// Sets all the properties for this unicharset given a src unicharset with
// everything set. The unicharsets don't have to be the same, and graphemes
// are correctly accounted for.
void UNICHARSET::PartialSetPropertiesFromOther(int start_index,
const UNICHARSET& src) {
for (int ch = start_index; ch < size_used; ++ch) {
const char* utf8 = id_to_unichar(ch);
UNICHAR_PROPERTIES properties;
if (src.GetStrProperties(utf8, &properties)) {
// Setup the script_id, other_case, and mirror properly.
const char* script = src.get_script_from_script_id(properties.script_id);
properties.script_id = add_script(script);
const char* other_case = src.id_to_unichar(properties.other_case);
if (contains_unichar(other_case)) {
properties.other_case = unichar_to_id(other_case);
} else {
properties.other_case = ch;
}
const char* mirror_str = src.id_to_unichar(properties.mirror);
if (contains_unichar(mirror_str)) {
properties.mirror = unichar_to_id(mirror_str);
} else {
properties.mirror = ch;
}
unichars[ch].properties.CopyFrom(properties);
set_normed_ids(ch);
} else {
tprintf("Failed to get properties for index %d = %s\n", ch, utf8);
}
}
}
bool CheckExternalScripts::commandLineExec(const int target_mode, const Plugin::ExecuteRequestMessage::Request &request, Plugin::ExecuteResponseMessage::Response *response, const Plugin::ExecuteRequestMessage &request_message) {
std::string command = request.command();
if (command == "ext-scr" && request.arguments_size() > 0)
command = request.arguments(0);
else if (command.empty() && target_mode == NSCAPI::target_module && request.arguments_size() > 0)
command = request.arguments(0);
else if (command.empty() && target_mode == NSCAPI::target_module)
command = "help";
try {
if (command == "add")
add_script(request, response);
else if (command == "install")
configure(request, response);
else if (command == "list")
list(request, response);
else if (command == "help") {
nscapi::protobuf::functions::set_response_bad(*response, "Usage: nscp ext-scr [add|list|install] --help");
} else
return false;
return true;
} catch (const std::exception &e) {
nscapi::protobuf::functions::set_response_bad(*response, "Error: " + utf8::utf8_from_native(e.what()));
} catch (...) {
nscapi::protobuf::functions::set_response_bad(*response, "Error: ");
}
return false;
}
bool MultiScript::_set(const StringName& p_name, const Variant& p_value) {
_THREAD_SAFE_METHOD_
String s = String(p_name);
if (s.begins_with("script_")) {
int idx = s[7];
if (idx==0)
return false;
idx-='a';
ERR_FAIL_COND_V(idx<0,false);
Ref<Script> s = p_value;
if (idx<scripts.size()) {
if (s.is_null())
remove_script(idx);
else
set_script(idx,s);
} else if (idx==scripts.size()) {
if (s.is_null())
return false;
add_script(s);
} else
return false;
return true;
}
return false;
}
EditorSectorMenu::EditorSectorMenu() :
sector(Editor::current()->currentsector),
sector_name_ptr(sector->get_name_ptr()),
original_name(*sector_name_ptr),
size(sector->get_editor_size()),
new_size(size)
{
add_label(_("Sector") + " " + sector->get_name());
add_hl();
add_textfield(_("Name"), sector_name_ptr);
add_script(_("Initialization script"), sector->get_init_script_ptr());
add_color(_("Ambient light"), sector->get_ambient_light_ptr());
add_numfield(_("Gravity"), §or->gravity);
std::vector<std::string> music_formats;
music_formats.push_back(".ogg");
music_formats.push_back(".music");
add_file(_("Music"), §or->music, music_formats);
add_hl();
add_intfield(_("Width"), &(new_size.width));
add_intfield(_("Height"), &(new_size.height));
add_entry(MNID_RESIZESECTOR, _("Resize"));
add_hl();
add_back(_("OK"));
}
void UNICHARSET::reserve(int unichars_number) {
if (unichars_number > size_reserved) {
UNICHAR_SLOT* unichars_new = new UNICHAR_SLOT[unichars_number];
for (int i = 0; i < size_used; ++i)
unichars_new[i] = unichars[i];
for (int j = size_used; j < unichars_number; ++j) {
unichars_new[j].properties.script_id = add_script(null_script);
}
delete[] unichars;
unichars = unichars_new;
size_reserved = unichars_number;
}
}
CScriptProcess::CScriptProcess (shared_str name, shared_str scripts) :
m_name (name)
{
#ifdef DEBUG
Msg ("* Initializing %s script process",*m_name);
