >= sizeof(buf)) |
508 | goto err; | |
509 | ||
510 | DECLARE_ARG("--inherit-fd"); | |
511 | DECLARE_ARG(buf); | |
512 | } | |
513 | if (opts->console_name) { | |
514 | if (snprintf(buf, sizeof(buf), "console:%s", opts->console_name) < 0) { | |
515 | SYSERROR("sprintf'd too many bytes"); | |
516 | } | |
517 | DECLARE_ARG("--ext-mount-map"); | |
518 | DECLARE_ARG(buf); | |
519 | } | |
520 | ||
13389b29 TA |
521 | if (lxc_conf->lsm_aa_profile || lxc_conf->lsm_se_context) { |
522 | ||
523 | if (lxc_conf->lsm_aa_profile) | |
524 | ret = snprintf(buf, sizeof(buf), "apparmor:%s", lxc_conf->lsm_aa_profile); | |
525 | else | |
526 | ret = snprintf(buf, sizeof(buf), "selinux:%s", lxc_conf->lsm_se_context); | |
527 | ||
528 | if (ret < 0 || ret >= sizeof(buf)) | |
529 | goto err; | |
530 | ||
531 | DECLARE_ARG("--lsm-profile"); | |
532 | DECLARE_ARG(buf); | |
533 | } | |
534 | ||
e29fe1dd TA |
535 | additional = lxc_list_len(&opts->c->lxc_conf->network) * 2; |
536 | ||
fa071249 TA |
537 | m = realloc(argv, (argc + additional + 1) * sizeof(*argv)); |
538 | if (!m) | |
539 | goto err; | |
e29fe1dd TA |
540 | argv = m; |
541 | ||
542 | lxc_list_for_each(it, &opts->c->lxc_conf->network) { | |
9de31d5a | 543 | size_t retlen; |
e29fe1dd | 544 | char eth[128], *veth; |
46c8ffd5 | 545 | char *fmt; |
e29fe1dd | 546 | struct lxc_netdev *n = it->elem; |
46c8ffd5 AR |
547 | bool external_not_veth; |
548 | ||
74ad3607 | 549 | if (cmp_version(opts->criu_version, CRIU_EXTERNAL_NOT_VETH) >= 0) { |
46c8ffd5 AR |
550 | /* Since criu version 2.8 the usage of --veth-pair |
551 | * has been deprecated: | |
552 | * git tag --contains f2037e6d3445fc400 | |
553 | * v2.8 */ | |
554 | external_not_veth = true; | |
555 | } else { | |
556 | external_not_veth = false; | |
557 | } | |
e29fe1dd | 558 | |
42277b1c | 559 | if (n->name[0] != '\0') { |
9de31d5a CB |
560 | retlen = strlcpy(eth, n->name, sizeof(eth)); |
561 | if (retlen >= sizeof(eth)) | |
e29fe1dd | 562 | goto err; |
796a109d TA |
563 | } else { |
564 | ret = snprintf(eth, sizeof(eth), "eth%d", netnr); | |
565 | if (ret < 0 || ret >= sizeof(eth)) | |
566 | goto err; | |
567 | } | |
e29fe1dd | 568 | |
e2697330 TA |
569 | switch (n->type) { |
570 | case LXC_NET_VETH: | |
571 | veth = n->priv.veth_attr.pair; | |
ea7f6b29 CB |
572 | if (veth[0] == '\0') |
573 | veth = n->priv.veth_attr.veth1; | |
e29fe1dd | 574 | |
de4855a8 | 575 | if (n->link[0] != '\0') { |
46c8ffd5 AR |
576 | if (external_not_veth) |
577 | fmt = "veth[%s]:%s@%s"; | |
578 | else | |
579 | fmt = "%s=%s@%s"; | |
580 | ||
581 | ret = snprintf(buf, sizeof(buf), fmt, eth, veth, n->link); | |
582 | } else { | |
583 | if (external_not_veth) | |
584 | fmt = "veth[%s]:%s"; | |
585 | else | |
586 | fmt = "%s=%s"; | |
587 | ||
588 | ret = snprintf(buf, sizeof(buf), fmt, eth, veth); | |
589 | } | |
e2697330 TA |
590 | if (ret < 0 || ret >= sizeof(buf)) |
591 | goto err; | |
592 | break; | |
593 | case LXC_NET_MACVLAN: | |
de4855a8 | 594 | if (n->link[0] == '\0') { |
9f1f54b0 | 595 | ERROR("no host interface for macvlan %s", n->name); |
e2697330 TA |
596 | goto err; |
597 | } | |
598 | ||
599 | ret = snprintf(buf, sizeof(buf), "macvlan[%s]:%s", eth, n->link); | |
600 | if (ret < 0 || ret >= sizeof(buf)) | |
601 | goto err; | |
602 | break; | |
603 | case LXC_NET_NONE: | |
604 | case LXC_NET_EMPTY: | |
605 | break; | |
606 | default: | |
607 | /* we have screened for this earlier... */ | |
9f1f54b0 | 608 | ERROR("unexpected network type %d", n->type); |
e29fe1dd | 609 | goto err; |
e2697330 | 610 | } |
e29fe1dd | 611 | |
46c8ffd5 AR |
612 | if (external_not_veth) |
613 | DECLARE_ARG("--external"); | |
614 | else | |
615 | DECLARE_ARG("--veth-pair"); | |
e29fe1dd | 616 | DECLARE_ARG(buf); |
2f3fbc6b | 617 | netnr++; |
e29fe1dd TA |
618 | } |
619 | ||
620 | } | |
621 | ||
622 | argv[argc] = NULL; | |
623 | ||
cf4b07a5 | 624 | buf[0] = 0; |
a17fa3c0 | 625 | pos = 0; |
