]>
Commit | Line | Data |
---|---|---|
e29fe1dd TA |
1 | /* |
2 | * lxc: linux Container library | |
3 | * | |
4 | * Copyright © 2014-2015 Canonical Ltd. | |
5 | * | |
6 | * Authors: | |
7 | * Tycho Andersen <tycho.andersen@canonical.com> | |
8 | * | |
9 | * This library is free software; you can redistribute it and/or | |
10 | * modify it under the terms of the GNU Lesser General Public | |
11 | * License as published by the Free Software Foundation; either | |
12 | * version 2.1 of the License, or (at your option) any later version. | |
13 | * | |
14 | * This library is distributed in the hope that it will be useful, | |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
17 | * Lesser General Public License for more details. | |
18 | * | |
19 | * You should have received a copy of the GNU Lesser General Public | |
20 | * License along with this library; if not, write to the Free Software | |
21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA | |
22 | */ | |
23 | #define _GNU_SOURCE | |
24 | #include <assert.h> | |
25 | #include <linux/limits.h> | |
26 | #include <sched.h> | |
27 | #include <stdio.h> | |
28 | #include <stdlib.h> | |
29 | #include <string.h> | |
30 | #include <sys/mount.h> | |
31 | #include <sys/types.h> | |
32 | #include <sys/wait.h> | |
33 | #include <unistd.h> | |
34 | ||
35 | #include "config.h" | |
36 | ||
4ec31c52 | 37 | #include "bdev/bdev.h" |
e29fe1dd TA |
38 | #include "cgroup.h" |
39 | #include "conf.h" | |
dc259399 | 40 | #include "commands.h" |
e29fe1dd TA |
41 | #include "criu.h" |
42 | #include "log.h" | |
43 | #include "lxc.h" | |
44 | #include "lxclock.h" | |
45 | #include "network.h" | |
46 | #include "utils.h" | |
47 | ||
73d46752 TA |
48 | #define CRIU_VERSION "2.0" |
49 | ||
50 | #define CRIU_GITID_VERSION "2.0" | |
51 | #define CRIU_GITID_PATCHLEVEL 0 | |
52 | ||
f1954503 AR |
53 | #define CRIU_IN_FLIGHT_SUPPORT "2.4" |
54 | ||
e29fe1dd TA |
55 | lxc_log_define(lxc_criu, lxc); |
56 | ||
73d46752 TA |
57 | struct criu_opts { |
58 | /* The type of criu invocation, one of "dump" or "restore" */ | |
59 | char *action; | |
60 | ||
b2c3710f TA |
61 | /* the user-provided migrate options relevant to this action */ |
62 | struct migrate_opts *user; | |
73d46752 TA |
63 | |
64 | /* The container to dump */ | |
65 | struct lxc_container *c; | |
66 | ||
73d46752 | 67 | /* dump: stop the container or not after dumping? */ |
4b54788e | 68 | char tty_id[32]; /* the criu tty id for /dev/console, i.e. "tty[${rdev}:${dev}]" */ |
73d46752 TA |
69 | |
70 | /* restore: the file to write the init process' pid into */ | |
71 | char *pidfile; | |
72 | const char *cgroup_path; | |
4b54788e TA |
73 | int console_fd; |
74 | /* The path that is bind mounted from /dev/console, if any. We don't | |
75 | * want to use `--ext-mount-map auto`'s result here because the pts | |
76 | * device may have a different path (e.g. if the pty number is | |
77 | * different) on the target host. NULL if lxc.console = "none". | |
78 | */ | |
79 | char *console_name; | |
f1954503 AR |
80 | |
81 | /* The detected version of criu */ | |
82 | char *criu_version; | |
73d46752 TA |
83 | }; |
84 | ||
4b54788e TA |
85 | static int load_tty_major_minor(char *directory, char *output, int len) |
86 | { | |
87 | FILE *f; | |
88 | char path[PATH_MAX]; | |
89 | int ret; | |
90 | ||
91 | ret = snprintf(path, sizeof(path), "%s/tty.info", directory); | |
92 | if (ret < 0 || ret >= sizeof(path)) { | |
93 | ERROR("snprintf'd too many chacters: %d", ret); | |
94 | return -1; | |
95 | } | |
96 | ||
97 | f = fopen(path, "r"); | |
98 | if (!f) { | |
99 | /* This means we're coming from a liblxc which didn't export | |
100 | * the tty info. In this case they had to have lxc.console = | |
101 | * none, so there's no problem restoring. | |
102 | */ | |
103 | if (errno == ENOENT) | |
104 | return 0; | |
105 | ||
106 | SYSERROR("couldn't open %s", path); | |
107 | return -1; | |
108 | } | |
109 | ||
110 | if (!fgets(output, len, f)) { | |
111 | fclose(f); | |
112 | SYSERROR("couldn't read %s", path); | |
113 | return -1; | |
114 | } | |
115 | ||
116 | fclose(f); | |
117 | return 0; | |
118 | } | |
119 | ||
9451eeff | 120 | static void exec_criu(struct criu_opts *opts) |