#endif
string256 I;
for (u32 i=0, n = _GetItemCount(*scripts); i<n; ++i)
add_script (_GetItem(*scripts,i,I),false,false);
m_iterator = 0;
}
bool extscr_cli::run(std::string cmd, const Plugin::ExecuteRequestMessage_Request &request, Plugin::ExecuteResponseMessage_Response *response) {
if (cmd == "add")
add_script(request, response);
else if (cmd == "install")
configure(request, response);
else if (cmd == "list")
list(request, response);
else if (cmd == "show")
show(request, response);
else if (cmd == "delete")
delete_script(request, response);
else
return false;
return true;
}
bool CheckExternalScripts::commandLineExec(const Plugin::ExecuteRequestMessage::Request &request, Plugin::ExecuteResponseMessage::Response *response, const Plugin::ExecuteRequestMessage &request_message) {
try {
if (request.arguments_size() > 0 && request.arguments(0) == "add")
add_script(request, response);
else if (request.arguments_size() > 0 && request.arguments(0) == "install")
configure(request, response);
else if (request.arguments_size() > 0 && request.arguments(0) == "help") {
nscapi::protobuf::functions::set_response_bad(*response, "Usage: nscp ext-scr add --help");
} else
return false;
} catch (const std::exception &e) {
nscapi::protobuf::functions::set_response_bad(*response, "Error: " + utf8::utf8_from_native(e.what()));
} catch (...) {
nscapi::protobuf::functions::set_response_bad(*response, "Error: ");
}
return true;
}
bool CheckMKClient::loadModuleEx(std::string alias, NSCAPI::moduleLoadMode) {
std::map<std::wstring,std::wstring> commands;
try {
root_ = get_base_path();
nscp_runtime_.reset(new scripts::nscp::nscp_runtime_impl(get_id(), get_core()));
lua_runtime_.reset(new lua::lua_runtime(utf8::cvt<std::string>(root_.string())));
lua_runtime_->register_plugin(boost::shared_ptr<check_mk::check_mk_plugin>(new check_mk::check_mk_plugin()));
scripts_.reset(new scripts::script_manager<lua::lua_traits>(lua_runtime_, nscp_runtime_, get_id(), utf8::cvt<std::string>(alias)));
sh::settings_registry settings(get_settings_proxy());
settings.set_alias("check_mk", alias, "client");
target_path = settings.alias().get_settings_path("targets");
settings.alias().add_path_to_settings()
("CHECK MK CLIENT SECTION", "Section for NSCP active/passive check module.")
("handlers", sh::fun_values_path(boost::bind(&CheckMKClient::add_command, this, _1, _2)),
"CLIENT HANDLER SECTION", "",
"CLIENT", "For more configuration options add a dedicated section")
("targets", sh::fun_values_path(boost::bind(&CheckMKClient::add_target, this, _1, _2)),
"REMOTE TARGET DEFINITIONS", "",
"TARGET", "For more configuration options add a dedicated section")
("scripts", sh::fun_values_path(boost::bind(&CheckMKClient::add_script, this, _1, _2)),
"REMOTE TARGET DEFINITIONS", "",
"SCRIPT", "For more configuration options add a dedicated section")
;
settings.alias().add_key_to_settings()
("channel", sh::string_key(&channel_, "CheckMK"),
"CHANNEL", "The channel to listen to.")
;
settings.register_all();
settings.notify();
targets.add_samples(get_settings_proxy(), target_path);
targets.add_missing(get_settings_proxy(), target_path, "default", "", true);
if (scripts_->empty()) {
add_script("default", "default_check_mk.lua");
}
nscapi::core_helper core(get_core(), get_id());
core.register_channel(channel_);
scripts_->load_all();
} catch (nscapi::nscapi_exception &e) {
NSC_LOG_ERROR_EXR("Load", e);
return false;
} catch (std::exception &e) {
NSC_LOG_ERROR_EXR("Load", e);
return false;
} catch (...) {
NSC_LOG_ERROR_EX("Load");
return false;
}
return true;
}
int main(int argc, char *argv[], char *envp[])
{
pid_t pid = 0, tree_id = 0;
int ret = -1;
bool usage_error = true;
bool has_exec_cmd = false;
int opt, idx;
int log_level = LOG_UNSET;
char *imgs_dir = ".";
char *work_dir = NULL;
static const char short_opts[] = "dSsRf:F:t:p:hcD:o:n:v::x::Vr:jlW:L:M:";
static struct option long_opts[] = {
{ "tree", required_argument, 0, 't' },
{ "pid", required_argument, 0, 'p' },
{ "leave-stopped", no_argument, 0, 's' },
{ "leave-running", no_argument, 0, 'R' },
{ "restore-detached", no_argument, 0, 'd' },
{ "restore-sibling", no_argument, 0, 'S' },
{ "daemon", no_argument, 0, 'd' },
{ "contents", no_argument, 0, 'c' },
{ "file", required_argument, 0, 'f' },
{ "fields", required_argument, 0, 'F' },
{ "images-dir", required_argument, 0, 'D' },
{ "work-dir", required_argument, 0, 'W' },
{ "log-file", required_argument, 0, 'o' },
{ "namespaces", required_argument, 0, 'n' },
{ "root", required_argument, 0, 'r' },
{ USK_EXT_PARAM, optional_argument, 0, 'x' },
{ "help", no_argument, 0, 'h' },
{ SK_EST_PARAM, no_argument, 0, 1042 },
{ "close", required_argument, 0, 1043 },
{ "log-pid", no_argument, 0, 1044 },
{ "version", no_argument, 0, 'V' },
{ "evasive-devices", no_argument, 0, 1045 },
{ "pidfile", required_argument, 0, 1046 },
{ "veth-pair", required_argument, 0, 1047 },
{ "action-script", required_argument, 0, 1049 },
{ LREMAP_PARAM, no_argument, 0, 1041 },
{ OPT_SHELL_JOB, no_argument, 0, 'j' },
{ OPT_FILE_LOCKS, no_argument, 0, 'l' },
{ "page-server", no_argument, 0, 1050 },
{ "address", required_argument, 0, 1051 },
{ "port", required_argument, 0, 1052 },
{ "prev-images-dir", required_argument, 0, 1053 },
{ "ms", no_argument, 0, 1054 },
{ "track-mem", no_argument, 0, 1055 },
{ "auto-dedup", no_argument, 0, 1056 },
{ "libdir", required_argument, 0, 'L' },
{ "cpu-cap", optional_argument, 0, 1057 },
{ "force-irmap", no_argument, 0, 1058 },
{ "ext-mount-map", required_argument, 0, 'M' },
{ "exec-cmd", no_argument, 0, 1059 },
{ "manage-cgroups", optional_argument, 0, 1060 },
{ "cgroup-root", required_argument, 0, 1061 },
{ "inherit-fd", required_argument, 0, 1062 },
{ "feature", required_argument, 0, 1063 },
{ "skip-mnt", required_argument, 0, 1064 },
{ "enable-fs", required_argument, 0, 1065 },
{ "enable-external-sharing", no_argument, 0, 1066 },
{ "enable-external-masters", no_argument, 0, 1067 },
{ "freeze-cgroup", required_argument, 0, 1068 },
{ "ghost-limit", required_argument, 0, 1069 },
{ "irmap-scan-path", required_argument, 0, 1070 },
{ "lsm-profile", required_argument, 0, 1071 },
{ "timeout", required_argument, 0, 1072 },
{ "external", required_argument, 0, 1073 },
{ "empty-ns", required_argument, 0, 1074 },
{ "extra", no_argument, 0, 1077 },
{ "experimental", no_argument, 0, 1078 },
{ "all", no_argument, 0, 1079 },
{ },
};
BUILD_BUG_ON(PAGE_SIZE != PAGE_IMAGE_SIZE);
if (fault_injection_init())
return 1;
cr_pb_init();
setproctitle_init(argc, argv, envp);
if (argc < 2)
goto usage;
init_opts();
if (init_service_fd())
return 1;
if (!strcmp(argv[1], "swrk")) {
if (argc < 3)
goto usage;
/*
* This is to start criu service worker from libcriu calls.
* The usage is "criu swrk <fd>" and is not for CLI/scripts.
* The arguments semantics can change at any tyme with the
* corresponding lib call change.
*/
opts.swrk_restore = true;
return cr_service_work(atoi(argv[2]));
}
while (1) {
idx = -1;
opt = getopt_long(argc, argv, short_opts, long_opts, &idx);
if (opt == -1)
break;
switch (opt) {
case 's':
opts.final_state = TASK_STOPPED;
break;
case 'R':
opts.final_state = TASK_ALIVE;
break;
case 'x':
if (optarg && unix_sk_ids_parse(optarg) < 0)
return 1;
opts.ext_unix_sk = true;
break;
case 'p':
pid = atoi(optarg);
if (pid <= 0)
goto bad_arg;
break;
case 't':
tree_id = atoi(optarg);
if (tree_id <= 0)
goto bad_arg;
break;
case 'c':
opts.show_pages_content = true;
break;
case 'f':
opts.show_dump_file = optarg;
break;
case 'F':
opts.show_fmt = optarg;
break;
case 'r':
opts.root = optarg;
break;
case 'd':
opts.restore_detach = true;
break;
case 'S':
opts.restore_sibling = true;
break;
case 'D':
imgs_dir = optarg;
break;
case 'W':
work_dir = optarg;
break;
case 'o':
opts.output = optarg;
break;
case 'n':
if (parse_ns_string(optarg))
goto bad_arg;
break;
case 'v':
if (log_level == LOG_UNSET)
log_level = 0;
if (optarg) {
if (optarg[0] == 'v')
/* handle -vvvvv */
log_level += strlen(optarg) + 1;
else
log_level = atoi(optarg);
} else
log_level++;
break;
case 1041:
pr_info("Will allow link remaps on FS\n");
opts.link_remap_ok = true;
break;
case 1042:
pr_info("Will dump TCP connections\n");
opts.tcp_established_ok = true;
break;
case 1043: {
int fd;
fd = atoi(optarg);
pr_info("Closing fd %d\n", fd);
close(fd);
break;
}
case 1044:
opts.log_file_per_pid = 1;
break;
case 1045:
opts.evasive_devices = true;
break;
case 1046:
opts.pidfile = optarg;
break;
case 1047:
{
char *aux;
aux = strchr(optarg, '=');
if (aux == NULL)
goto bad_arg;
*aux = '\0';
if (veth_pair_add(optarg, aux + 1))
return 1;
}
break;
case 1049:
if (add_script(optarg, 0))
return 1;
break;
case 1050:
opts.use_page_server = true;
break;
case 1051:
opts.addr = optarg;
break;
case 1052:
opts.port = htons(atoi(optarg));
if (!opts.port)
goto bad_arg;
break;
case 'j':
opts.shell_job = true;
break;
case 'l':
opts.handle_file_locks = true;
break;
case 1053:
opts.img_parent = optarg;
break;
case 1055:
opts.track_mem = true;
break;
case 1056:
opts.auto_dedup = true;
break;
case 1057:
if (parse_cpu_cap(&opts, optarg))
goto usage;
break;
case 1058:
opts.force_irmap = true;
break;
case 1054:
pr_err("--ms is deprecated; see \"Check options\" of criu --help\n");
return 1;
case 'L':
opts.libdir = optarg;
break;
case 1059:
has_exec_cmd = true;
break;
case 1060:
if (parse_manage_cgroups(&opts, optarg))
goto usage;
break;
case 1061:
{
char *path, *ctl;
path = strchr(optarg, ':');
if (path) {
*path = '\0';
path++;
ctl = optarg;
} else {
path = optarg;
ctl = NULL;
}
if (new_cg_root_add(ctl, path))
return -1;
}
break;
case 1062:
if (inherit_fd_parse(optarg) < 0)
return 1;
break;
case 1063:
ret = check_add_feature(optarg);
if (ret < 0) /* invalid kernel feature name */
return 1;
if (ret > 0) /* list kernel features and exit */
return 0;
break;
case 1064:
if (!add_skip_mount(optarg))
return 1;
break;
case 1065:
if (!add_fsname_auto(optarg))
return 1;
break;
case 1066:
opts.enable_external_sharing = true;
break;
case 1067:
opts.enable_external_masters = true;
break;
case 1068:
opts.freeze_cgroup = optarg;
break;
case 1069:
opts.ghost_limit = parse_size(optarg);
break;
case 1070:
if (irmap_scan_path_add(optarg))
return -1;
break;
case 1071:
if (parse_lsm_arg(optarg) < 0)
return -1;
break;
case 1072:
opts.timeout = atoi(optarg);
break;
case 'M':
{
char *aux;
if (strcmp(optarg, "auto") == 0) {
opts.autodetect_ext_mounts = true;
break;
}
aux = strchr(optarg, ':');
if (aux == NULL)
goto bad_arg;
*aux = '\0';
if (ext_mount_add(optarg, aux + 1))
return 1;
}
break;
case 1073:
if (add_external(optarg))
return 1;
break;
case 1074:
if (!strcmp("net", optarg))
opts.empty_ns |= CLONE_NEWNET;
else {
pr_err("Unsupported empty namespace: %s", optarg);
return 1;
}
break;
case 1077:
opts.check_extra_features = true;
break;
case 1078:
opts.check_experimental_features = true;
break;
case 1079:
opts.check_extra_features = true;
opts.check_experimental_features = true;
break;
case 'V':
pr_msg("Version: %s\n", CRIU_VERSION);
if (strcmp(CRIU_GITID, "0"))
pr_msg("GitID: %s\n", CRIU_GITID);
return 0;
case 'h':
usage_error = false;
goto usage;
default:
goto usage;
}
}
if (!opts.restore_detach && opts.restore_sibling) {
pr_msg("--restore-sibling only makes sense with --restore-detach\n");
return 1;
}
if (!opts.autodetect_ext_mounts && (opts.enable_external_masters || opts.enable_external_sharing)) {
pr_msg("must specify --ext-mount-map auto with --enable-external-{sharing|masters}");
return 1;
}
if (work_dir == NULL)
work_dir = imgs_dir;
if (optind >= argc) {
pr_msg("Error: command is required\n");
goto usage;
}
if (has_exec_cmd) {
if (argc - optind <= 1) {
pr_msg("Error: --exec-cmd requires a command\n");
goto usage;
}
if (strcmp(argv[optind], "restore")) {
pr_msg("Error: --exec-cmd is available for the restore command only\n");
goto usage;
}
if (opts.restore_detach) {
pr_msg("Error: --restore-detached and --exec-cmd cannot be used together\n");
goto usage;
}
opts.exec_cmd = xmalloc((argc - optind) * sizeof(char *));
if (!opts.exec_cmd)
return 1;
memcpy(opts.exec_cmd, &argv[optind + 1], (argc - optind - 1) * sizeof(char *));
opts.exec_cmd[argc - optind - 1] = NULL;
}
/* We must not open imgs dir, if service is called */
if (strcmp(argv[optind], "service")) {
ret = open_image_dir(imgs_dir);
if (ret < 0)
return 1;
}
if (chdir(work_dir)) {
pr_perror("Can't change directory to %s", work_dir);
return 1;
}
log_set_loglevel(log_level);
if (log_init(opts.output))
