Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

setns instead of unshare in lxc-attach #1102

Merged
merged 1 commit into from Jul 28, 2016
Merged

setns instead of unshare in lxc-attach #1102

merged 1 commit into from Jul 28, 2016

Conversation

chenhaiq
Copy link

The process created by lxc-attach has incorrect cgroup ns. It fails lxc-checkpoint as reported in criu issue.
A real example for this issue, which is used to update ip address:

  1. start lxc instance with debian image
  2. lxc-attach -n -- service networking restart
  3. lxc-checkpoint -n -D

lxc-checkpoint will fail because dhclient process has incorrect cgroup ns. It needs to use setns instead of unshare to set cgroup ns. "setns" already supports cgroup ns in kernel of ubuntu 16.04.

@lxc-jenkins
Copy link

This pull request didn't trigger Jenkins as its author isn't in the whitelist.

An organization member must perform one of the following:

  • To have this branch tested by Jenkins, use the "ok to test" command.
  • To have a one time test done, use the "test this please" command.

Those commands are simple Github comments of the format: "jenkins: COMMAND"

brauner
brauner reviewed Jul 27, 2016
View reviewed changes
src/lxc/attach.c
@@ -932,7 +931,7 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
}

if (options->attach_flags & LXC_ATTACH_MOVE_TO_CGROUP && cgns_supported())
unshare_cgns = true;
options->namespaces = options->namespaces | CLONE_NEWCGROUP;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please rewrite this to:
options->namespaces |= CLONE_NEWCGROUP;

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

applied

@brauner
Copy link
Member

brauner commented Jul 27, 2016
edited

Oh, and please name your commit attach: setns instead of unshare in lxc-attach. Thanks! :)

attach: setns instead of unshare in lxc-attach
dac862c 
lxc-checkpoint will fail because process createdy by lxc-attach has
incorrect cgroup ns. It needs to use "setns" instead of "unshare"
to set cgroup ns.

Signed-off-by: Chen Haiquan <oc@yunify.com>
@stgraber
Copy link
Member

jenkins: test this please

@brauner brauner merged commit 11b09c7 into lxc:master Jul 28, 2016
z-image pushed a commit to z-image/lxc that referenced this pull request Oct 16, 2016
Merge pull request lxc#1102 from chenhaiq/master
f80e049 
attach: use setns instead of unshare
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@chenhaiq @lxc-jenkins @brauner @stgraber