New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
criu: dlopen() optional libraries #865
Conversation
criu/include/log.h:37:10: error: unknown type name ‘bool’ 37 | static bool __printed; \ | We could use int instead, but I believe it's worth to include stdbool.h. Signed-off-by: Dmitry Safonov <dima@arista.com>
Introduce cr-libs for using .so libraries those not critical for CRIU functioning, but provide extended functionality. Signed-off-by: Dmitry Safonov <dima@arista.com>
Provides strlcpy(), strlcat() and optionally setproctitle_init(), setproctitle(). Get them from loaded in runtime libbsd.so or use home-made criu versions. Signed-off-by: Dmitry Safonov <dima@arista.com>
Moving libbsd.so from compile-time linkage to optional libraries. Remove all not needed anymore compile feature tests. Signed-off-by: Dmitry Safonov <dima@arista.com>
No functional changes - just keep lsm to lsm.c. Signed-off-by: Dmitry Safonov <dima@arista.com>
It's essentially lsm_stop_socket_labeling(). Also, remove CONFIG_HAS_SELINUX from lsm.h as a preparation to remove it entirely. Signed-off-by: Dmitry Safonov <dima@arista.com>
From a packaging point of view I am not sure this is a good idea. Libraries linked against CRIU are automatically detected by RPM. If libraries are dlopen()ed it requires manual changes. I am not against this change just mentioning that it is not optimal for packaging. |
Hi @adrianreber, |
It probably depends on the distribution and the environment. For Fedora at least all dependencies are available because they have to. That is, however, not really a problem for Fedora at least. Also RHEL and CentOS can live with the current situation as the libraries are not really huge or are anyway there. Could be that Arch Linux tries to provide the user more flexibility by not linking to non-essential libraries. I have seen situation where dlopen()ing is a good thing if a distribution can not ship certain libraries for legal reasons (media codecs like mp3 some years ago).
There are optional packets, but it is not very common to use it for libraries (maybe because it is a newer feature in RPM).
As the list of libraries is getting longer the idea is probably good, but it will be difficult for the users to understand why some features are not working. From a Fedora point of view all mentioned libraries are anyway on the system (besides libbsd) as they are used by multiple packages. So on Fedora nothing is really improved using dlopen() besides having to track manually the SO names in the RPM package. The libraries are installed anyway. But if it makes sense for other distributions I do not want to block it. |
@adrianreber Yeah, well I thought it would improve the life for people compiling on one system and using CRIU on another with a different set of libs (for example, I don't have SELinux), but if it makes life harder for packaging, I would say we shouldn't take this way. Hm, on the other side FWIW, @adrianreber do you know any way to give a hint to RPM to automatically detect a dependency? (if there is any) In conclusion, I'm not any insisting on those changes - in my POV, they make sense to let nftables C/R working with the two ABIs of libnftables, but the last I want is to create difficulties for packages maintainers. |
RPM basically does a
|
@0x7f454c46 |
Hi @mihalicyn, so I was talking with @avagin to get his point of view over dlopen() patches. |
Hi @0x7f454c46
If I understood correctly, Andrew also thinks that offtop
Currently, we have no way to determine which container use (or not use) nft. But:
|
From the point of view of a packager I do not like this change. Usually the libraries are installed once and do not change or go away. So, as a packager, this make my life harder. |
I think that detecting if nft is used in CT without nftables library available is a bad idea, because AFAICS there is no info in sysfs about used/unused nft and writing separate bare netlink detection ruins all benefits we gain from library (e.g. if kernel interface will change library will smoothly switch us to a new API without the need to write compatibility code). So I think for now we can skip nftables c/r if no nftables library available on compilation. |
To sum up: I still believe it's a great idea. But as it makes @adrianreber life harder, it lacks enough justification in doing so ;-) |
Adding here from criu gitter channel:
that user could benifit from |
And another one:
|
Introduce support for dynamically loaded libraries in CRIU for
optional functionality.
Currently we check for optional dependencies build-time which makes
them non-optional for the end user and requires installation on build.
Let's move the optional functionality to run-time.
In the end such libraries could be put in a separate section of
the Specfile. As for example `firefox' on my system:
This also helps with adding nftables support (#861) as
libnftables.so.0 is ABI-incompatible with libnftables.so.1
So, I wish we wouldn't bind to a particular version.
Though, the introduced cr-libs force you to put supported major version
of the library as per semver.org the new major version means that there
may be incompatible API-breaking changes.
And finally, I'm not very fond of this boilerplate that's result of
helper shared_libs_lookup_once() - but we can introduce some macro
such as DEFINE_SHARED_LIB_FUNCION(lib_id, name, ...) to add some sugar
and reduce the code for every library's function..
Still, I wanted to send this before introducing this macro while it's
more clear how it works "inside".
Dmitry Safonov (6):
log: Include stdbool.h
criu: Use shared libraries for optional functionality
criu: Add lib-bsd
criu: Remove CONFIG_HAS_LIBBSD
net/lsm: Move default socket labeling helpers in lsm.c
lsm: Remove reset_setsockcreatecon()
Makefile.config | 11 +--
criu/Makefile.crtools | 3 +-
criu/cgroup-props.c | 1 -
criu/cgroup.c | 1 -
criu/cr-dump.c | 2 +-
criu/cr-libs.c | 133 +++++++++++++++++++++++++++++++++++
criu/cr-service.c | 2 +-
criu/crtools.c | 20 ++++--
criu/include/cr-libs.h | 39 ++++++++++
criu/include/lib-bsd.h | 11 +++
criu/include/log.h | 3 +-
criu/include/lsm.h | 19 ++---
criu/include/setproctitle.h | 19 -----
criu/include/string.h | 20 ------
criu/{string.c => lib-bsd.c} | 63 +++++++++++++----
criu/log.c | 2 +-
criu/lsm.c | 97 +++++++++++++++++++++----
criu/net.c | 77 +++-----------------
criu/proc_parse.c | 2 +-
criu/sk-inet.c | 2 +-
criu/tun.c | 2 +-
scripts/feature-tests.mak | 50 -------------
22 files changed, 354 insertions(+), 225 deletions(-)
create mode 100644 criu/cr-libs.c
create mode 100644 criu/include/cr-libs.h
create mode 100644 criu/include/lib-bsd.h
delete mode 100644 criu/include/setproctitle.h
delete mode 100644 criu/include/string.h
rename criu/{string.c => lib-bsd.c} (52%)
This PR is autogenerated from: https://patchwork.criu.org/series/3883