72a30576 | 626 | |
cf4b07a5 | 627 | for (i = 0; argv[i]; i++) { |
72a30576 NE |
628 | ret = snprintf(buf + pos, sizeof(buf) - pos, "%s ", argv[i]); |
629 | if (ret < 0 || ret >= sizeof(buf) - pos) | |
630 | goto err; | |
631 | else | |
632 | pos += ret; | |
cf4b07a5 TA |
633 | } |
634 | ||
635 | INFO("execing: %s", buf); | |
636 | ||
5af85cb1 TA |
637 | /* before criu inits its log, it sometimes prints things to stdout/err; |
638 | * let's be sure we capture that. | |
639 | */ | |
640 | if (dup2(opts->pipefd, STDOUT_FILENO) < 0) { | |
641 | SYSERROR("dup2 stdout failed"); | |
642 | goto err; | |
643 | } | |
644 | ||
645 | if (dup2(opts->pipefd, STDERR_FILENO) < 0) { | |
646 | SYSERROR("dup2 stderr failed"); | |
647 | goto err; | |
648 | } | |
649 | ||
650 | close(opts->pipefd); | |
651 | ||
e29fe1dd TA |
652 | #undef DECLARE_ARG |
653 | execv(argv[0], argv); | |
654 | err: | |
e29fe1dd TA |
655 | for (i = 0; argv[i]; i++) |
656 | free(argv[i]); | |
657 | free(argv); | |
658 | } | |
659 | ||
b5b12b9e AR |
660 | /* |
661 | * Function to check if the checks activated in 'features_to_check' are | |
662 | * available with the current architecture/kernel/criu combination. | |
663 | * | |
664 | * Parameter features_to_check is a bit mask of all features that should be | |
665 | * checked (see feature check defines in lxc/lxccontainer.h). | |
666 | * | |
667 | * If the return value is true, all requested features are supported. If | |
668 | * the return value is false the features_to_check parameter is updated | |
669 | * to reflect which features are available. '0' means no feature but | |
670 | * also that something went totally wrong. | |
671 | * | |
672 | * Some of the code flow of criu_version_ok() is duplicated and maybe it | |
673 | * is a good candidate for refactoring. | |
674 | */ | |
675 | bool __criu_check_feature(uint64_t *features_to_check) | |
676 | { | |
677 | pid_t pid; | |
678 | uint64_t current_bit = 0; | |
679 | int ret; | |
680 | int features = *features_to_check; | |
681 | /* Feature checking is currently always like | |
682 | * criu check --feature <feature-name> | |
683 | */ | |
684 | char *args[] = { "criu", "check", "--feature", NULL, NULL }; | |
685 | ||
686 | if ((features & ~FEATURE_MEM_TRACK & ~FEATURE_LAZY_PAGES) != 0) { | |
687 | /* There are feature bits activated we do not understand. | |
688 | * Refusing to answer at all */ | |
689 | *features_to_check = 0; | |
690 | return false; | |
691 | } | |
692 | ||
693 | while (current_bit < sizeof(uint64_t) * 8) { | |
694 | /* only test requested features */ | |
695 | if (!(features & (1ULL << current_bit))) { | |
696 | /* skip this */ | |
697 | current_bit++; | |
698 | continue; | |
699 | } | |
700 | ||
701 | pid = fork(); | |
702 | if (pid < 0) { | |
703 | SYSERROR("fork() failed"); | |
704 | *features_to_check = 0; | |
705 | return false; | |
706 | } | |
707 | ||
708 | if (pid == 0) { | |
709 | if ((1ULL << current_bit) == FEATURE_MEM_TRACK) | |
710 | /* This is needed for pre-dump support, which | |
711 | * enables pre-copy migration. */ | |
712 | args[3] = "mem_dirty_track"; | |
713 | else if ((1ULL << current_bit) == FEATURE_LAZY_PAGES) | |
714 | /* CRIU has two checks for userfaultfd support. | |
715 | * | |
716 | * The simpler check is only for 'uffd'. If the | |
717 | * kernel supports userfaultfd without noncoop | |
718 | * then only process can be lazily restored | |
719 | * which do not fork. With 'uffd-noncoop' | |
720 | * it is also possible to lazily restore processes | |
721 | * which do fork. For a container runtime like | |
722 | * LXC checking only for 'uffd' makes not much sense. */ | |
723 | args[3] = "uffd-noncoop"; | |
724 | else | |
4f43526d | 725 | _exit(EXIT_FAILURE); |
b5b12b9e AR |
726 | |
727 | null_stdfds(); | |
728 | ||
729 | execvp("criu", args); | |
730 | SYSERROR("Failed to exec \"criu\""); | |
4f43526d | 731 | _exit(EXIT_FAILURE); |
