We have problems with /proc/pid/ns/name bind-mounts in CRIU 1) Currently (without nsfs) such a bind mount have same superblock with /proc mount, but in case of nested pid-namespaces container can have multiple different /proc mounts and for ns-bind-mount we need to bind it from the right pidns. So we will need to enter proper pid-namespace to reopen ns-file fd from proper proc, it looks too complex.
If we port nsfs ns-bind-mounts will be all on the same superblock which does not depend from procfs's we opened the ns-file on. 2) Bigger problem will come then we will wan't to migrate ns-bind-mounts from non-nsfs to nsfs (vz8) kernel this would bring a lot of crutches, we will need to workaround the fact that before migration mounts were with same superblock and after migration they can't be. To overcome those we can port nsfs to vz7 and do ns-bind-mount support in a new world of nsfs, looks like it would be easier. First we need to revert all patches which depend from nsfs: 8782a0069f1b proc: add a proc_show_path method to fix mountinfo b823f8df2fcb ms/tun: Add ioctl() TUNGETDEVNETNS cmd to allow obtaining real net ns of tun device 302889fa2e3d ms/net: add an ioctl to get a socket network namespace 7cb9e7ae7041 ms/tun: Add ioctl() SIOCGSKNS cmd to allow obtaining net ns of tun device ac08c64138ac nsfs: add ioctl to get a parent namespace a8e0dd94d5cd nsfs: add ioctl to get an owning user namespace for ns file descriptor 93dca538d184 kernel: add a helper to get an owning user namespace for a namespace edaecdb8adac ms/pidns: expose task pid_ns_for_children to userspace 2b151c3f8909 ms/ns: allow ns_entries to have custom symlink content Cherry-pick nsfs from VZ8: 435d5f4bb2cc common object embedded into various struct ....ns 58be28256d98 make mntns ->get()/->put()/->install()/->inum() work with &mnt_ns->ns ff24870f46d5 netns: switch ->get()/->put()/->install()/->inum() to working with &net->ns 3c0411846118 switch the rest of proc_ns_operations to working with &...->ns 64964528b24e make proc_ns_operations work with struct ns_common * instead of void * 6344c433a452 new helpers: ns_alloc_inum/ns_free_inum 33c429405a2c copy address of proc_ns_ops into ns_common f77c80142e1a bury struct proc_ns in fs/proc 292662014509 dcache.c: call ->d_prune() regardless of d_unhashed() e149ed2b805f take the targets of /proc/*/ns/* symlinks to separate fs Cherry-pick part of reverted patches back from VZ8: bcac25a58bfc kernel: add a helper to get an owning user namespace for a namespace 6786741dbf99 nsfs: add ioctl to get an owning user namespace for ns file descriptor a7306ed8d94a nsfs: add ioctl to get a parent namespace c62cce2caee5 net: add an ioctl to get a socket network namespace 25b14e92af1a ns: allow ns_entries to have custom symlink content eaa0d190bfe1 pidns: expose task pid_ns_for_children to userspace Cherry-pick reverted patches back from MS (we also need them to vz8): 75509fd88fbd nsfs: Add a show_path method to fix mountinfo 24dce0800baa net: Export open_related_ns() d8d211a2a0c3 net: Make extern and export get_net_ns() f2780d6d7475 tun: Add ioctl() SIOCGSKNS cmd to allow obtaining net ns of tun device 0c3e0e3bb623 tun: Add ioctl() TUNGETDEVNETNS cmd to allow obtaining real net ns of tun device 073c516ff735 nsfs: mark dentry with DCACHE_RCUACCESS On this kernel I've runed zdtm, so the change should not break interfaces. https://jira.sw.ru/browse/PSBM-102357 Al Viro (10): ms: common object embedded into various struct ....ns make mntns ->get()/->put()/->install()/->inum() work with &mnt_ns->ns netns: switch ->get()/->put()/->install()/->inum() to working with &net->ns switch the rest of proc_ns_operations to working with &...->ns make proc_ns_operations work with struct ns_common * instead of void * new helpers: ns_alloc_inum/ns_free_inum copy address of proc_ns_ops into ns_common bury struct proc_ns in fs/proc dcache.c: call ->d_prune() regardless of d_unhashed() take the targets of /proc/*/ns/* symlinks to separate fs Andrey Vagin (4): kernel: add a helper to get an owning user namespace for a namespace nsfs: add ioctl to get an owning user namespace for ns file descriptor nsfs: add ioctl to get a parent namespace net: add an ioctl to get a socket network namespace Cong Wang (1): nsfs: mark dentry with DCACHE_RCUACCESS Eric W. Biederman (1): nsfs: Add a show_path method to fix mountinfo Kirill Tkhai (6): ns: allow ns_entries to have custom symlink content pidns: expose task pid_ns_for_children to userspace net: Export open_related_ns() net: Make extern and export get_net_ns() tun: Add ioctl() SIOCGSKNS cmd to allow obtaining net ns of tun device tun: Add ioctl() TUNGETDEVNETNS cmd to allow obtaining real net ns of tun device Pavel Tikhomirov (10): Revert "proc: add a proc_show_path method to fix mountinfo" Revert "ms/tun: Add ioctl() TUNGETDEVNETNS cmd to allow obtaining real net ns of tun device" Revert "ms/net: add an ioctl to get a socket network namespace" Revert "ms/tun: Add ioctl() SIOCGSKNS cmd to allow obtaining net ns of tun device" Revert "nsfs: add ioctl to get a parent namespace" Revert "nsfs: add ioctl to get an owning user namespace for ns file descriptor" Revert "kernel: add a helper to get an owning user namespace for a namespace" Revert "ms/pidns: expose task pid_ns_for_children to userspace" Revert "ms/ns: allow ns_entries to have custom symlink content" userns: move EXPORT_SYMBOL closer to current_in_userns drivers/net/tun.c | 15 +- fs/Makefile | 2 +- fs/dcache.c | 2 +- fs/internal.h | 5 + fs/mount.h | 3 +- fs/namespace.c | 56 ++++---- fs/nfs_common/grace.c | 2 +- fs/nfsd/nfs4recover.c | 2 +- fs/nsfs.c | 255 +++++++++++++++++++++++++++++++++ fs/proc/inode.c | 24 ---- fs/proc/internal.h | 5 + fs/proc/namespaces.c | 245 +++---------------------------- include/linux/ipc_namespace.h | 3 +- include/linux/ns_common.h | 12 ++ include/linux/pid_namespace.h | 3 +- include/linux/proc_fs.h | 4 + include/linux/proc_ns.h | 52 ++++--- include/linux/socket.h | 2 + include/linux/user_namespace.h | 10 +- include/linux/utsname.h | 3 +- include/net/net_namespace.h | 3 +- include/uapi/linux/magic.h | 1 + include/uapi/linux/nsfs.h | 13 ++ init/main.c | 2 + init/version.c | 5 +- ipc/msgutil.c | 5 +- ipc/namespace.c | 37 +++-- kernel/nsproxy.c | 10 +- kernel/pid.c | 5 +- kernel/pid_namespace.c | 55 ++++--- kernel/user.c | 5 +- kernel/user_namespace.c | 46 +++--- kernel/utsname.c | 36 +++-- net/core/net_namespace.c | 44 +++--- net/socket.c | 26 +--- 35 files changed, 521 insertions(+), 477 deletions(-) create mode 100644 fs/nsfs.c create mode 100644 include/linux/ns_common.h create mode 100644 include/uapi/linux/nsfs.h -- 2.24.1 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