return 1;
if (!list_empty(&opts.external) && strcmp(argv[optind], "dump")) {
pr_err("--external is dump-only option\n");
return 1;
}
if (!list_empty(&opts.inherit_fds)) {
if (strcmp(argv[optind], "restore")) {
pr_err("--inherit-fd is restore-only option\n");
return 1;
}
/* now that log file is set up, print inherit fd list */
inherit_fd_log();
}
if (opts.img_parent)
pr_info("Will do snapshot from %s\n", opts.img_parent);
if (!strcmp(argv[optind], "dump")) {
preload_socket_modules();
preload_netfilter_modules();
if (!tree_id)
goto opt_pid_missing;
return cr_dump_tasks(tree_id);
}
if (!strcmp(argv[optind], "pre-dump")) {
if (!tree_id)
goto opt_pid_missing;
return cr_pre_dump_tasks(tree_id) != 0;
}
if (!strcmp(argv[optind], "restore")) {
preload_netfilter_modules();
if (tree_id)
pr_warn("Using -t with criu restore is obsoleted\n");
ret = cr_restore_tasks();
if (ret == 0 && opts.exec_cmd) {
close_pid_proc();
execvp(opts.exec_cmd[0], opts.exec_cmd);
pr_perror("Failed to exec command %s", opts.exec_cmd[0]);
ret = 1;
}
return ret != 0;
}
if (!strcmp(argv[optind], "show")) {
pr_msg("The \"show\" action is deprecated by the CRIT utility.\n");
pr_msg("To view an image use the \"crit decode -i $name --pretty\" command.\n");
return -1;
}
if (!strcmp(argv[optind], "check"))
return cr_check() != 0;
if (!strcmp(argv[optind], "exec")) {
if (!pid)
pid = tree_id; /* old usage */
if (!pid)
goto opt_pid_missing;
return cr_exec(pid, argv + optind + 1) != 0;
}
if (!strcmp(argv[optind], "page-server"))
return cr_page_server(opts.daemon_mode, -1) > 0 ? 0 : 1;
if (!strcmp(argv[optind], "service"))
return cr_service(opts.daemon_mode);
if (!strcmp(argv[optind], "dedup"))
return cr_dedup() != 0;
if (!strcmp(argv[optind], "cpuinfo")) {
if (!argv[optind + 1])
goto usage;
if (!strcmp(argv[optind + 1], "dump"))
return cpuinfo_dump();
else if (!strcmp(argv[optind + 1], "check"))
return cpuinfo_check();
}
pr_msg("Error: unknown command: %s\n", argv[optind]);
usage:
pr_msg("\n"
"Usage:\n"
" criu dump|pre-dump -t PID [<options>]\n"
" criu restore [<options>]\n"
" criu check [--feature FEAT]\n"
" criu exec -p PID <syscall-string>\n"
" criu page-server\n"
" criu service [<options>]\n"
" criu dedup\n"
"\n"
"Commands:\n"
" dump checkpoint a process/tree identified by pid\n"
" pre-dump pre-dump task(s) minimizing their frozen time\n"
" restore restore a process/tree\n"
" check checks whether the kernel support is up-to-date\n"
" exec execute a system call by other task\n"
" page-server launch page server\n"
" service launch service\n"
" dedup remove duplicates in memory dump\n"
" cpuinfo dump writes cpu information into image file\n"
" cpuinfo check validates cpu information read from image file\n"
);
if (usage_error) {
pr_msg("\nTry -h|--help for more info\n");
return 1;
}
pr_msg("\n"
"Dump/Restore options:\n"
"\n"
"* Generic:\n"
" -t|--tree PID checkpoint a process tree identified by PID\n"
" -d|--restore-detached detach after restore\n"
" -S|--restore-sibling restore root task as sibling\n"
" -s|--leave-stopped leave tasks in stopped state after checkpoint\n"
" -R|--leave-running leave tasks in running state after checkpoint\n"
" -D|--images-dir DIR directory for image files\n"
" --pidfile FILE write root task, service or page-server pid to FILE\n"
" -W|--work-dir DIR directory to cd and write logs/pidfiles/stats to\n"
" (if not specified, value of --images-dir is used)\n"
" --cpu-cap [CAP] require certain cpu capability. CAP: may be one of:\n"
" 'cpu','fpu','all','ins','none'. To disable capability, prefix it with '^'.\n"
" --exec-cmd execute the command specified after '--' on successful\n"
" restore making it the parent of the restored process\n"
" --freeze-cgroup\n"
" use cgroup freezer to collect processes\n"
"\n"
"* Special resources support:\n"
" -x|--" USK_EXT_PARAM "inode,.." " allow external unix connections (optionally can be assign socket's inode that allows one-sided dump)\n"
" --" SK_EST_PARAM " checkpoint/restore established TCP connections\n"
" -r|--root PATH change the root filesystem (when run in mount namespace)\n"
" --evasive-devices use any path to a device file if the original one\n"
