Merge pull request #1072 from adrianreber/master

c/r: drop in-flight connections during CRIU dump
2025-08-08 04:36:21 +00:00 · 2016-07-13 23:16:49 +02:00 · 2016-07-13 23:16:49 +02:00 · 41a8036745
commit 41a8036745
parent a4abe1bbb5 f195450384
2 changed files with 25 additions and 6 deletions
--- a/src/lxc/criu.c
+++ b/src/lxc/criu.c
@ -50,6 +50,8 @@
 #define CRIU_GITID_VERSION	"2.0"
 #define CRIU_GITID_PATCHLEVEL	0
 #define CRIU_IN_FLIGHT_SUPPORT	"2.4"
 lxc_log_define(lxc_criu, lxc);
 struct criu_opts {
@ -75,6 +77,9 @@ struct criu_opts {
 	 * different) on the target host. NULL if lxc.console = "none".
 	 */
 	char *console_name;
 	/* The detected version of criu */
 	char *criu_version;
 };
 static int load_tty_major_minor(char *directory, char *output, int len)
@ -264,6 +269,10 @@ static void exec_criu(struct criu_opts *opts)
 		if (ret < 0 || ret >= sizeof(log))
 			goto err;
 		if (!opts->user->disable_skip_in_flight &&
 				strcmp(opts->criu_version, CRIU_IN_FLIGHT_SUPPORT) >= 0)
 			DECLARE_ARG("--skip-in-flight");
 		DECLARE_ARG("--freeze-cgroup");
 		DECLARE_ARG(log);
@ -511,11 +520,11 @@ version_error:
 /* Check and make sure the container has a configuration that we know CRIU can
 * dump. */
-static bool criu_ok(struct lxc_container *c)
+static bool criu_ok(struct lxc_container *c, char **criu_version)
 {
 	struct lxc_list *it;
-	if (!criu_version_ok(NULL))
+	if (!criu_version_ok(criu_version))
 		return false;
 	if (geteuid()) {
@ -573,7 +582,7 @@ out_unlock:
 // do_restore never returns, the calling process is used as the
 // monitor process. do_restore calls exit() if it fails.
-void do_restore(struct lxc_container *c, int status_pipe, struct migrate_opts *opts)
+void do_restore(struct lxc_container *c, int status_pipe, struct migrate_opts *opts, char *criu_version)
 {
 	pid_t pid;
 	char pidfile[L_tmpnam];
@ -664,6 +673,7 @@ void do_restore(struct lxc_container *c, int status_pipe, struct migrate_opts *o
 		os.pidfile = pidfile;
 		os.cgroup_path = cgroup_canonical_path(handler);
 		os.console_fd = c->lxc_conf->console.slave;
 		os.criu_version = criu_version;
 		if (os.console_fd >= 0) {
 			/* Twiddle the FD_CLOEXEC bit. We want to pass this FD to criu
@ -848,8 +858,9 @@ static int save_tty_major_minor(char *directory, struct lxc_container *c, char *
 static bool do_dump(struct lxc_container *c, char *mode, struct migrate_opts *opts)
 {
 	pid_t pid;
 	char *criu_version = NULL;
-	if (!criu_ok(c))
+	if (!criu_ok(c, &criu_version))
 		return false;
 	if (mkdir_p(opts->directory, 0700) < 0)
@ -868,6 +879,7 @@ static bool do_dump(struct lxc_container *c, char *mode, struct migrate_opts *op
 		os.user = opts;
 		os.c = c;
 		os.console_name = c->lxc_conf->console.path;
 		os.criu_version = criu_version;
 		if (save_tty_major_minor(opts->directory, c, os.tty_id, sizeof(os.tty_id)) < 0)
 			exit(1);
@ -927,8 +939,9 @@ bool __criu_restore(struct lxc_container *c, struct migrate_opts *opts)
 	pid_t pid;
 	int status, nread;
 	int pipefd[2];
 	char *criu_version = NULL;
-	if (!criu_ok(c))
+	if (!criu_ok(c, &criu_version))
 		return false;
 	if (geteuid()) {
@ -951,7 +964,7 @@ bool __criu_restore(struct lxc_container *c, struct migrate_opts *opts)
 	if (pid == 0) {
 		close(pipefd[0]);
 		// this never returns
-		do_restore(c, pipefd[1], opts);
+		do_restore(c, pipefd[1], opts, criu_version);
 	}
 	close(pipefd[1]);
--- a/src/lxc/lxccontainer.h
+++ b/src/lxc/lxccontainer.h
@ -896,6 +896,12 @@ struct migrate_opts {
 	 * "action script"
 	 */
 	char *action_script;
 	/* If CRIU >= 2.4 is detected the option to skip in-flight connections
 	 * will be enabled by default. The flag 'disable_skip_in_flight' will
 	 * unconditionally disable this feature. In-flight connections are
 	 * not fully established TCP connections: SYN, SYN-ACK */
 	bool disable_skip_in_flight;
 };
 /*!