mirror of
https://git.proxmox.com/git/mirror_lxc
synced 2025-08-07 15:29:02 +00:00
c/r: escape cgroups before exec()ing criu
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This commit is contained in:
parent
06078509e3
commit
e9195050b4
@ -56,6 +56,18 @@ void exec_criu(struct criu_opts *opts)
|
|||||||
|
|
||||||
char buf[4096];
|
char buf[4096];
|
||||||
|
|
||||||
|
/* If we are currently in a cgroup /foo/bar, and the container is in a
|
||||||
|
* cgroup /lxc/foo, lxcfs will give us an ENOENT if some task in the
|
||||||
|
* container has an open fd that points to one of the cgroup files
|
||||||
|
* (systemd always opens its "root" cgroup). So, let's escape to the
|
||||||
|
* /actual/ root cgroup so that lxcfs thinks criu has enough rights to
|
||||||
|
* see all cgroups.
|
||||||
|
*/
|
||||||
|
if (!cgroup_escape()) {
|
||||||
|
ERROR("failed to escape cgroups");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
/* The command line always looks like:
|
/* The command line always looks like:
|
||||||
* criu $(action) --tcp-established --file-locks --link-remap --force-irmap \
|
* criu $(action) --tcp-established --file-locks --link-remap --force-irmap \
|
||||||
* --manage-cgroups action-script foo.sh -D $(directory) \
|
* --manage-cgroups action-script foo.sh -D $(directory) \
|
||||||
|
Loading…
Reference in New Issue
Block a user