" is inaccessible\n"
" --veth-pair IN=OUT map inside veth device name to outside one\n"
" can optionally append @<bridge-name> to OUT for moving\n"
" the outside veth to the named bridge\n"
" --link-remap allow one to link unlinked files back when possible\n"
" --ghost-limit size specify maximum size of deleted file contents to be carried inside an image file\n"
" --action-script FILE add an external action script\n"
" -j|--" OPT_SHELL_JOB " allow one to dump and restore shell jobs\n"
" -l|--" OPT_FILE_LOCKS " handle file locks, for safety, only used for container\n"
" -L|--libdir path to a plugin directory (by default " CR_PLUGIN_DEFAULT ")\n"
" --force-irmap force resolving names for inotify/fsnotify watches\n"
" --irmap-scan-path FILE\n"
" add a path the irmap hints to scan\n"
" -M|--ext-mount-map KEY:VALUE\n"
" add external mount mapping\n"
" -M|--ext-mount-map auto\n"
" attempt to autodetect external mount mapings\n"
" --enable-external-sharing\n"
" allow autoresolving mounts with external sharing\n"
" --enable-external-masters\n"
" allow autoresolving mounts with external masters\n"
" --manage-cgroups [m] dump or restore cgroups the process is in usig mode:\n"
" 'none', 'props', 'soft' (default), 'full' and 'strict'.\n"
" --cgroup-root [controller:]/newroot\n"
" change the root cgroup the controller will be\n"
" installed into. No controller means that root is the\n"
" default for all controllers not specified.\n"
" --skip-mnt PATH ignore this mountpoint when dumping the mount namespace.\n"
" --enable-fs FSNAMES a comma separated list of filesystem names or \"all\".\n"
" force criu to (try to) dump/restore these filesystem's\n"
" mountpoints even if fs is not supported.\n"
" --external RES dump objects from this list as external resources:\n"
" Formats of RES:\n"
" tty[rdev:dev]\n"
" file[mnt_id:inode]\n"
" --inherit-fd fd[<num>]:<existing>\n"
" Inherit file descriptors. This allows to treat file descriptor\n"
" <num> as being already opened via <existing> one and instead of\n"
" trying to open we inherit it:\n"
" tty[rdev:dev]\n"
" pipe[inode]\n"
" socket[inode]\n"
" file[mnt_id:inode]\n"
" --empty-ns {net}\n"
" Create a namespace, but don't restore its properies.\n"
" An user will retore them from action scripts.\n"
"Check options:\n"
" without any arguments, \"criu check\" checks availability of absolutely required\n"
" kernel features; if any of these features is missing dump and restore will fail\n"
" --extra also check availability of extra kernel features\n"
" --experimental also check availability of experimental kernel features\n"
" --all also check availability of extra and experimental kernel features\n"
" --feature FEAT only check availability of one of the following kernel features\n"
" "
);
check_add_feature("list");
pr_msg(
"\n"
"* Logging:\n"
" -o|--log-file FILE log file name\n"
" --log-pid enable per-process logging to separate FILE.pid files\n"
" -v[NUM] set logging level (higher level means more output):\n"
" -v1|-v - only errors and messages\n"
" -v2|-vv - also warnings (default level)\n"
" -v3|-vvv - also information messages and timestamps\n"
" -v4|-vvvv - lots of debug\n"
"\n"
"* Memory dumping options:\n"
" --track-mem turn on memory changes tracker in kernel\n"
" --prev-images-dir DIR path to images from previous dump (relative to -D)\n"
" --page-server send pages to page server (see options below as well)\n"
" --auto-dedup when used on dump it will deduplicate \"old\" data in\n"
" pages images of previous dump\n"
" when used on restore, as soon as page is restored, it\n"
" will be punched from the image.\n"
"\n"
"Page/Service server options:\n"
" --address ADDR address of server or service\n"
" --port PORT port of page server\n"
" -d|--daemon run in the background after creating socket\n"
"\n"
"Other options:\n"
" -h|--help show this text\n"
" -V|--version show version\n"
);
return 0;
opt_pid_missing:
pr_msg("Error: pid not specified\n");
return 1;
bad_arg:
if (idx < 0) /* short option */
pr_msg("Error: invalid argument for -%c: %s\n",
opt, optarg);
else /* long option */
pr_msg("Error: invalid argument for --%s: %s\n",
