This is needed because in case of killing of a container with SPFS manager inside (due to any restore error) all the network namespaces of container processes will be marked to drop SUNRPC packets (libvzctl does it on fast stop).
This in turn happens, because we want to be able to kill container with blocked network and NFS mount inside. Thus all the processes, belonging to VE cgroup have to have containers network namespaces otherwise SUNRPC trafic is dropped in init network namespace, like it happens now. https://jira.sw.ru/browse/PSBM-79733 Signed-off-by: Stanislav Kinsburskiy <skinsbur...@virtuozzo.com> --- criu/spfs.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/criu/spfs.c b/criu/spfs.c index 6ce2ac8..d46fe11 100644 --- a/criu/spfs.c +++ b/criu/spfs.c @@ -21,6 +21,7 @@ #include "spfs.h" #include "proc_parse.h" #include "cgroup.h" +#include "net.h" #define SPFS_MANAGER_WORK_DIR "/run/spfs-manager/%d" #define VE_SPFS_MANAGER_WORK_DIR "/vz/private/%s/dump/spfs-manager/%d" @@ -121,7 +122,7 @@ static char *spfs_manager_log_dir(void) return work_dir; } -static int start_spfs_manager(void) +static int __start_spfs_manager(void) { char *spfs_manager = "spfs-manager"; char *socket_path = spfs_manager_socket_path(); @@ -159,6 +160,24 @@ static int start_spfs_manager(void) return sock; } +static int start_spfs_manager(void) +{ + int old_net_ns, sock; + + if (switch_ns(root_item->pid->real, &net_ns_desc, &old_net_ns)) { + pr_err("failed to switch to containers network namespace\n"); + return -1; + } + + sock = __start_spfs_manager(); + + if (restore_ns(old_net_ns, &net_ns_desc)) { + pr_err("failed to restore original usernsd network namespace\n"); + return -1; + } + return sock; +} + static int get_spfs_mngr_sock(void *start, int fd, pid_t pid) { int sock; _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel