I was adapting CRIU with ia32 support for building with Koji,
and found that Koji can't build x86_64 packages and have
i686 libs installed.
While at it, I found that i686 libraries requirement is
no longer valid since I've deleted the second parasite.
Drop feature test for i686 libs and put test for gcc.
That will effectively test if gcc can compile 32-bit code
and bug with debian's gcc (#315).
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
I bumped in this myself when I had libc6-dev-i386 installed,
while criu said I didn't. Save other guys'es time, spent
in this place.
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Acked-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Point that ia32 C/R was disabled due to missed packages.
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
As all builds are done from top source dir, there is no need
to have SRC_DIR.
Reviewed-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Supported only from v4.9 kernel :)
The following commits may be backported if needed:
b059a453b ("x86/vdso: Add mremap hook to vm_special_mapping")
e38447ee1 ("x86/vdso: Unmap vdso blob on vvar mapping failure")
576ebfefd ("x86/vdso: Replace calculate_addr in map_vdso() with addr")
2eefd8789 ("x86/arch_prctl/vdso: Add ARCH_MAP_VDSO_*")
90954e7b9 ("x86/coredump: Use pr_reg size, rather that TIF_IA32 flag")
cc87324b3 ("x86/ptrace: Down with test_thread_flag(TIF_IA32)")
684635105 ("x86/signal: Add SA_{X32,IA32}_ABI sa_flags")
ed1e7db33 ("x86/signal: Remove bogus user_64bit_mode() check from
sigaction_compat_abi()")
The required patches list may be checked also at
https://criu.org/Upstream_kernel_commits
travis-ci: success for Rectify 32-bit compatible C/R on x86
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
I am not quite sure how that happened, but compel hgen was not used for
ARM/ARM64, instead there's a simple version of it, called
gen-offsets.sh. The main difference is, shell script doesn't handle ELF
relocations, which apparently is not (currently?) needed for ARM.
It's bad to maintain two tools for the same functionality, so this
patch kills gen-offsets.sh and related stuff, making compel hgen
working on ARM. ELF relocations are still not handled, this code
is #ifdef-ed out for now and can be fixed to work on ARM later.
This patch also kills some macros and defines that seem obsoleted
now. For example, compel_relocs_apply() is now called unconditionally,
as it handles the trivial case of 0 relocs just fine.
Now, I checked that the blob headers generated by compel hgen and
gen-offsets.h are similar (i.e. generated blob code and values defined
are the same), but haven't done much above that.
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Both std and criu will use it for syscalls sake.
Note I've to disable x86 compat mode for a while:
we have to provide native types there thus will
back once everything else is complete.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
I'll wrap all compatible code in this CONFIG_COMPAT define.
As I'll wrap also compatible parasite generation in this,
it's also makefile variable, rather than just C define.
The test itself consists of including stubs-32.h, which is
glibc6-i686 presence test and is compiled with -m32 option,
which is test for gcc-multilib.
Cc: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Reviewed-by: Cyrill Gorcunov <gorcunov@openvz.org>
Acked-by: Andrew Vagin <avagin@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
In this file one can add options with which to build CRIU.
Each line is (for now) expanded into CONFIG_$(TEXT) macros
defined in config.h that can be tested later in the code.
v2: Add .config to .gitignore
v3: Don't check that make mrproper removes .config
https://github.com/xemul/criu/issues/235
travis-ci: success for Don't compile in binfmt_misc dumping code by default (rev3)
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Reviewed-by: Dmirty Safonov <dsafonov@virtuozzo.com>
If userns_restore_one_link() is called outside of usernsd,
it switches into the criu namespace and switches back before exiting.
v2: rid of the include of linux/net_namespace.h in criu/include/net.h,
as well as the associated defines and feature checks
travis-ci: success for net: simplify restore of macvlan-s (rev2)
Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
Acked-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
This header was only introduced in 2015, so we need to build without it.
travis-ci: success for series starting with [v10,01/11] net: pass the struct nlattrs to dump() functions
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
It contained definitions for F_{SET,GET}PIPE_SZ, which
we already have in "fcntl.h" - it's not big, can be included instead.
Also it has pipe-size specific definitions, which are used only
in page-pipe.c -- moved them to page-pipe.h.