long_opts[idx].name, optarg);
return 1;
}
int main(int argc, char *argv[], char *envp[])
{
#define BOOL_OPT(OPT_NAME, SAVE_TO) \
{OPT_NAME, no_argument, SAVE_TO, true},\
{"no-" OPT_NAME, no_argument, SAVE_TO, false}
pid_t pid = 0, tree_id = 0;
int ret = -1;
bool usage_error = true;
bool has_exec_cmd = false;
bool has_sub_command;
int opt, idx;
int log_level = DEFAULT_LOGLEVEL;
char *imgs_dir = ".";
static const char short_opts[] = "dSsRf:F:t:p:hcD:o:v::x::Vr:jJ:lW:L:M:";
static struct option long_opts[] = {
{ "tree", required_argument, 0, 't' },
{ "pid", required_argument, 0, 'p' },
{ "leave-stopped", no_argument, 0, 's' },
{ "leave-running", no_argument, 0, 'R' },
BOOL_OPT("restore-detached", &opts.restore_detach),
BOOL_OPT("restore-sibling", &opts.restore_sibling),
BOOL_OPT("daemon", &opts.restore_detach),
{ "contents", no_argument, 0, 'c' },
{ "file", required_argument, 0, 'f' },
{ "fields", required_argument, 0, 'F' },
{ "images-dir", required_argument, 0, 'D' },
{ "work-dir", required_argument, 0, 'W' },
{ "log-file", required_argument, 0, 'o' },
{ "join-ns", required_argument, 0, 'J' },
{ "root", required_argument, 0, 'r' },
{ USK_EXT_PARAM, optional_argument, 0, 'x' },
{ "help", no_argument, 0, 'h' },
BOOL_OPT(SK_EST_PARAM, &opts.tcp_established_ok),
{ "close", required_argument, 0, 1043 },
BOOL_OPT("log-pid", &opts.log_file_per_pid),
{ "version", no_argument, 0, 'V' },
BOOL_OPT("evasive-devices", &opts.evasive_devices),
{ "pidfile", required_argument, 0, 1046 },
{ "veth-pair", required_argument, 0, 1047 },
{ "action-script", required_argument, 0, 1049 },
BOOL_OPT(LREMAP_PARAM, &opts.link_remap_ok),
BOOL_OPT(OPT_SHELL_JOB, &opts.shell_job),
BOOL_OPT(OPT_FILE_LOCKS, &opts.handle_file_locks),
BOOL_OPT("page-server", &opts.use_page_server),
{ "address", required_argument, 0, 1051 },
{ "port", required_argument, 0, 1052 },
{ "prev-images-dir", required_argument, 0, 1053 },
{ "ms", no_argument, 0, 1054 },
BOOL_OPT("track-mem", &opts.track_mem),
BOOL_OPT("auto-dedup", &opts.auto_dedup),
{ "libdir", required_argument, 0, 'L' },
{ "cpu-cap", optional_argument, 0, 1057 },
BOOL_OPT("force-irmap", &opts.force_irmap),
{ "ext-mount-map", required_argument, 0, 'M' },
{ "exec-cmd", no_argument, 0, 1059 },
{ "manage-cgroups", optional_argument, 0, 1060 },
{ "cgroup-root", required_argument, 0, 1061 },
{ "inherit-fd", required_argument, 0, 1062 },
{ "feature", required_argument, 0, 1063 },
{ "skip-mnt", required_argument, 0, 1064 },
{ "enable-fs", required_argument, 0, 1065 },
{ "enable-external-sharing", no_argument, &opts.enable_external_sharing, true },
{ "enable-external-masters", no_argument, &opts.enable_external_masters, true },
{ "freeze-cgroup", required_argument, 0, 1068 },
{ "ghost-limit", required_argument, 0, 1069 },
{ "irmap-scan-path", required_argument, 0, 1070 },
{ "lsm-profile", required_argument, 0, 1071 },
{ "timeout", required_argument, 0, 1072 },
{ "external", required_argument, 0, 1073 },
{ "empty-ns", required_argument, 0, 1074 },
BOOL_OPT("extra", &opts.check_extra_features),
BOOL_OPT("experimental", &opts.check_experimental_features),
{ "all", no_argument, 0, 1079 },
{ "cgroup-props", required_argument, 0, 1080 },
{ "cgroup-props-file", required_argument, 0, 1081 },
{ "cgroup-dump-controller", required_argument, 0, 1082 },
BOOL_OPT(SK_INFLIGHT_PARAM, &opts.tcp_skip_in_flight),
BOOL_OPT("deprecated", &opts.deprecated_ok),
BOOL_OPT("display-stats", &opts.display_stats),
BOOL_OPT("weak-sysctls", &opts.weak_sysctls),
{ "status-fd", required_argument, 0, 1088 },
{ },
};
#undef BOOL_OPT
BUILD_BUG_ON(PAGE_SIZE != PAGE_IMAGE_SIZE);
BUILD_BUG_ON(CTL_32 != SYSCTL_TYPE__CTL_32);
BUILD_BUG_ON(__CTL_STR != SYSCTL_TYPE__CTL_STR);
if (fault_injection_init())
return 1;
cr_pb_init();
setproctitle_init(argc, argv, envp);
if (argc < 2)
goto usage;
init_opts();
if (init_service_fd())
return 1;
if (!strcmp(argv[1], "swrk")) {
if (argc < 3)
goto usage;
/*
* This is to start criu service worker from libcriu calls.
* The usage is "criu swrk <fd>" and is not for CLI/scripts.
* The arguments semantics can change at any time with the
* corresponding lib call change.