e29fe1dd TA |
121 | { |
122 | char **argv, log[PATH_MAX]; | |
19d1509c | 123 | int static_args = 23, argc = 0, i, ret; |
e29fe1dd TA |
124 | int netnr = 0; |
125 | struct lxc_list *it; | |
126 | ||
a17fa3c0 NE |
127 | char buf[4096], tty_info[32]; |
128 | size_t pos; | |
e9195050 TA |
129 | /* If we are currently in a cgroup /foo/bar, and the container is in a |
130 | * cgroup /lxc/foo, lxcfs will give us an ENOENT if some task in the | |
131 | * container has an open fd that points to one of the cgroup files | |
132 | * (systemd always opens its "root" cgroup). So, let's escape to the | |
133 | * /actual/ root cgroup so that lxcfs thinks criu has enough rights to | |
134 | * see all cgroups. | |
135 | */ | |
7103fe6f | 136 | if (!cgroup_escape()) { |
e9195050 TA |
137 | ERROR("failed to escape cgroups"); |
138 | return; | |
139 | } | |
140 | ||
e29fe1dd | 141 | /* The command line always looks like: |
19d1509c | 142 | * criu $(action) --tcp-established --file-locks --link-remap \ |
0a5fc6df | 143 | * --manage-cgroups=full action-script foo.sh -D $(directory) \ |
e29fe1dd TA |
144 | * -o $(directory)/$(action).log --ext-mount-map auto |
145 | * --enable-external-sharing --enable-external-masters | |
4b54788e | 146 | * --enable-fs hugetlbfs --enable-fs tracefs --ext-mount-map console:/dev/pts/n |
e29fe1dd TA |
147 | * +1 for final NULL */ |
148 | ||
aef3d51e | 149 | if (strcmp(opts->action, "dump") == 0 || strcmp(opts->action, "pre-dump") == 0) { |
dc259399 TA |
150 | /* -t pid --freeze-cgroup /lxc/ct */ |
151 | static_args += 4; | |
e29fe1dd | 152 | |
aef3d51e | 153 | /* --prev-images-dir <path-to-directory-A-relative-to-B> */ |
b2c3710f | 154 | if (opts->user->predump_dir) |
aef3d51e TA |
155 | static_args += 2; |
156 | ||
74eb576c | 157 | /* --page-server --address <address> --port <port> */ |
b2c3710f | 158 | if (opts->user->pageserver_address && opts->user->pageserver_port) |
74eb576c NE |
159 | static_args += 5; |
160 | ||
aef3d51e | 161 | /* --leave-running (only for final dump) */ |
b2c3710f | 162 | if (strcmp(opts->action, "dump") == 0 && !opts->user->stop) |
e29fe1dd | 163 | static_args++; |
4b54788e TA |
164 | |
165 | /* --external tty[88,4] */ | |
166 | if (opts->tty_id[0]) | |
167 | static_args += 2; | |
19d1509c TA |
168 | |
169 | /* --force-irmap */ | |
170 | if (!opts->user->preserves_inodes) | |
171 | static_args++; | |
e29fe1dd TA |
172 | } else if (strcmp(opts->action, "restore") == 0) { |
173 | /* --root $(lxc_mount_point) --restore-detached | |
13389b29 TA |
174 | * --restore-sibling --pidfile $foo --cgroup-root $foo |
175 | * --lsm-profile apparmor:whatever | |
176 | */ | |
177 | static_args += 10; | |
4b54788e TA |
178 | |
179 | tty_info[0] = 0; | |
b2c3710f | 180 | if (load_tty_major_minor(opts->user->directory, tty_info, sizeof(tty_info))) |
4b54788e TA |
181 | return; |
182 | ||
183 | /* --inherit-fd fd[%d]:tty[%s] */ | |
184 | if (tty_info[0]) | |
185 | static_args += 2; | |
e29fe1dd TA |
186 | } else { |
187 | return; | |
188 | } | |
189 | ||
b2c3710f | 190 | if (opts->user->verbose) |
e29fe1dd TA |
191 | static_args++; |
192 | ||
b9ee6643 TA |
193 | if (opts->user->action_script) |
194 | static_args += 2; | |
195 | ||
b2c3710f | 196 | ret = snprintf(log, PATH_MAX, "%s/%s.log", opts->user->directory, opts->action); |
e29fe1dd TA |
197 | if (ret < 0 || ret >= PATH_MAX) { |
198 | ERROR("logfile name too long\n"); | |
199 | return; | |
200 | } | |
201 | ||
202 | argv = malloc(static_args * sizeof(*argv)); | |
203 | if (!argv) | |
204 | return; | |
205 | ||
206 | memset(argv, 0, static_args * sizeof(*argv)); | |
207 | ||
208 | #define DECLARE_ARG(arg) \ | |
209 | do { \ | |
210 | if (arg == NULL) { \ | |
211 | ERROR("Got NULL argument for criu"); \ | |
212 | goto err; \ | |
213 | } \ | |
214 | argv[argc++] = strdup(arg); \ | |
215 | if (!argv[argc-1]) \ | |
216 | goto err; \ | |
217 | } while (0) | |
218 | ||
219 | argv[argc++] = on_path("criu", NULL); | |
220 | if (!argv[argc-1]) { | |
221 | ERROR("Couldn't find criu binary\n"); | |
222 | goto err; | |
223 | } | |
224 | ||
225 | DECLARE_ARG(opts->action); | |
226 | DECLARE_ARG("--tcp-established"); | |
227 | DECLARE_ARG("--file-locks"); | |
228 | DECLARE_ARG("--link-remap"); | |
0a5fc6df | 229 | DECLARE_ARG("--manage-cgroups=full"); |
e29fe1dd TA |
230 | DECLARE_ARG("--ext-mount-map"); |
231 | DECLARE_ARG("auto"); | |
232 | DECLARE_ARG("--enable-external-sharing"); | |
233 | DECLARE_ARG("--enable-external-masters"); | |
dd62857a TA |
234 | DECLARE_ARG("--enable-fs"); |
235 | DECLARE_ARG("hugetlbfs"); | |
5b454329 TA |
236 | DECLARE_ARG("--enable-fs"); |
237 | DECLARE_ARG("tracefs"); | |
e29fe1dd | 238 | DECLARE_ARG("-D"); |
b2c3710f | 239 | DECLARE_ARG(opts->user->directory); |
e29fe1dd TA |
240 | DECLARE_ARG("-o"); |
241 | DECLARE_ARG(log); | |
242 | ||
b2c3710f | 243 | if (opts->user->verbose) |
e29fe1dd TA |
244 | DECLARE_ARG("-vvvvvv"); |
245 | ||
b9ee6643 TA |
246 | if (opts->user->action_script) { |
247 | DECLARE_ARG("--action-script"); | |
248 | DECLARE_ARG(opts->user->action_script); | |
249 | } | |
250 | ||
aef3d51e | 251 | if (strcmp(opts->action, "dump") == 0 || strcmp(opts->action, "pre-dump") == 0) { |
dc259399 | 252 | char pid[32], *freezer_relative; |
e29fe1dd TA |
253 | |
254 | if (sprintf(pid, "%d", opts->c->init_pid(opts->c)) < 0) | |
255 | goto err; | |
256 | ||
257 | DECLARE_ARG("-t"); | |
258 | DECLARE_ARG(pid); | |
dc259399 TA |
259 | |
260 | freezer_relative = lxc_cmd_get_cgroup_path(opts->c->name, | |
261 | opts->c->config_path, | |
262 | "freezer"); | |
263 | if (!freezer_relative) { | |
264 | ERROR("failed getting freezer path"); | |
265 | goto err; | |
266 | } | |
267 | ||
268 | ret = snprintf(log, sizeof(log), "/sys/fs/cgroup/freezer/%s", freezer_relative); | |
269 | if (ret < 0 || ret >= sizeof(log)) | |
270 | goto err; | |
271 | ||
f1954503 AR |
272 | if (!opts->user->disable_skip_in_flight && |
273 | strcmp(opts->criu_version, CRIU_IN_FLIGHT_SUPPORT) >= 0) | |
274 | DECLARE_ARG("--skip-in-flight"); | |
275 | ||
dc259399 TA |
276 | DECLARE_ARG("--freeze-cgroup"); |
277 | DECLARE_ARG(log); | |
278 | ||
4b54788e | 279 | if (opts->tty_id[0]) { |
36d2096c TA |
280 | DECLARE_ARG("--ext-mount-map"); |
281 | DECLARE_ARG("/dev/console:console"); | |
282 | ||
4b54788e TA |
283 | DECLARE_ARG("--external"); |
284 | DECLARE_ARG(opts->tty_id); | |
285 | } | |
286 | ||
b2c3710f | 287 | if (opts->user->predump_dir) { |
aef3d51e | 288 | DECLARE_ARG("--prev-images-dir"); |
b2c3710f | 289 | DECLARE_ARG(opts->user->predump_dir); |
74eb576c | 290 | } |
4c0c0319 | 291 | |
b2c3710f | 292 | if (opts->user->pageserver_address && opts->user->pageserver_port) { |
74eb576c NE |
293 | DECLARE_ARG("--page-server"); |
294 | DECLARE_ARG("--address"); | |
b2c3710f | 295 | DECLARE_ARG(opts->user->pageserver_address); |
74eb576c | 296 | DECLARE_ARG("--port"); |
b2c3710f | 297 | DECLARE_ARG(opts->user->pageserver_port); |
74eb576c | 298 | } |
aef3d51e | 299 | |
19d1509c TA |
300 | if (!opts->user->preserves_inodes) |
301 | DECLARE_ARG("--force-irmap"); | |
302 | ||
aef3d51e | 303 | /* only for final dump */ |
b2c3710f | 304 | if (strcmp(opts->action, "dump") == 0 && !opts->user->stop) |
e29fe1dd TA |
305 | DECLARE_ARG("--leave-running"); |
306 | } else if (strcmp(opts->action, "restore") == 0) { | |
307 | void *m; | |
308 | int additional; | |
13389b29 | 309 | struct lxc_conf *lxc_conf = opts->c->lxc_conf; |
e29fe1dd TA |
310 | |
311 | DECLARE_ARG("--root"); | |
312 | DECLARE_ARG(opts->c->lxc_conf->rootfs.mount); | |
313 | DECLARE_ARG("--restore-detached"); | |
314 | DECLARE_ARG("--restore-sibling"); | |
315 | DECLARE_ARG("--pidfile"); | |
316 | DECLARE_ARG(opts->pidfile); | |
317 | DECLARE_ARG("--cgroup-root"); | |
318 | DECLARE_ARG(opts->cgroup_path); | |
319 | ||
4b54788e | 320 | if (tty_info[0]) { |
97e4f1a9 TA |
321 | if (opts->console_fd < 0) { |
322 | ERROR("lxc.console configured on source host but not target"); | |
323 | goto err; | |
324 | } | |
325 | ||
4b54788e TA |
326 | ret = snprintf(buf, sizeof(buf), "fd[%d]:%s", opts->console_fd, tty_info); |
327 | if (ret < 0 || ret >= sizeof(buf)) | |
328 | goto err; | |
329 | ||
330 | DECLARE_ARG("--inherit-fd"); | |
331 | DECLARE_ARG(buf); | |
332 | } | |
333 | if (opts->console_name) { | |
334 | if (snprintf(buf, sizeof(buf), "console:%s", opts->console_name) < 0) { | |
335 | SYSERROR("sprintf'd too many bytes"); | |
336 | } | |
337 | DECLARE_ARG("--ext-mount-map"); | |
338 | DECLARE_ARG(buf); | |
339 | } | |
340 | ||
13389b29 TA |
341 | if (lxc_conf->lsm_aa_profile || lxc_conf->lsm_se_context) { |
342 | ||
343 | if (lxc_conf->lsm_aa_profile) | |
344 | ret = snprintf(buf, sizeof(buf), "apparmor:%s", lxc_conf->lsm_aa_profile); | |
345 | else | |
346 | ret = snprintf(buf, sizeof(buf), "selinux:%s", lxc_conf->lsm_se_context); | |
347 | ||
348 | if (ret < 0 || ret >= sizeof(buf)) | |
349 | goto err; | |
350 | ||
351 | DECLARE_ARG("--lsm-profile"); | |
352 | DECLARE_ARG(buf); | |
353 | } | |
354 | ||
e29fe1dd TA |
355 | additional = lxc_list_len(&opts->c->lxc_conf->network) * 2; |
356 | ||
fa071249 TA |
357 | m = realloc(argv, (argc + additional + 1) * sizeof(*argv)); |
358 | if (!m) | |
359 | goto err; | |
e29fe1dd TA |
360 | argv = m; |
361 | ||
362 | lxc_list_for_each(it, &opts->c->lxc_conf->network) { | |
363 | char eth[128], *veth; | |
364 | struct lxc_netdev *n = it->elem; | |
365 | ||
65b20221 TA |
366 | if (n->type != LXC_NET_VETH) |
367 | continue; | |
368 | ||
e29fe1dd TA |
369 | if (n->name) { |
370 | if (strlen(n->name) >= sizeof(eth)) | |
371 | goto err; | |
372 | strncpy(eth, n->name, sizeof(eth)); | |
373 | } else | |
374 | sprintf(eth, "eth%d", netnr); | |
375 | ||
376 | veth = n->priv.veth_attr.pair; | |
377 | ||
c1fd648d TA |
378 | if (n->link) |
379 | ret = snprintf(buf, sizeof(buf), "%s=%s@%s", eth, veth, n->link); | |
380 | else | |
381 | ret = snprintf(buf, sizeof(buf), "%s=%s", eth, veth); | |
e29fe1dd TA |
382 | if (ret < 0 || ret >= sizeof(buf)) |
383 | goto err; | |
384 | ||
385 | DECLARE_ARG("--veth-pair"); | |
386 | DECLARE_ARG(buf); | |
387 | } | |
388 | ||
389 | } | |
390 | ||
391 | argv[argc] = NULL; | |
392 | ||
cf4b07a5 | 393 | buf[0] = 0; |
a17fa3c0 | 394 | pos = 0; |
72a30576 | 395 | |
cf4b07a5 | 396 | for (i = 0; argv[i]; i++) { |
72a30576 NE |
397 | ret = snprintf(buf + pos, sizeof(buf) - pos, "%s ", argv[i]); |
398 | if (ret < 0 || ret >= sizeof(buf) - pos) | |
399 | goto err; | |
400 | else | |
401 | pos += ret; | |
cf4b07a5 TA |
402 | } |
403 | ||
404 | INFO("execing: %s", buf); | |
405 | ||
e29fe1dd TA |
406 | #undef DECLARE_ARG |
407 | execv(argv[0], argv); | |
408 | err: | |
e29fe1dd TA |
409 | for (i = 0; argv[i]; i++) |
410 | free(argv[i]); | |
411 | free(argv); | |
412 | } | |
413 | ||
8ba5ced7 TA |
414 | /* |
415 | * Check to see if the criu version is recent enough for all the features we | |
416 | * use. This version allows either CRIU_VERSION or (CRIU_GITID_VERSION and | |
417 | * CRIU_GITID_PATCHLEVEL) to work, enabling users building from git to c/r | |
418 | * things potentially before a version is released with a particular feature. | |
419 | * | |
420 | * The intent is that when criu development slows down, we can drop this, but | |
421 | * for now we shouldn't attempt to c/r with versions that we know won't work. | |
5407e2ab CB |
422 | * |
423 | * Note: If version != NULL criu_version() stores the detected criu version in | |
424 | * version. Allocates memory for version which must be freed by caller. | |
8ba5ced7 | 425 | */ |
5407e2ab | 426 | static bool criu_version_ok(char **version) |
8ba5ced7 TA |
427 | { |
428 | int pipes[2]; | |
429 | pid_t pid; | |
430 | ||
431 | if (pipe(pipes) < 0) { | |
432 | SYSERROR("pipe() failed"); | |
433 | return false; | |
434 | } | |
435 | ||
436 | pid = fork(); | |
437 | if (pid < 0) { | |
438 | SYSERROR("fork() failed"); | |
439 | return false; | |
440 | } | |
441 | ||
442 | if (pid == 0) { | |
443 | char *args[] = { "criu", "--version", NULL }; | |
755fa453 | 444 | char *path; |
8ba5ced7 TA |
445 | close(pipes[0]); |
446 | ||
447 | close(STDERR_FILENO); | |
448 | if (dup2(pipes[1], STDOUT_FILENO) < 0) | |
449 | exit(1); | |
450 | ||
755fa453 | 451 | path = on_path("criu", NULL); |
d9b32b09 SH |
452 | if (!path) |
453 | exit(1); | |
454 | ||
755fa453 | 455 | execv(path, args); |
8ba5ced7 TA |
456 | exit(1); |
457 | } else { | |
458 | FILE *f; | |
5407e2ab | 459 | char *tmp; |
8ba5ced7 TA |
460 | int patch; |
461 | ||
462 | close(pipes[1]); | |
463 | if (wait_for_pid(pid) < 0) { | |
464 | close(pipes[0]); | |