b5b12b9e AR |
732 | } |
733 | ||
734 | ret = wait_for_pid(pid); | |
735 | ||
736 | if (ret == -1) { | |
737 | /* It is not known why CRIU failed. Either | |
738 | * CRIU is not available, the feature check | |
739 | * does not exist or the feature is not | |
740 | * supported. */ | |
741 | INFO("feature not supported"); | |
742 | /* Clear not supported feature bit */ | |
743 | features &= ~(1ULL << current_bit); | |
744 | } | |
745 | ||
746 | current_bit++; | |
747 | /* no more checks requested; exit check loop */ | |
748 | if (!(features & ~((1ULL << current_bit)-1))) | |
749 | break; | |
750 | } | |
751 | if (features != *features_to_check) { | |
752 | *features_to_check = features; | |
753 | return false; | |
754 | } | |
755 | return true; | |
756 | } | |
757 | ||
8ba5ced7 TA |
758 | /* |
759 | * Check to see if the criu version is recent enough for all the features we | |
760 | * use. This version allows either CRIU_VERSION or (CRIU_GITID_VERSION and | |
761 | * CRIU_GITID_PATCHLEVEL) to work, enabling users building from git to c/r | |
762 | * things potentially before a version is released with a particular feature. | |
763 | * | |
764 | * The intent is that when criu development slows down, we can drop this, but | |
765 | * for now we shouldn't attempt to c/r with versions that we know won't work. | |
5407e2ab CB |
766 | * |
767 | * Note: If version != NULL criu_version() stores the detected criu version in | |
768 | * version. Allocates memory for version which must be freed by caller. | |
8ba5ced7 | 769 | */ |
5407e2ab | 770 | static bool criu_version_ok(char **version) |
8ba5ced7 TA |
771 | { |
772 | int pipes[2]; | |
773 | pid_t pid; | |
774 | ||
775 | if (pipe(pipes) < 0) { | |
776 | SYSERROR("pipe() failed"); | |
777 | return false; | |
778 | } | |
779 | ||
780 | pid = fork(); | |
781 | if (pid < 0) { | |
782 | SYSERROR("fork() failed"); | |
783 | return false; | |
784 | } | |
785 | ||
786 | if (pid == 0) { | |
787 | char *args[] = { "criu", "--version", NULL }; | |
755fa453 | 788 | char *path; |
8ba5ced7 TA |
789 | close(pipes[0]); |
790 | ||
791 | close(STDERR_FILENO); | |
792 | if (dup2(pipes[1], STDOUT_FILENO) < 0) | |
665bb114 | 793 | _exit(EXIT_FAILURE); |
8ba5ced7 | 794 | |
755fa453 | 795 | path = on_path("criu", NULL); |
d9b32b09 | 796 | if (!path) |
665bb114 | 797 | _exit(EXIT_FAILURE); |
d9b32b09 | 798 | |
755fa453 | 799 | execv(path, args); |
665bb114 | 800 | _exit(EXIT_FAILURE); |
8ba5ced7 TA |
801 | } else { |
802 | FILE *f; | |
5407e2ab | 803 | char *tmp; |
8ba5ced7 TA |
804 | int patch; |
805 | ||
806 | close(pipes[1]); | |
807 | if (wait_for_pid(pid) < 0) { | |
808 | close(pipes[0]); | |
4eae4051 | 809 | SYSERROR("execing criu failed, is it installed?"); |
8ba5ced7 TA |
810 | return false; |
811 | } | |
812 | ||
813 | f = fdopen(pipes[0], "r"); | |
814 | if (!f) { | |
815 | close(pipes[0]); | |
816 | return false; | |
817 | } | |
818 | ||
5407e2ab CB |
819 | tmp = malloc(1024); |
820 | if (!tmp) { | |
821 | fclose(f); | |
822 | return false; | |
823 | } | |
824 | ||
825 | if (fscanf(f, "Version: %1023[^\n]s", tmp) != 1) | |
8ba5ced7 TA |
826 | goto version_error; |
827 | ||
828 | if (fgetc(f) != '\n') | |
829 | goto version_error; | |
830 | ||
5407e2ab | 831 | if (strcmp(tmp, CRIU_VERSION) >= 0) |
8ba5ced7 TA |
832 | goto version_match; |
833 | ||
5407e2ab | 834 | if (fscanf(f, "GitID: v%1023[^-]s", tmp) != 1) |
8ba5ced7 TA |
835 | goto version_error; |
836 | ||
837 | if (fgetc(f) != '-') | |
838 | goto version_error; | |
839 | ||
840 | if (fscanf(f, "%d", &patch) != 1) | |
841 | goto version_error; | |
842 | ||
5407e2ab | 843 | if (strcmp(tmp, CRIU_GITID_VERSION) < 0) |
8ba5ced7 TA |
844 | goto version_error; |
845 | ||
846 | if (patch < CRIU_GITID_PATCHLEVEL) | |
847 | goto version_error; | |
848 | ||
849 | version_match: | |
3158ab5b | 850 | fclose(f); |
5407e2ab CB |
851 | if (!version) |
852 | free(tmp); | |
853 | else | |
854 | *version = tmp; | |
8ba5ced7 TA |
855 | return true; |
856 | ||
857 | version_error: | |
3158ab5b | 858 | fclose(f); |
5407e2ab | 859 | free(tmp); |
9f1f54b0 | 860 | ERROR("must have criu " CRIU_VERSION " or greater to checkpoint/restore"); |
8ba5ced7 TA |
861 | return false; |
862 | } | |
863 | } | |
864 | ||
e29fe1dd TA |
865 | /* Check and make sure the container has a configuration that we know CRIU can |
866 | * dump. */ | |
f1954503 | 867 | static bool criu_ok(struct lxc_container *c, char **criu_version) |
e29fe1dd TA |
868 | { |
869 | struct lxc_list *it; | |
e29fe1dd | 870 | |
f1954503 | 871 | if (!criu_version_ok(criu_version)) |
8ba5ced7 TA |
872 | return false; |
873 | ||
e29fe1dd | 874 | if (geteuid()) { |
9f1f54b0 | 875 | ERROR("Must be root to checkpoint"); |
e29fe1dd TA |
876 | return false; |
877 | } | |
878 | ||
879 | /* We only know how to restore containers with veth networks. */ | |
880 | lxc_list_for_each(it, &c->lxc_conf->network) { | |
881 | struct lxc_netdev *n = it->elem; | |
65b20221 TA |
882 | switch(n->type) { |
883 | case LXC_NET_VETH: | |
884 | case LXC_NET_NONE: | |
885 | case LXC_NET_EMPTY: | |
e2697330 | 886 | case LXC_NET_MACVLAN: |
65b20221 TA |
887 | break; |
888 | default: | |
9f1f54b0 | 889 | ERROR("Found un-dumpable network: %s (%s)", lxc_net_type_to_str(n->type), n->name); |
e29fe1dd TA |
890 | return false; |
891 | } | |
892 | } | |
893 | ||
e29fe1dd TA |
894 | return true; |
895 | } | |
896 | ||
e29fe1dd TA |
897 | static bool restore_net_info(struct lxc_container *c) |
898 | { | |
899 | struct lxc_list *it; | |
900 | bool has_error = true; | |
901 | ||
902 | if (container_mem_lock(c)) | |
903 | return false; | |
904 | ||
905 | lxc_list_for_each(it, &c->lxc_conf->network) { | |
906 | struct lxc_netdev *netdev = it->elem; | |
907 | char template[IFNAMSIZ]; | |
65b20221 TA |
908 | |
909 | if (netdev->type != LXC_NET_VETH) | |
910 | continue; | |
911 | ||
e29fe1dd TA |
912 | snprintf(template, sizeof(template), "vethXXXXXX"); |
913 | ||
de4855a8 CB |
914 | if (netdev->priv.veth_attr.pair[0] == '\0' && |
915 | netdev->priv.veth_attr.veth1[0] == '\0') { | |
966e9f1f | 916 | if (!lxc_mkifname(template)) |
de4855a8 CB |
917 | goto out_unlock; |
918 | ||
966e9f1f | 919 | strcpy(netdev->priv.veth_attr.veth1, template); |
de4855a8 | 920 | } |
e29fe1dd TA |
921 | } |
922 | ||
923 | has_error = false; | |
924 | ||
925 | out_unlock: | |
926 | container_mem_unlock(c); | |
927 | return !has_error; | |
928 | } | |
929 | ||
1a0e70ac | 930 | /* do_restore never returns, the calling process is used as the monitor process. |
5a24adb8 | 931 | * do_restore calls _exit() if it fails. |
1a0e70ac | 932 | */ |
c33b0338 | 933 | static void do_restore(struct lxc_container *c, int status_pipe, struct migrate_opts *opts, char *criu_version) |
e29fe1dd | 934 | { |
5af9369b | 935 | int fd, ret; |
e29fe1dd | 936 | pid_t pid; |
e29fe1dd | 937 | struct lxc_handler *handler; |
113ebd57 | 938 | int status = 0; |
9b1e2e6e | 939 | int pipes[2] = {-1, -1}; |
2202afc9 | 940 | struct cgroup_ops *cgroup_ops; |
e29fe1dd | 941 | |
a7fb6043 TA |
942 | /* Try to detach from the current controlling tty if it exists. |
943 | * Othwerise, lxc_init (via lxc_console) will attach the container's | |
944 | * console output to the current tty, which is probably not what any | |
945 | * library user wants, and if they do, they can just manually configure | |
946 | * it :) | |
947 | */ | |
948 | fd = open("/dev/tty", O_RDWR); | |
949 | if (fd >= 0) { | |
950 | if (ioctl(fd, TIOCNOTTY, NULL) < 0) | |
951 | SYSERROR("couldn't detach from tty"); | |
952 | close(fd); | |
953 | } | |
954 | ||
5e5576a4 | 955 | handler = lxc_init_handler(c->name, c->lxc_conf, c->config_path, false); |
e29fe1dd TA |
956 | if (!handler) |
957 | goto out; | |
958 | ||
aa460476 CB |
959 | if (lxc_init(c->name, handler) < 0) |
