Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Radostin Stoyanov
    @rst0git
    @NoobTracker AppArmour is not supported on Fedora by default. This was causing the apparmor_stacking check to fail and print the message you mentioned above.
    The following command can be used to confirm this: sudo criu check --feature apparmor_stacking || echo 'apparmor stacking not supported'
    NoobTracker
    @NoobTracker

    AppArmour is not supported on Fedora by default. This was causing the apparmor_stacking check to fail and print the message you mentioned above.'`

    You mean Kali, right?

    Radostin Stoyanov
    @rst0git
    I was referring to the following question: "Does criu on fedora always print out ... ?"
    NoobTracker
    @NoobTracker
    Ahh, nvm
    NoobTracker
    @NoobTracker
    I've switched to Fedora and I can still dump successfully and I can't restore.
    Alexander Mikhalitsyn
    @mihalicyn
    can you show cat restore.log | grep Error ?
    NoobTracker
    @NoobTracker
    (00.447109) pie: 2562: Error (criu/pie/restorer.c:180): can't write lsm profile -13
    (00.447363) pie: 2562: Error (criu/pie/restorer.c:1968): Restorer fail 2562
    (00.447798) Error (criu/cr-restore.c:2536): Restoring FAILED.
    Alexander Mikhalitsyn
    @mihalicyn
    cat restore.log | grep lsm
    NoobTracker
    @NoobTracker
    (00.339232) pie: 2565: restoring lsm profile (current) unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
    (00.446113) pie: 2562: restoring lsm profile (current) unconfined_u:unconfined_r:xserver_t:s0-s0:c0.c1023
    (00.447109) pie: 2562: Error (criu/pie/restorer.c:180): can't write lsm profile -13
    NoobTracker
    @NoobTracker
    seems to be related to the apparmor stuff
    is there a quick fix, can I just use another distro?
    Adrian Reber
    @adrian:lisas.de
    [m]
    This is strange. It tries to restore the selinux labels but gets permission denied. What kind of system do you have?
    NoobTracker
    @NoobTracker
    It's a VM running Fedora
    Adrian Reber
    @adrian:lisas.de
    [m]
    Self compiled criu?
    NoobTracker
    @NoobTracker
    no, it's preinstalled I think
    Adrian Reber
    @adrian:lisas.de
    [m]
    Ah
    NoobTracker
    @NoobTracker
    at least I don't remember installing it but I tend to forget relevant details
    Adrian Reber
    @adrian:lisas.de
    [m]
    I think you either need to disable selinux or change the corresponding seboolean to allow criu
    Try setenforce 0 for a quick check to see if disabling selinux helps
    NoobTracker
    @NoobTracker
    okay ...
    Alexander Mikhalitsyn
    @mihalicyn
    Are you running criu restore from the root user or not?
    NoobTracker
    @NoobTracker
    I'm using sudo <whatever>. Since criu is the reason why I'm using Linux at all, idk if that means that I'm root

    Try setenforce 0 for a quick check to see if disabling selinux helps

    That works!

    NoobTracker
    @NoobTracker
    I'm trying to snapshot a program that has a memory footprint of ~100M when executed on my Windows machine, it's running through WINE. criu gets stuck after a second. Taking the snapshot should be done after a few minutes, right?
    The CPU usage is nonexistent, I think it's just frozen ... odd
    NoobTracker
    @NoobTracker
    It only fails/freezes if the windows application is running
    Should I show what CRIU logs before freezing?
    NoobTracker
    @NoobTracker
    CRIU can dump GUI applications, right?
    NoobTracker
    @NoobTracker
    Pavel Tikhomirov
    @Snorch

    CRIU can dump GUI applications, right?

    In general no, probably except only VNC https://criu.org/VNC

    Prajwal S N
    @snprajwal
    Hi all, a lot of work has happened on the go-criu library for the past few months, so we've opened an issue to plan a new release
    checkpoint-restore/go-criu#86
    Do drop a comment if there's anything that's been missed
    Younes Manton
    @ymanton

    I'm seeing the following build break on Fedora Rawhide:

    In file included from criu/pie/util.c:3:
    /usr/include/sys/mount.h:240:6: error: redeclaration of 'enum fsconfig_command'
      240 | enum fsconfig_command
          |      ^~~~~~~~~~~~~~~~
    In file included from /usr/include/sys/mount.h:32:
    criu/include/linux/mount.h:11:6: note: originally defined here
       11 | enum fsconfig_command {
          |      ^~~~~~~~~~~~~~~~

    I thought it was fixed by checkpoint-restore/criu#1943 but it looks like /usr/include/sys/mount.h has

         30 #ifdef __has_include
         31 # if __has_include ("linux/mount.h")
         32 #  include "linux/mount.h"
         33 # endif
         34 #endif

    which normally finds /usr/include/linux/mount.h but when building CRIU instead grabs criu/include/linux/mount.h. Was that the intention? @rst0git any idea?

    Pavel Tikhomirov
    @Snorch
    Hm, for me it looks like a bug in glibc... Maybe I'm mistaken but if glibc uses #include "" it searches for for mount.h in criu directory, but originally commit 774058d729 ("linux: Fix sys/mount.h usage with kernel headers") expects it to search mount.h in kernel source...
    Younes Manton
    @ymanton
    Yeah, I would think that a header intended to be installed in a central place should not use #include "".
    Pavel Tikhomirov
    @Snorch

    Reproduce:

    [snorch@turmoil test]$ cat include/linux/mount.h 
    enum fsconfig_command {
        FSCONFIG_SET_FLAG = 10,
    };
    [snorch@turmoil test]$ cat test.c 
    #include <stdio.h>
    /* Include new glibc sys/mount.h header */
    #include "/home/snorch/devel/general/glibc/sysdeps/unix/sysv/linux/sys/mount.h"
    
    int main () {
        printf("%d\n", FSCONFIG_SET_FLAG);
        return 0;
    }
    [snorch@turmoil test]$ gcc -o test -I include test.c
    In file included from test.c:2:
    /home/snorch/devel/general/glibc/sysdeps/unix/sysv/linux/sys/mount.h:240:6: error: redeclaration of ‘enum fsconfig_command’
      240 | enum fsconfig_command
          |      ^~~~~~~~~~~~~~~~
    In file included from /home/snorch/devel/general/glibc/sysdeps/unix/sysv/linux/sys/mount.h:32:
    include/linux/mount.h:1:6: note: originally defined here
        1 | enum fsconfig_command {
          |      ^~~~~~~~~~~~~~~~
    /home/snorch/devel/general/glibc/sysdeps/unix/sysv/linux/sys/mount.h:242:3: error: redeclaration of enumerator ‘FSCONFIG_SET_FLAG’
      242 |   FSCONFIG_SET_FLAG       = 0,    /* Set parameter, supplying no value */
          |   ^~~~~~~~~~~~~~~~~
    include/linux/mount.h:2:9: note: previous definition of ‘FSCONFIG_SET_FLAG’ with type ‘enum fsconfig_command’
        2 |         FSCONFIG_SET_FLAG = 10,
          |         ^~~~~~~~~~~~~~~~~

    Let's wait for second opinion on it.

    probably I should've used -iquote, but anyways the same error
    Pavel Tikhomirov
    @Snorch
    @ymanton does checkpoint-restore/criu#1943 help?
    Radostin Stoyanov
    @rst0git
    We can see the same errors in our CI as well: https://github.com/checkpoint-restore/criu/runs/7963467477
    Younes Manton
    @ymanton
    @Snorch No, the above error is with those patches included.
    Younes Manton
    @ymanton
    Should criu/include/linux/mount.h be called criu/include/sys/mount.h instead since it's trying to provide the stuff from /usr/include/sys/mount.h not /usr/include/linux/mount.h?
    Radostin Stoyanov
    @rst0git
    @ymanton criu/include/linux/mount.h was introduced in commit: checkpoint-restore/criu@b5b1c4e
    This file was initially used to provide missing declarations from linux/mount.h, but the subfolder name (sys or linux) in the criu source tree does not make any difference.
    Radostin Stoyanov
    @rst0git
    @Snorch I am able to replicate the compilation errors from CI with fedora:rawhide container.
    Radostin Stoyanov
    @rst0git
    I've opened a pull request with a fix: checkpoint-restore/criu#1962
    Bui Quang Minh
    @minhbq-99
    Hi everyone, I'm trying to implement C/R support for cgroupv2 threaded controller which means threads in a process may belong to different controllers.
    As threads are cloned and restored later in restorer, my idea is to create a service fd (cgroupd) working like usernsd that receives the cg_set number from restored thread and the thread id then fix up the thread's controller (write thread id to controller/cgroup.threads). However, AFAIK, SCM_CREDENTIALS cmsg contains the process id (thread group id) not the thread id. So how can we pass the thread id across the namespace boundary?
    Pavel Tikhomirov
    @Snorch

    my idea is to create a service fd (cgroupd) working like usernsd

    Why not just use usernsd, e.g. see how userns_move works, but just give the tid in it's arguments? (instead of using the one SCM_CREDENTIALS give you)

    Bui Quang Minh
    @minhbq-99
    I think the reason behind using SCM_CREDENTIALS is that it transforms the pid of caller (which may be in pid namespace) into outer pid namespace of callee (usernsd). If we pass tid directly from the inside pid namespace, it may be not correct tid from the usernsd outer pid namespace viewpoint.
    Pavel Tikhomirov
    @Snorch
    Just send item->threads[i].real as usernsd should be in criu pidns. upd: this is probably unavailable on restore, but it should not be too hard to get it from proc.
    Bui Quang Minh
    @minhbq-99
    Thanks, I will look around and try to tackle that