4eae4051 | 465 | SYSERROR("execing criu failed, is it installed?"); |
8ba5ced7 TA |
466 | return false; |
467 | } | |
468 | ||
469 | f = fdopen(pipes[0], "r"); | |
470 | if (!f) { | |
471 | close(pipes[0]); | |
472 | return false; | |
473 | } | |
474 | ||
5407e2ab CB |
475 | tmp = malloc(1024); |
476 | if (!tmp) { | |
477 | fclose(f); | |
478 | return false; | |
479 | } | |
480 | ||
481 | if (fscanf(f, "Version: %1023[^\n]s", tmp) != 1) | |
8ba5ced7 TA |
482 | goto version_error; |
483 | ||
484 | if (fgetc(f) != '\n') | |
485 | goto version_error; | |
486 | ||
5407e2ab | 487 | if (strcmp(tmp, CRIU_VERSION) >= 0) |
8ba5ced7 TA |
488 | goto version_match; |
489 | ||
5407e2ab | 490 | if (fscanf(f, "GitID: v%1023[^-]s", tmp) != 1) |
8ba5ced7 TA |
491 | goto version_error; |
492 | ||
493 | if (fgetc(f) != '-') | |
494 | goto version_error; | |
495 | ||
496 | if (fscanf(f, "%d", &patch) != 1) | |
497 | goto version_error; | |
498 | ||
5407e2ab | 499 | if (strcmp(tmp, CRIU_GITID_VERSION) < 0) |
8ba5ced7 TA |
500 | goto version_error; |
501 | ||
502 | if (patch < CRIU_GITID_PATCHLEVEL) | |
503 | goto version_error; | |
504 | ||
505 | version_match: | |
3158ab5b | 506 | fclose(f); |
5407e2ab CB |
507 | if (!version) |
508 | free(tmp); | |
509 | else | |
510 | *version = tmp; | |
8ba5ced7 TA |
511 | return true; |
512 | ||
513 | version_error: | |
3158ab5b | 514 | fclose(f); |
5407e2ab | 515 | free(tmp); |
8ba5ced7 TA |
516 | ERROR("must have criu " CRIU_VERSION " or greater to checkpoint/restore\n"); |
517 | return false; | |
518 | } | |
519 | } | |
520 | ||
e29fe1dd TA |
521 | /* Check and make sure the container has a configuration that we know CRIU can |
522 | * dump. */ | |
f1954503 | 523 | static bool criu_ok(struct lxc_container *c, char **criu_version) |
e29fe1dd TA |
524 | { |
525 | struct lxc_list *it; | |
e29fe1dd | 526 | |
f1954503 | 527 | if (!criu_version_ok(criu_version)) |
8ba5ced7 TA |
528 | return false; |
529 | ||
e29fe1dd TA |
530 | if (geteuid()) { |
531 | ERROR("Must be root to checkpoint\n"); | |
532 | return false; | |
533 | } | |
534 | ||
535 | /* We only know how to restore containers with veth networks. */ | |
536 | lxc_list_for_each(it, &c->lxc_conf->network) { | |
537 | struct lxc_netdev *n = it->elem; | |
65b20221 TA |
538 | switch(n->type) { |
539 | case LXC_NET_VETH: | |
540 | case LXC_NET_NONE: | |
541 | case LXC_NET_EMPTY: | |
542 | break; | |
543 | default: | |
e29fe1dd TA |
544 | ERROR("Found network that is not VETH or NONE\n"); |
545 | return false; | |
546 | } | |
547 | } | |
548 | ||
e29fe1dd TA |
549 | return true; |
550 | } | |
551 | ||
e29fe1dd TA |
552 | static bool restore_net_info(struct lxc_container *c) |
553 | { | |
554 | struct lxc_list *it; | |
555 | bool has_error = true; | |
556 | ||
557 | if (container_mem_lock(c)) | |
558 | return false; | |
559 | ||
560 | lxc_list_for_each(it, &c->lxc_conf->network) { | |
561 | struct lxc_netdev *netdev = it->elem; | |
562 | char template[IFNAMSIZ]; | |
65b20221 TA |
563 | |
564 | if (netdev->type != LXC_NET_VETH) | |
565 | continue; | |
566 | ||
e29fe1dd TA |
567 | snprintf(template, sizeof(template), "vethXXXXXX"); |
568 | ||
569 | if (!netdev->priv.veth_attr.pair) | |
570 | netdev->priv.veth_attr.pair = lxc_mkifname(template); | |
571 | ||
572 | if (!netdev->priv.veth_attr.pair) | |
573 | goto out_unlock; | |
574 | } | |
575 | ||
576 | has_error = false; | |
577 | ||
578 | out_unlock: | |
579 | container_mem_unlock(c); | |
580 | return !has_error; | |
581 | } | |
582 | ||
aef3d51e TA |
583 | // do_restore never returns, the calling process is used as the |
584 | // monitor process. do_restore calls exit() if it fails. | |
f1954503 | 585 | void do_restore(struct lxc_container *c, int status_pipe, struct migrate_opts *opts, char *criu_version) |
e29fe1dd TA |
586 | { |
587 | pid_t pid; | |
588 | char pidfile[L_tmpnam]; | |
589 | struct lxc_handler *handler; | |
3d9a5c85 | 590 | int status, pipes[2] = {-1, -1}; |
e29fe1dd TA |
591 | |
592 | if (!tmpnam(pidfile)) | |
593 | goto out; | |
594 | ||
595 | handler = lxc_init(c->name, c->lxc_conf, c->config_path); | |
596 | if (!handler) | |
597 | goto out; | |
598 | ||
599 | if (!cgroup_init(handler)) { | |
600 | ERROR("failed initing cgroups"); | |
601 | goto out_fini_handler; | |
602 | } | |
603 | ||
604 | if (!cgroup_create(handler)) { | |
605 | ERROR("failed creating groups"); | |
606 | goto out_fini_handler; | |
607 | } | |
608 | ||
609 | if (!restore_net_info(c)) { | |
610 | ERROR("failed restoring network info"); | |
611 | goto out_fini_handler; | |
612 | } | |
613 | ||
614 | resolve_clone_flags(handler); | |
615 | ||
3d9a5c85 TA |
616 | if (pipe(pipes) < 0) { |
617 | SYSERROR("pipe() failed"); | |
618 | goto out_fini_handler; | |
619 | } | |
620 | ||
e29fe1dd TA |
621 | pid = fork(); |
622 | if (pid < 0) | |
623 | goto out_fini_handler; | |
624 | ||
625 | if (pid == 0) { | |
626 | struct criu_opts os; | |
627 | struct lxc_rootfs *rootfs; | |
4b54788e | 628 | int flags; |
e29fe1dd | 629 | |
3d9a5c85 TA |
630 | close(status_pipe); |
631 | status_pipe = -1; | |
632 | ||
633 | close(pipes[0]); | |
634 | pipes[0] = -1; | |
635 | if (dup2(pipes[1], STDERR_FILENO) < 0) { | |
636 | SYSERROR("dup2 failed"); | |
637 | goto out_fini_handler; | |
638 | } | |
639 | ||
640 | if (dup2(pipes[1], STDOUT_FILENO) < 0) { | |
641 | SYSERROR("dup2 failed"); | |
642 | goto out_fini_handler; | |
643 | } | |
e29fe1dd TA |
644 | |
645 | if (unshare(CLONE_NEWNS)) | |
646 | goto out_fini_handler; | |
647 | ||
648 | /* CRIU needs the lxc root bind mounted so that it is the root of some | |
649 | * mount. */ | |
650 | rootfs = &c->lxc_conf->rootfs; | |
651 | ||
652 | if (rootfs_is_blockdev(c->lxc_conf)) { | |
653 | if (do_rootfs_setup(c->lxc_conf, c->name, c->config_path) < 0) | |
654 | goto out_fini_handler; | |
655 | } else { | |
656 | if (mkdir(rootfs->mount, 0755) < 0 && errno != EEXIST) | |
657 | goto out_fini_handler; | |
658 | ||
659 | if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0) { | |
660 | SYSERROR("remount / to private failed"); | |
661 | goto out_fini_handler; | |
662 | } | |
663 | ||
664 | if (mount(rootfs->path, rootfs->mount, NULL, MS_BIND, NULL) < 0) { | |
665 | rmdir(rootfs->mount); | |
666 | goto out_fini_handler; | |
667 | } | |
668 | } | |
669 | ||
670 | os.action = "restore"; | |
b2c3710f | 671 | os.user = opts; |
e29fe1dd TA |
672 | os.c = c; |
673 | os.pidfile = pidfile; | |
e29fe1dd | 674 | os.cgroup_path = cgroup_canonical_path(handler); |
4b54788e | 675 | os.console_fd = c->lxc_conf->console.slave; |
f1954503 | 676 | os.criu_version = criu_version; |
4b54788e | 677 | |
97e4f1a9 TA |
678 | if (os.console_fd >= 0) { |
679 | /* Twiddle the FD_CLOEXEC bit. We want to pass this FD to criu | |
680 | * via --inherit-fd, so we don't want it to close. | |
681 | */ | |
682 | flags = fcntl(os.console_fd, F_GETFD); | |
683 | if (flags < 0) { | |
684 | SYSERROR("F_GETFD failed: %d", os.console_fd); | |
685 | goto out_fini_handler; | |
686 | } | |
4b54788e | 687 | |
97e4f1a9 | 688 | flags &= ~FD_CLOEXEC; |
4b54788e | 689 | |
97e4f1a9 TA |
690 | if (fcntl(os.console_fd, F_SETFD, flags) < 0) { |
691 | SYSERROR("F_SETFD failed"); | |
692 | goto out_fini_handler; | |
693 | } | |
4b54788e TA |
694 | } |
695 | os.console_name = c->lxc_conf->console.name; | |
e29fe1dd TA |
696 | |
697 | /* exec_criu() returning is an error */ | |
7103fe6f | 698 | exec_criu(&os); |
e29fe1dd TA |
699 | umount(rootfs->mount); |
700 | rmdir(rootfs->mount); | |
701 | goto out_fini_handler; | |
702 | } else { | |
703 | int ret; | |
704 | char title[2048]; | |
705 | ||
3d9a5c85 TA |
706 | close(pipes[1]); |
707 | pipes[1] = -1; | |
708 | ||
e29fe1dd TA |
709 | pid_t w = waitpid(pid, &status, 0); |
710 | if (w == -1) { | |
711 | SYSERROR("waitpid"); | |
712 | goto out_fini_handler; | |
713 | } | |
714 | ||
3d9a5c85 TA |
715 | ret = write(status_pipe, &status, sizeof(status)); |
716 | close(status_pipe); | |
717 | status_pipe = -1; | |
e29fe1dd TA |
718 | |
719 | if (sizeof(status) != ret) { | |
720 | SYSERROR("failed to write all of status"); | |
721 | goto out_fini_handler; | |
722 | } | |
723 | ||
724 | if (WIFEXITED(status)) { | |
725 | if (WEXITSTATUS(status)) { | |
3d9a5c85 TA |
726 | char buf[4096]; |
727 | int n; | |
728 | ||
729 | n = read(pipes[0], buf, sizeof(buf)); | |
730 | if (n < 0) { | |
731 | SYSERROR("failed reading from criu stderr"); | |
732 | goto out_fini_handler; | |
733 | } | |
734 | ||
735 | buf[n] = 0; | |
736 | ||
737 | ERROR("criu process exited %d, output:\n%s\n", WEXITSTATUS(status), buf); | |
e29fe1dd TA |
738 | goto out_fini_handler; |
739 | } else { | |
740 | int ret; | |
741 | FILE *f = fopen(pidfile, "r"); | |
742 | if (!f) { | |
743 | SYSERROR("couldn't read restore's init pidfile %s\n", pidfile); | |
744 | goto out_fini_handler; | |
745 | } | |
746 | ||
747 | ret = fscanf(f, "%d", (int*) &handler->pid); | |
748 | fclose(f); | |
59c2d406 TA |
749 | if (unlink(pidfile) < 0 && errno != ENOENT) |
750 | SYSERROR("unlinking pidfile failed"); | |
751 | ||
e29fe1dd TA |
752 | if (ret != 1) { |
753 | ERROR("reading restore pid failed"); | |
754 | goto out_fini_handler; | |
755 | } | |
756 | ||
f8a41688 TA |
757 | if (lxc_set_state(c->name, handler, RUNNING)) { |
758 | ERROR("error setting running state after restore"); | |
e29fe1dd | 759 | goto out_fini_handler; |
f8a41688 | 760 | } |
e29fe1dd TA |
761 | } |
762 | } else { | |
763 | ERROR("CRIU was killed with signal %d\n", WTERMSIG(status)); | |
764 | goto out_fini_handler; | |
765 | } | |
766 | ||
3d9a5c85 TA |
767 | close(pipes[0]); |
768 | ||
e29fe1dd TA |
769 | /* |
770 | * See comment in lxcapi_start; we don't care if these | |
771 | * fail because it's just a beauty thing. We just | |
772 | * assign the return here to silence potential. | |
773 | */ | |
774 | ret = snprintf(title, sizeof(title), "[lxc monitor] %s %s", c->config_path, c->name); | |
775 | ret = setproctitle(title); | |
776 | ||
777 | ret = lxc_poll(c->name, handler); | |
778 | if (ret) | |
779 | lxc_abort(c->name, handler); | |
780 | lxc_fini(c->name, handler); | |
781 | exit(ret); | |
782 | } | |
783 | ||
784 | out_fini_handler: | |
3d9a5c85 TA |
785 | if (pipes[0] >= 0) |
786 | close(pipes[0]); | |
787 | if (pipes[1] >= 0) | |
788 | close(pipes[1]); | |
789 | ||
e29fe1dd | 790 | lxc_fini(c->name, handler); |
59c2d406 TA |
791 | if (unlink(pidfile) < 0 && errno != ENOENT) |
792 | SYSERROR("unlinking pidfile failed"); | |
e29fe1dd TA |
793 | |
794 | out: | |
3d9a5c85 | 795 | if (status_pipe >= 0) { |
e29fe1dd | 796 | status = 1; |
3d9a5c85 | 797 | if (write(status_pipe, &status, sizeof(status)) != sizeof(status)) { |
e29fe1dd TA |
798 | SYSERROR("writing status failed"); |
799 | } | |
3d9a5c85 | 800 | close(status_pipe); |
e29fe1dd TA |
801 | } |
802 | ||
803 | exit(1); | |
804 | } | |
aef3d51e | 805 | |
4b54788e TA |
806 | static int save_tty_major_minor(char *directory, struct lxc_container *c, char *tty_id, int len) |
807 | { | |
808 | FILE *f; | |
809 | char path[PATH_MAX]; | |
810 | int ret; | |
811 | struct stat sb; | |
812 | ||
813 | if (c->lxc_conf->console.path && !strcmp(c->lxc_conf->console.path, "none")) { | |
814 | tty_id[0] = 0; | |
815 | return 0; | |
816 | } | |
817 | ||
818 | ret = snprintf(path, sizeof(path), "/proc/%d/root/dev/console", c->init_pid(c)); | |
819 | if (ret < 0 || ret >= sizeof(path)) { | |
820 | ERROR("snprintf'd too many chacters: %d", ret); | |
821 | return -1; | |
822 | } | |
823 | ||
824 | ret = stat(path, &sb); | |
825 | if (ret < 0) { | |
826 | SYSERROR("stat of %s failed", path); | |
827 | return -1; | |
828 | } | |
829 | ||
830 | ret = snprintf(path, sizeof(path), "%s/tty.info", directory); | |
831 | if (ret < 0 || ret >= sizeof(path)) { | |
832 | ERROR("snprintf'd too many characters: %d", ret); | |
833 | return -1; | |
834 | } | |
835 | ||
f03280a7 TA |
836 | ret = snprintf(tty_id, len, "tty[%llx:%llx]", |
837 | (long long unsigned) sb.st_rdev, | |
838 | (long long unsigned) sb.st_dev); | |
4b54788e TA |
839 | if (ret < 0 || ret >= sizeof(path)) { |
840 | ERROR("snprintf'd too many characters: %d", ret); | |
841 | return -1; | |
842 | } | |
843 | ||
844 | f = fopen(path, "w"); | |
845 | if (!f) { | |
846 | SYSERROR("failed to open %s", path); | |
847 | return -1; | |
848 | } | |
849 | ||
850 | ret = fprintf(f, "%s", tty_id); | |
851 | fclose(f); | |
852 | if (ret < 0) | |
853 | SYSERROR("failed to write to %s", path); | |
854 | return ret; | |
855 | } | |
856 | ||
aef3d51e | 857 | /* do one of either predump or a regular dump */ |
b2c3710f | 858 | static bool do_dump(struct lxc_container *c, char *mode, struct migrate_opts *opts) |
aef3d51e TA |
859 | { |
860 | pid_t pid; | |
f1954503 | 861 | char *criu_version = NULL; |
aef3d51e | 862 | |
f1954503 | 863 | if (!criu_ok(c, &criu_version)) |
aef3d51e TA |
864 | return false; |
865 | ||
b2c3710f | 866 | if (mkdir_p(opts->directory, 0700) < 0) |
aef3d51e TA |
867 | return false; |
868 | ||
869 | pid = fork(); | |
870 | if (pid < 0) { | |
871 | SYSERROR("fork failed"); | |
872 | return false; | |
873 | } | |
874 | ||
875 | if (pid == 0) { | |
876 | struct criu_opts os; | |
877 | ||
878 | os.action = mode; | |
b2c3710f | 879 | os.user = opts; |
aef3d51e | 880 | os.c = c; |
4b54788e | 881 | os.console_name = c->lxc_conf->console.path; |
f1954503 | 882 | os.criu_version = criu_version; |
74eb576c | 883 | |
b2c3710f | 884 | if (save_tty_major_minor(opts->directory, c, os.tty_id, sizeof(os.tty_id)) < 0) |
4b54788e | 885 | exit(1); |
aef3d51e TA |
886 | |
887 | /* exec_criu() returning is an error */ | |
7103fe6f | 888 | exec_criu(&os); |
aef3d51e TA |
889 | exit(1); |
890 | } else { | |
891 | int status; | |
892 | pid_t w = waitpid(pid, &status, 0); | |
893 | if (w == -1) { | |
894 | SYSERROR("waitpid"); | |
895 | return false; | |
896 | } | |
897 | ||
898 | if (WIFEXITED(status)) { | |
899 | if (WEXITSTATUS(status)) { | |
900 | ERROR("dump failed with %d\n", WEXITSTATUS(status)); | |
901 | return false; | |
902 | } | |
903 | ||
904 | return true; | |
905 | } else if (WIFSIGNALED(status)) { | |
906 | ERROR("dump signaled with %d\n", WTERMSIG(status)); | |
907 | return false; | |
908 | } else { | |
909 | ERROR("unknown dump exit %d\n", status); | |
910 | return false; | |
911 | } | |
912 | } | |
913 | } | |
914 | ||
b2c3710f | 915 | bool __criu_pre_dump(struct lxc_container *c, struct migrate_opts *opts) |
aef3d51e | 916 | { |
b2c3710f | 917 | return do_dump(c, "pre-dump", opts); |
aef3d51e TA |
918 | } |
919 | ||
b2c3710f | 920 | bool __criu_dump(struct lxc_container *c, struct migrate_opts *opts) |
aef3d51e TA |
921 | { |
922 | char path[PATH_MAX]; | |
923 | int ret; | |
924 | ||
b2c3710f | 925 | ret = snprintf(path, sizeof(path), "%s/inventory.img", opts->directory); |
aef3d51e TA |
926 | if (ret < 0 || ret >= sizeof(path)) |
927 | return false; | |
928 | ||
929 | if (access(path, F_OK) == 0) { | |
930 | ERROR("please use a fresh directory for the dump directory\n"); | |
931 | return false; | |
932 | } | |
933 | ||
b2c3710f | 934 | return do_dump(c, "dump", opts); |
aef3d51e TA |
935 | } |
936 | ||
b2c3710f | 937 | bool __criu_restore(struct lxc_container *c, struct migrate_opts *opts) |
aef3d51e TA |
938 | { |
939 | pid_t pid; | |
940 | int status, nread; | |
941 | int pipefd[2]; | |
f1954503 | 942 | char *criu_version = NULL; |
aef3d51e | 943 | |
f1954503 | 944 | if (!criu_ok(c, &criu_version)) |
aef3d51e TA |
945 | return false; |
946 | ||
947 | if (geteuid()) { | |
948 | ERROR("Must be root to restore\n"); | |
949 | return false; | |
950 | } | |
951 | ||
952 | if (pipe(pipefd)) { | |
953 | ERROR("failed to create pipe"); | |
954 | return false; | |
955 | } | |
956 | ||
957 | pid = fork(); | |
958 | if (pid < 0) { | |
959 | close(pipefd[0]); | |
960 | close(pipefd[1]); | |
961 | return false; | |
962 | } | |
963 | ||
964 | if (pid == 0) { | |
965 | close(pipefd[0]); | |
966 | // this never returns | |
f1954503 | 967 | do_restore(c, pipefd[1], opts, criu_version); |
aef3d51e TA |
968 | } |
969 | ||
970 | close(pipefd[1]); | |
971 | ||
972 | nread = read(pipefd[0], &status, sizeof(status)); | |
973 | close(pipefd[0]); | |
974 | if (sizeof(status) != nread) { | |
975 | ERROR("reading status from pipe failed"); | |
976 | goto err_wait; | |
977 | } | |
978 | ||
979 | // If the criu process was killed or exited nonzero, wait() for the | |
980 | // handler, since the restore process died. Otherwise, we don't need to | |
981 | // wait, since the child becomes the monitor process. | |
982 | if (!WIFEXITED(status) || WEXITSTATUS(status)) | |
983 | goto err_wait; | |
984 | return true; | |
985 | ||
986 | err_wait: | |
987 | if (wait_for_pid(pid)) | |
988 | ERROR("restore process died"); | |
989 | return false; | |
990 | } |