960 | goto out; | |
961 | ||
2202afc9 CB |
962 | cgroup_ops = cgroup_init(NULL); |
963 | if (!cgroup_ops) | |
e29fe1dd | 964 | goto out_fini_handler; |
2202afc9 | 965 | handler->cgroup_ops = cgroup_ops; |
e29fe1dd | 966 | |
2202afc9 | 967 | if (!cgroup_ops->create(cgroup_ops, handler)) { |
e29fe1dd TA |
968 | ERROR("failed creating groups"); |
969 | goto out_fini_handler; | |
970 | } | |
971 | ||
972 | if (!restore_net_info(c)) { | |
973 | ERROR("failed restoring network info"); | |
974 | goto out_fini_handler; | |
975 | } | |
976 | ||
5af9369b CB |
977 | ret = resolve_clone_flags(handler); |
978 | if (ret < 0) { | |
979 | ERROR("%s - Unsupported clone flag specified", strerror(errno)); | |
980 | goto out_fini_handler; | |
981 | } | |
e29fe1dd | 982 | |
3d9a5c85 TA |
983 | if (pipe(pipes) < 0) { |
984 | SYSERROR("pipe() failed"); | |
985 | goto out_fini_handler; | |
986 | } | |
987 | ||
e29fe1dd TA |
988 | pid = fork(); |
989 | if (pid < 0) | |
990 | goto out_fini_handler; | |
991 | ||
992 | if (pid == 0) { | |
993 | struct criu_opts os; | |
994 | struct lxc_rootfs *rootfs; | |
4b54788e | 995 | int flags; |
e29fe1dd | 996 | |
3d9a5c85 TA |
997 | close(status_pipe); |
998 | status_pipe = -1; | |
999 | ||
1000 | close(pipes[0]); | |
1001 | pipes[0] = -1; | |
e29fe1dd TA |
1002 | |
1003 | if (unshare(CLONE_NEWNS)) | |
1004 | goto out_fini_handler; | |
1005 | ||
1006 | /* CRIU needs the lxc root bind mounted so that it is the root of some | |
1007 | * mount. */ | |
1008 | rootfs = &c->lxc_conf->rootfs; | |
1009 | ||
1010 | if (rootfs_is_blockdev(c->lxc_conf)) { | |
1011 | if (do_rootfs_setup(c->lxc_conf, c->name, c->config_path) < 0) | |
1012 | goto out_fini_handler; | |
1013 | } else { | |
1014 | if (mkdir(rootfs->mount, 0755) < 0 && errno != EEXIST) | |
1015 | goto out_fini_handler; | |
1016 | ||
1017 | if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0) { | |
1018 | SYSERROR("remount / to private failed"); | |
1019 | goto out_fini_handler; | |
1020 | } | |
1021 | ||
1022 | if (mount(rootfs->path, rootfs->mount, NULL, MS_BIND, NULL) < 0) { | |
1023 | rmdir(rootfs->mount); | |
1024 | goto out_fini_handler; | |
1025 | } | |
1026 | } | |
1027 | ||
5af85cb1 | 1028 | os.pipefd = pipes[1]; |
e29fe1dd | 1029 | os.action = "restore"; |
b2c3710f | 1030 | os.user = opts; |
e29fe1dd | 1031 | os.c = c; |
4b54788e | 1032 | os.console_fd = c->lxc_conf->console.slave; |
f1954503 | 1033 | os.criu_version = criu_version; |
0ab5703f | 1034 | os.handler = handler; |
4b54788e | 1035 | |
97e4f1a9 TA |
1036 | if (os.console_fd >= 0) { |
1037 | /* Twiddle the FD_CLOEXEC bit. We want to pass this FD to criu | |
1038 | * via --inherit-fd, so we don't want it to close. | |
1039 | */ | |
1040 | flags = fcntl(os.console_fd, F_GETFD); | |
1041 | if (flags < 0) { | |
1042 | SYSERROR("F_GETFD failed: %d", os.console_fd); | |
1043 | goto out_fini_handler; | |
1044 | } | |
4b54788e | 1045 | |
97e4f1a9 | 1046 | flags &= ~FD_CLOEXEC; |
4b54788e | 1047 | |
97e4f1a9 TA |
1048 | if (fcntl(os.console_fd, F_SETFD, flags) < 0) { |
1049 | SYSERROR("F_SETFD failed"); | |
1050 | goto out_fini_handler; | |
1051 | } | |
4b54788e TA |
1052 | } |
1053 | os.console_name = c->lxc_conf->console.name; | |
e29fe1dd TA |
1054 | |
1055 | /* exec_criu() returning is an error */ | |
2202afc9 | 1056 | exec_criu(cgroup_ops, &os); |
e29fe1dd TA |
1057 | umount(rootfs->mount); |
1058 | rmdir(rootfs->mount); | |
1059 | goto out_fini_handler; | |
1060 | } else { | |
1061 | int ret; | |
1062 | char title[2048]; | |
1063 | ||
3d9a5c85 TA |
1064 | close(pipes[1]); |
1065 | pipes[1] = -1; | |
1066 | ||
e29fe1dd TA |
1067 | pid_t w = waitpid(pid, &status, 0); |
1068 | if (w == -1) { | |
1069 | SYSERROR("waitpid"); | |
1070 | goto out_fini_handler; | |
1071 | } | |
1072 | ||
e29fe1dd | 1073 | if (WIFEXITED(status)) { |
75d219f0 TA |
1074 | char buf[4096]; |
1075 | ||