This will simplify include for config.h from subprojects.
Cc: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
So, we need CONFIG_HAS_* feature-defines in compel, libsoccr
tools. Let's move this tests upper.
It also reverts commit 411cde8815a4 ("make, soccr: let CRIU depend on
libsoccr"), as we don't need -lsoccr to build feature tests now.
To eliminate any races here, I added $(LIB_FEATURES).
Cc: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Dmitry Safonov <dsafonov@virtuozzo.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
We don't use this any more (and the test was deleted in a previous patch),
so let's get rid of this too.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Unfortunately, SECCOMP_MODE_FILTER is not currently exposed to userspace,
so we can't checkpoint that. In any case, this is what we need to do for
SECCOMP_MODE_STRICT, so let's do it.
This patch works by first disabling seccomp for any processes who are going
to have seccomp filters restored, then restoring the process (including the
seccomp filters), and finally resuming the seccomp filters before detaching
from the process.
v2 changes:
* update for kernel patch v2
* use protobuf enum for seccomp type
* don't parse /proc/pid/status twice
v3 changes:
* get rid of extra CR_STAGE_SECCOMP_SUSPEND stage
* only suspend seccomp in finalize_restore(), just before the unmap
* restore the (same) seccomp state in threads too; also add a note about
how this is slightly wrong, and that we should at least check for a
mismatch
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
For testing purpose we need to disable using of
piegen utility. So lets add PIEGEN make option
thus one can "PIEGEN=no make" to build criu
without piegen at all.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This patch adds support for checkpoint and restore of two linux security
modules (apparmor and selinux). The actual checkpoint or restore code isn't
that interesting, other than that we have to do the LSM restore in the restorer
blob since it may block any number of things that we want to do as part of the
restore process.
I tried originally to get this to work using libraries in the restorer blob,
but I could _not_ get things to work correctly (I assume I was doing something
wrong with all the static linking, you can see my draft attempts here:
https://github.com/tych0/criu/commits/apparmor-using-libraries ). I can try to
resurrect this if it makes more sense, to do it that way, though.
v2: lsm_profile lives in creds.proto instead of the task core, look in a more
canonical place for selinuxfs and don't try to special case any selinux
profile names.
v3: only allow unconfined selinux profiles
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Check for setproctitle_init, as old versions of libbsd don't have one.
Reported-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Acked-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We will need it to figure out if architecture
needs vDSO handling code to be built. Note
currently only x86 is exporting vDSO simply
because ARM support is not yet ready.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Acked-by: Alexander Kartashov <alekskartashov@parallels.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
It takes only two arguments. Note it's not error since
we don't even reference to a third argument here but
just to be consistent and clear.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Tested-by: Ruslan Kuprieiv <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
PIPE_MAX_SIZE is calculated according with the kernel code.
PPB_IOV_BATCH has been taken from my mind.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Currently we check PTRACE_PEEKSIGINFO and if it's defined in a system
header, we suppose that ptrace_peeksiginfo_args is defined there too.
But due to a bug in glibc, this check doesn't work. Now we have F20,
where ptrace_peeksiginfo_args is defined in sys/ptrace and F21 where
it isn't defined.
commit 9341dde4d56ca71b61b47c8b87a06e6d5813ed0e
Author: Mike Frysinger <vapier@gentoo.org>
Date: Sun Jan 5 16:07:13 2014 -0500
ptrace.h: add __ prefix to ptrace_peeksiginfo_args
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We will need it for btrfs subvolumes handling.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Same as kernel provides, adopted from Linux sources.
strlcpy is similar to strncpy but _always_ adds \0
at the end of string even if destination is shorter.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
It's being reported that some systems (as Ubuntu 13.04) already
have struct tcp_repair_opt definition in their system headers.
| sk-tcp.c:25:8: error: redefinition of struct tcp_repair_opt
| sk-tcp.c:31:2: error: redeclaration of enumerator TCP_NO_QUEUE
So add a facility for compile time testing for reported entities
to be present on a system. For this we generate include/config.h
where all tested entries will lay and source code need to include
it only in places where really needed.
Reported-by: Vasily Averin <vvs@parallels.com>
Acked-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
