First of all, CRIU looks like a very cool project. Using the out of the box "criu" CLI was super easy and appears to do what I want (checkpoint a TCP connection, and restore it somewhere else, I for now, tried to do this by just restoring a docker container using the guide on criu.org) however my goal is to move this functionality to a application running in a kubernetes pod, which can than be used to "transfer" a TCP connection from my kubernetes pod to another kubernetes pod whenever a pod gets rebalanced.
I learned that libsoccr has been build to exactly do this, so I'm trying to build a little C application that simulates a TCP client/server connetion, and uses libsoccr to checkpoint/restore the TCP connection of the client. Now the last time that I used C is years ago, so I am really struggling getting the libsoccr.a library linked to my "demo-app".
I tried the following:
However it is failing trying to find libnet_init.
Now I am guessing that I am linking the project incorrectly (as I probably also have to link libnet and other dependencies) but I am afraid I have to admit that I'm not really sure how to go from here as my C skills are lacking here.
Anyone that can lead me in the right direction // is there maybe a demo application on github somewhere that demonstrates how to use libsoccr as a standalone library?
Help would be really appreciated, I hope that I am not annoying you with my beginner-questions.
I have been trying to setup CRIU v3.13 inside a privileged docker container (A dockerized CRIU Image is bundled as part of the Dockerfile on an Alpine Linux Base) to checkpoint a certain process. The containers run inside a Kubernetes cluster on a fresh install of Ubuntu 20.04 LTS.
I have done some sanity checks, namely running the
criu check command from within the container. Apart from
criu check, I have checked for various privilege accesses and all come back positive.
criu check command returns the following:
Error (criu/util.c:610): exited, status=1
Error (criu/util.c:610): exited, status=1
Warn (criu/kerndat.c:839): Can't keep kdat cache on non-tempfs
I am currently trying to get the
simple loop example (https://criu.org/Simple_loop) working. After following the instructions, I see that dumping the process fails with error code -1.
pie: 52: Warn (criu/pie/parasite.c:648): /proc/self/cgroup was bigger than the page size
pie: 52: __sent ack msg: 76 76 -1
pie: 52: Close the control socket for writing
(00.037284) Fetched ack: 76 76 -1
pie: 52: Daemon waits for command
(00.037294) Error (compel/src/lib/infect-rpc.c:72): Command 76 for daemon failed with -1
(00.037305) Error (criu/parasite-syscall.c:447): Parasite failed to dump /proc/self/cgroup
I haven't had much success in finding a solution to the problem in the GitHub issues, and I'd really appreciate it if you could point me in the right direction.
Ugh, something strange happening with that. It's a long story.
Andrei has filled bug https://bugs.launchpad.net/ubuntu/impish/+source/linux/+bug/1967924
because our patch https://kernel.ubuntu.com/git/ubuntu/ubuntu-hirsute.git/commit/?id=c9dae9237803b4ae3517f9599b33c6d4b6b9c0a4
from 2021-05-07 12:11:00 was losed
They ported this patch by themself and discovered that it leads to crash:
issue was successfully fixed and I've reviewed this solution:
For some reason fix for this patch wasn't squashed into the original commit, but instead applied on top, and then kernel release was came out without fix...
[ https://lwn.net/Articles/899420/ ]
AFAIK, right now kernels have no this problem and contains both patches.
fput(file)that doesn't needed anymore because of https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/fs/overlayfs/file.c?h=hwe-5.15-next&id=2896900e22f8212606a1837d89a6bbce314ceeda
It's not your memory fault. Bugs tend to disappear when you try to reproduce them purposefully. :D
about:configas criu does not yet support checkpoint of nested IPC namespaces
apparmor_stackingcheck to fail and print the message you mentioned above.
sudo criu check --feature apparmor_stacking || echo 'apparmor stacking not supported'
(00.339232) pie: 2565: restoring lsm profile (current) unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 (00.446113) pie: 2562: restoring lsm profile (current) unconfined_u:unconfined_r:xserver_t:s0-s0:c0.c1023 (00.447109) pie: 2562: Error (criu/pie/restorer.c:180): can't write lsm profile -13