e29fe1dd | 1076 | if (WEXITSTATUS(status)) { |
3d9a5c85 TA |
1077 | int n; |
1078 | ||
1079 | n = read(pipes[0], buf, sizeof(buf)); | |
1080 | if (n < 0) { | |
1081 | SYSERROR("failed reading from criu stderr"); | |
1082 | goto out_fini_handler; | |
1083 | } | |
1084 | ||
2735dfae TA |
1085 | if (n == sizeof(buf)) |
1086 | n--; | |
3d9a5c85 TA |
1087 | buf[n] = 0; |
1088 | ||
9f1f54b0 | 1089 | ERROR("criu process exited %d, output:\n%s", WEXITSTATUS(status), buf); |
e29fe1dd TA |
1090 | goto out_fini_handler; |
1091 | } else { | |
3eba9b49 | 1092 | ret = snprintf(buf, sizeof(buf), "/proc/self/task/%lu/children", (unsigned long)syscall(__NR_gettid)); |
75d219f0 TA |
1093 | if (ret < 0 || ret >= sizeof(buf)) { |
1094 | ERROR("snprintf'd too many characters: %d", ret); | |
1095 | goto out_fini_handler; | |
1096 | } | |
1097 | ||
1098 | FILE *f = fopen(buf, "r"); | |
e29fe1dd | 1099 | if (!f) { |
9f1f54b0 | 1100 | SYSERROR("couldn't read restore's children file %s", buf); |
e29fe1dd TA |
1101 | goto out_fini_handler; |
1102 | } | |
1103 | ||
1104 | ret = fscanf(f, "%d", (int*) &handler->pid); | |
1105 | fclose(f); | |
1106 | if (ret != 1) { | |
1107 | ERROR("reading restore pid failed"); | |
1108 | goto out_fini_handler; | |
1109 | } | |
1110 | ||
f8a41688 TA |
1111 | if (lxc_set_state(c->name, handler, RUNNING)) { |
1112 | ERROR("error setting running state after restore"); | |
e29fe1dd | 1113 | goto out_fini_handler; |
f8a41688 | 1114 | } |
e29fe1dd TA |
1115 | } |
1116 | } else { | |
9f1f54b0 | 1117 | ERROR("CRIU was killed with signal %d", WTERMSIG(status)); |
e29fe1dd TA |
1118 | goto out_fini_handler; |
1119 | } | |
1120 | ||
3d9a5c85 TA |
1121 | close(pipes[0]); |
1122 | ||
f3886023 TA |
1123 | ret = write(status_pipe, &status, sizeof(status)); |
1124 | close(status_pipe); | |
1125 | status_pipe = -1; | |
1126 | ||
1127 | if (sizeof(status) != ret) { | |
1128 | SYSERROR("failed to write all of status"); | |
1129 | goto out_fini_handler; | |
1130 | } | |
1131 | ||
e29fe1dd TA |
1132 | /* |
1133 | * See comment in lxcapi_start; we don't care if these | |
1134 | * fail because it's just a beauty thing. We just | |
1135 | * assign the return here to silence potential. | |
1136 | */ | |
1137 | ret = snprintf(title, sizeof(title), "[lxc monitor] %s %s", c->config_path, c->name); | |
223e30c1 CB |
1138 | if (ret < 0 || (size_t)ret >= sizeof(title)) |
1139 | INFO("Setting truncated process name"); | |
1140 | ||
e29fe1dd | 1141 | ret = setproctitle(title); |
223e30c1 CB |
1142 | if (ret < 0) |
1143 | INFO("Failed to set process name"); | |
e29fe1dd TA |
1144 | |
1145 | ret = lxc_poll(c->name, handler); | |
1146 | if (ret) | |
1147 | lxc_abort(c->name, handler); | |
1148 | lxc_fini(c->name, handler); | |
5a24adb8 | 1149 | _exit(ret); |
e29fe1dd TA |
1150 | } |
1151 | ||
1152 | out_fini_handler: | |
3d9a5c85 TA |
1153 | if (pipes[0] >= 0) |
1154 | close(pipes[0]); | |
1155 | if (pipes[1] >= 0) | |
1156 | close(pipes[1]); | |
1157 | ||
e29fe1dd TA |
1158 | lxc_fini(c->name, handler); |
1159 | ||
1160 | out: | |
3d9a5c85 | 1161 | if (status_pipe >= 0) { |
f3886023 TA |
1162 | /* ensure getting here was a failure, e.g. if we failed to |
1163 | * parse the child pid or something, even after a successful | |
1164 | * restore | |
1165 | */ | |
1166 | if (!status) | |
1167 | status = 1; | |
113ebd57 CB |
1168 | |
1169 | if (write(status_pipe, &status, sizeof(status)) != sizeof(status)) | |
e29fe1dd | 1170 | SYSERROR("writing status failed"); |
3d9a5c85 | 1171 | close(status_pipe); |
e29fe1dd TA |
1172 | } |
1173 | ||
5a24adb8 | 1174 | _exit(EXIT_FAILURE); |
e29fe1dd | 1175 | } |
aef3d51e | 1176 | |
4b54788e TA |
1177 | static int save_tty_major_minor(char *directory, struct lxc_container *c, char *tty_id, int len) |
1178 | { | |
1179 | FILE *f; | |
1180 | char path[PATH_MAX]; | |
1181 | int ret; | |
1182 | struct stat sb; | |
1183 | ||
