criu: fix a fatal failure if nft doesn't work

On some systems, nft binary might not be installed, or some kernel options might be unconfigured, resulting in something like this: sudo unshare -n nft create table inet CRIU Error: Could not process rule: Operation not supported create table inet CRIU ^^^^^^^^^^^^^^^^^^^^^^^ This is similar to what kerndat_has_nftables_concat() does, and if the outcome is the same, it returns an error to kerndat_init(), and an error from kerndat_init() is considered fatal. Let's relax the check, returning mere "feature not working" instead of a fatal error. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
checkpoint-restore · May 10, 2024 · 37fbcc5 · 37fbcc5
1 parent c716c4d
commit 37fbcc5
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/criu/kerndat.c b/criu/kerndat.c
@@ -1602,7 +1602,9 @@ static int __has_nftables_concat(void *arg)
 		return 1;
 
 	if (NFT_RUN_CMD(nft, "create table inet CRIU")) {
-		pr_err("Can't create nftables table\n");
+		pr_warn("Can't create nftables table\n");
+		*has = false; /* kdat.has_nftables_concat = false */
+		ret = 0;
 		goto nft_ctx_free_out;
 	}