1184 | if (c->lxc_conf->console.path && !strcmp(c->lxc_conf->console.path, "none")) { | |
1185 | tty_id[0] = 0; | |
1186 | return 0; | |
1187 | } | |
1188 | ||
1189 | ret = snprintf(path, sizeof(path), "/proc/%d/root/dev/console", c->init_pid(c)); | |
1190 | if (ret < 0 || ret >= sizeof(path)) { | |
1191 | ERROR("snprintf'd too many chacters: %d", ret); | |
1192 | return -1; | |
1193 | } | |
1194 | ||
1195 | ret = stat(path, &sb); | |
1196 | if (ret < 0) { | |
1197 | SYSERROR("stat of %s failed", path); | |
1198 | return -1; | |
1199 | } | |
1200 | ||
1201 | ret = snprintf(path, sizeof(path), "%s/tty.info", directory); | |
1202 | if (ret < 0 || ret >= sizeof(path)) { | |
1203 | ERROR("snprintf'd too many characters: %d", ret); | |
1204 | return -1; | |
1205 | } | |
1206 | ||
f03280a7 TA |
1207 | ret = snprintf(tty_id, len, "tty[%llx:%llx]", |
1208 | (long long unsigned) sb.st_rdev, | |
1209 | (long long unsigned) sb.st_dev); | |
4b54788e TA |
1210 | if (ret < 0 || ret >= sizeof(path)) { |
1211 | ERROR("snprintf'd too many characters: %d", ret); | |
1212 | return -1; | |
1213 | } | |
1214 | ||
1215 | f = fopen(path, "w"); | |
1216 | if (!f) { | |
1217 | SYSERROR("failed to open %s", path); | |
1218 | return -1; | |
1219 | } | |
1220 | ||
1221 | ret = fprintf(f, "%s", tty_id); | |
1222 | fclose(f); | |
1223 | if (ret < 0) | |
1224 | SYSERROR("failed to write to %s", path); | |
1225 | return ret; | |
1226 | } | |
1227 | ||
aef3d51e | 1228 | /* do one of either predump or a regular dump */ |
b2c3710f | 1229 | static bool do_dump(struct lxc_container *c, char *mode, struct migrate_opts *opts) |
aef3d51e | 1230 | { |
0e4adc1a | 1231 | int ret; |
aef3d51e | 1232 | pid_t pid; |
5af85cb1 | 1233 | int criuout[2]; |
0e4adc1a | 1234 | char *criu_version = NULL; |
aef3d51e | 1235 | |
f1954503 | 1236 | if (!criu_ok(c, &criu_version)) |
aef3d51e TA |
1237 | return false; |
1238 | ||
0e4adc1a CB |
1239 | ret = pipe(criuout); |
1240 | if (ret < 0) { | |
5af85cb1 | 1241 | SYSERROR("pipe() failed"); |
aef3d51e | 1242 | return false; |
5af85cb1 TA |
1243 | } |
1244 | ||
1245 | if (mkdir_p(opts->directory, 0700) < 0) | |
1246 | goto fail; | |
aef3d51e TA |
1247 | |
1248 | pid = fork(); | |
1249 | if (pid < 0) { | |
1250 | SYSERROR("fork failed"); | |
5af85cb1 | 1251 | goto fail; |
aef3d51e TA |
1252 | } |
1253 | ||
1254 | if (pid == 0) { | |
1255 | struct criu_opts os; | |
0ab5703f | 1256 | struct lxc_handler h; |
2202afc9 | 1257 | struct cgroup_ops *cgroup_ops; |
0ab5703f | 1258 | |
5af85cb1 TA |
1259 | close(criuout[0]); |
1260 | ||
41784e4e CB |
1261 | lxc_zero_handler(&h); |
1262 | ||
0ab5703f | 1263 | h.name = c->name; |
2202afc9 CB |
1264 | |
1265 | cgroup_ops = cgroup_init(NULL); | |
1266 | if (!cgroup_ops) { | |
0ab5703f | 1267 | ERROR("failed to cgroup_init()"); |
7211378b | 1268 | _exit(EXIT_FAILURE); |
2202afc9 | 1269 | return -1; |
0ab5703f | 1270 | } |
2202afc9 | 1271 | h.cgroup_ops = cgroup_ops; |
aef3d51e | 1272 | |
5af85cb1 | 1273 | os.pipefd = criuout[1]; |
aef3d51e | 1274 | os.action = mode; |
b2c3710f | 1275 | os.user = opts; |
aef3d51e | 1276 | os.c = c; |
4b54788e | 1277 | os.console_name = c->lxc_conf->console.path; |
f1954503 | 1278 | os.criu_version = criu_version; |
74eb576c | 1279 | |
0e4adc1a CB |
1280 | ret = save_tty_major_minor(opts->directory, c, os.tty_id, sizeof(os.tty_id)); |
1281 | if (ret < 0) { | |
1282 | free(criu_version); | |
7211378b | 1283 | _exit(EXIT_FAILURE); |
0e4adc1a | 1284 | } |
aef3d51e TA |
1285 | |
1286 | /* exec_criu() returning is an error */ | |
2202afc9 | 1287 | exec_criu(cgroup_ops, &os); |
0e4adc1a | 1288 | free(criu_version); |
7211378b | 1289 | _exit(EXIT_FAILURE); |
aef3d51e TA |
1290 | } else { |
1291 | int status; | |
5af85cb1 TA |
1292 | ssize_t n; |
1293 | char buf[4096]; | |
1294 | bool ret; | |
1295 | ||
1296 | close(criuout[1]); | |
1297 | ||
aef3d51e TA |
1298 | pid_t w = waitpid(pid, &status, 0); |
1299 | if (w == -1) { | |
1300 | SYSERROR("waitpid"); | |
5af85cb1 | 1301 | close(criuout[0]); |
aef3d51e TA |
1302 | return false; |
1303 | } | |
1304 | ||
5af85cb1 TA |
1305 | n = read(criuout[0], buf, sizeof(buf)); |
1306 | close(criuout[0]); | |
1307 | if (n < 0) { | |
1308 | SYSERROR("read"); | |
1309 | n = 0; | |
1310 | } | |
1311 | buf[n] = 0; | |
1312 | ||
aef3d51e TA |
1313 | if (WIFEXITED(status)) { |
1314 | if (WEXITSTATUS(status)) { | |
9f1f54b0 | 1315 | ERROR("dump failed with %d", WEXITSTATUS(status)); |
5af85cb1 TA |
1316 | ret = false; |
1317 | } else { | |
1318 | ret = true; | |
aef3d51e | 1319 | } |
aef3d51e | 1320 | } else if (WIFSIGNALED(status)) { |
9f1f54b0 | 1321 | ERROR("dump signaled with %d", WTERMSIG(status)); |
5af85cb1 | 1322 | ret = false; |
aef3d51e | 1323 | } else { |
9f1f54b0 | 1324 | ERROR("unknown dump exit %d", status); |
5af85cb1 | 1325 | ret = false; |
aef3d51e | 1326 | } |
5af85cb1 TA |
1327 | |
1328 | if (!ret) | |
1329 | ERROR("criu output: %s", buf); | |
1330 | return ret; | |
aef3d51e | 1331 | } |
5af85cb1 TA |
1332 | fail: |
1333 | close(criuout[0]); | |
1334 | close(criuout[1]); | |
1335 | rmdir(opts->directory); | |
0e4adc1a | 1336 | free(criu_version); |
5af85cb1 | 1337 | return false; |
aef3d51e TA |
1338 | } |
1339 | ||
b2c3710f | 1340 | bool __criu_pre_dump(struct lxc_container *c, struct migrate_opts *opts) |
aef3d51e | 1341 | { |
b2c3710f | 1342 | return do_dump(c, "pre-dump", opts); |
aef3d51e TA |
1343 | } |
1344 | ||
b2c3710f | 1345 | bool __criu_dump(struct lxc_container *c, struct migrate_opts *opts) |
aef3d51e TA |
1346 | { |
1347 | char path[PATH_MAX]; | |
1348 | int ret; | |
1349 | ||
b2c3710f | 1350 | ret = snprintf(path, sizeof(path), "%s/inventory.img", opts->directory); |
aef3d51e TA |
1351 | if (ret < 0 || ret >= sizeof(path)) |
1352 | return false; | |
1353 | ||
1354 | if (access(path, F_OK) == 0) { | |
9f1f54b0 | 1355 | ERROR("please use a fresh directory for the dump directory"); |
aef3d51e TA |
1356 | return false; |
1357 | } | |
1358 | ||
b2c3710f | 1359 | return do_dump(c, "dump", opts); |
aef3d51e TA |
1360 | } |
1361 | ||
b2c3710f | 1362 | bool __criu_restore(struct lxc_container *c, struct migrate_opts *opts) |
aef3d51e TA |
1363 | { |
1364 | pid_t pid; | |
1365 | int status, nread; | |
1366 | int pipefd[2]; | |
f1954503 | 1367 | char *criu_version = NULL; |
aef3d51e | 1368 | |
f1954503 | 1369 | if (!criu_ok(c, &criu_version)) |
aef3d51e TA |
1370 | return false; |
1371 | ||
1372 | if (geteuid()) { | |
9f1f54b0 | 1373 | ERROR("Must be root to restore"); |
aef3d51e TA |
1374 | return false; |
1375 | } | |
1376 | ||
1377 | if (pipe(pipefd)) { | |
1378 | ERROR("failed to create pipe"); | |
1379 | return false; | |
1380 | } | |
1381 | ||
1382 | pid = fork(); | |
1383 | if (pid < 0) { | |
1384 | close(pipefd[0]); | |
1385 | close(pipefd[1]); | |
1386 | return false; | |
1387 | } | |
1388 | ||
1389 | if (pid == 0) { | |
1390 | close(pipefd[0]); | |
1a0e70ac | 1391 | /* this never returns */ |
f1954503 | 1392 | do_restore(c, pipefd[1], opts, criu_version); |
aef3d51e TA |
1393 | } |
1394 | ||
1395 | close(pipefd[1]); | |
1396 | ||
1397 | nread = read(pipefd[0], &status, sizeof(status)); | |
1398 | close(pipefd[0]); | |
1399 | if (sizeof(status) != nread) { | |
1400 | ERROR("reading status from pipe failed"); | |
1401 | goto err_wait; | |
1402 | } | |
1403 | ||
1a0e70ac CB |
1404 | /* If the criu process was killed or exited nonzero, wait() for the |
1405 | * handler, since the restore process died. Otherwise, we don't need to | |
1406 | * wait, since the child becomes the monitor process. | |
1407 | */ | |
aef3d51e TA |
1408 | if (!WIFEXITED(status) || WEXITSTATUS(status)) |
1409 | goto err_wait; | |
1410 | return true; | |
1411 | ||
1412 | err_wait: | |
1413 | if (wait_for_pid(pid)) | |
1414 | ERROR("restore process died"); | |
1415 | return false; | |
1416 | } |