*/
opts.swrk_restore = true;
return cr_service_work(atoi(argv[2]));
}
while (1) {
idx = -1;
opt = getopt_long(argc, argv, short_opts, long_opts, &idx);
if (opt == -1)
break;
if (!opt)
continue;
switch (opt) {
case 's':
opts.final_state = TASK_STOPPED;
break;
case 'R':
opts.final_state = TASK_ALIVE;
break;
case 'x':
if (optarg && unix_sk_ids_parse(optarg) < 0)
return 1;
opts.ext_unix_sk = true;
break;
case 'p':
pid = atoi(optarg);
if (pid <= 0)
goto bad_arg;
break;
case 't':
tree_id = atoi(optarg);
if (tree_id <= 0)
goto bad_arg;
break;
case 'c':
opts.show_pages_content = true;
break;
case 'f':
opts.show_dump_file = optarg;
break;
case 'F':
opts.show_fmt = optarg;
break;
case 'r':
opts.root = optarg;
break;
case 'd':
opts.restore_detach = true;
break;
case 'S':
opts.restore_sibling = true;
break;
case 'D':
imgs_dir = optarg;
break;
case 'W':
opts.work_dir = optarg;
break;
case 'o':
opts.output = optarg;
break;
case 'J':
if (parse_join_ns(optarg))
goto bad_arg;
break;
case 'v':
if (optarg) {
if (optarg[0] == 'v')
/* handle -vvvvv */
log_level += strlen(optarg) + 1;
else
log_level = atoi(optarg);
} else
log_level++;
break;
case 1043: {
int fd;
fd = atoi(optarg);
pr_info("Closing fd %d\n", fd);
close(fd);
break;
}
case 1046:
opts.pidfile = optarg;
break;
case 1047:
{
char *aux;
aux = strchr(optarg, '=');
if (aux == NULL)
goto bad_arg;
*aux = '\0';
if (veth_pair_add(optarg, aux + 1))
return 1;
}
break;
case 1049:
if (add_script(optarg))
return 1;
break;
case 1051:
opts.addr = optarg;
break;
case 1052:
opts.port = htons(atoi(optarg));
if (!opts.port)
goto bad_arg;
break;
case 'j':
opts.shell_job = true;
break;
case 'l':
opts.handle_file_locks = true;
break;
case 1053:
opts.img_parent = optarg;
break;
case 1057:
if (parse_cpu_cap(&opts, optarg))
goto usage;
break;
case 1058:
opts.force_irmap = true;
break;
case 1054:
pr_err("--ms is deprecated; see \"Check options\" of criu --help\n");
return 1;
case 'L':
opts.libdir = optarg;
break;
case 1059:
has_exec_cmd = true;
break;
case 1060:
if (parse_manage_cgroups(&opts, optarg))
goto usage;
break;
case 1061:
{
char *path, *ctl;
path = strchr(optarg, ':');
if (path) {
*path = '\0';
path++;
ctl = optarg;
} else {
path = optarg;
ctl = NULL;
}
if (new_cg_root_add(ctl, path))
return -1;
}
break;
case 1062:
if (inherit_fd_parse(optarg) < 0)
return 1;
break;
case 1063:
ret = check_add_feature(optarg);
if (ret < 0) /* invalid kernel feature name */
return 1;
if (ret > 0) /* list kernel features and exit */
return 0;
break;
case 1064:
if (!add_skip_mount(optarg))
return 1;
break;
case 1065:
if (!add_fsname_auto(optarg))
return 1;
break;
case 1068:
opts.freeze_cgroup = optarg;
break;
case 1069:
opts.ghost_limit = parse_size(optarg);
break;
case 1070:
if (irmap_scan_path_add(optarg))
return -1;
break;
case 1071:
opts.lsm_profile = optarg;
opts.lsm_supplied = true;
break;
case 1072:
opts.timeout = atoi(optarg);
break;
case 'M':
{
char *aux;
if (strcmp(optarg, "auto") == 0) {
opts.autodetect_ext_mounts = true;
break;
}
aux = strchr(optarg, ':');
if (aux == NULL)
goto bad_arg;
*aux = '\0';
if (ext_mount_add(optarg, aux + 1))
return 1;
}
break;
case 1073:
if (add_external(optarg))
return 1;
break;
case 1074:
if (!strcmp("net", optarg))
opts.empty_ns |= CLONE_NEWNET;
else {
pr_err("Unsupported empty namespace: %s\n",
optarg);
return 1;
}
break;
case 1079:
opts.check_extra_features = true;
opts.check_experimental_features = true;
break;
case 1080:
opts.cgroup_props = optarg;
break;
case 1081:
opts.cgroup_props_file = optarg;
break;
case 1082:
if (!cgp_add_dump_controller(optarg))
return 1;
break;
case 1088:
if (sscanf(optarg, "%d", &opts.status_fd) != 1) {
pr_err("Unable to parse a value of --status-fd\n");
return 1;
}
break;
case 'V':
pr_msg("Version: %s\n", CRIU_VERSION);
if (strcmp(CRIU_GITID, "0"))
pr_msg("GitID: %s\n", CRIU_GITID);
return 0;
case 'h':
usage_error = false;
goto usage;
default:
goto usage;
}
}
if (opts.deprecated_ok)
pr_msg("Turn deprecated stuff ON\n");
if (opts.tcp_skip_in_flight)
pr_msg("Will skip in-flight TCP connections\n");
if (opts.tcp_established_ok)
pr_info("Will dump TCP connections\n");
if (opts.link_remap_ok)
pr_info("Will allow link remaps on FS\n");
if (opts.weak_sysctls)
pr_msg("Will skip non-existant sysctls on restore\n");
if (getenv("CRIU_DEPRECATED")) {
pr_msg("Turn deprecated stuff ON via env\n");
opts.deprecated_ok = true;
}
if (check_namespace_opts()) {
pr_msg("Error: namespace flags conflict\n");
return 1;
}
if (!opts.restore_detach && opts.restore_sibling) {
pr_msg("--restore-sibling only makes sense with --restore-detach\n");
return 1;
}
if (opts.work_dir == NULL)
opts.work_dir = imgs_dir;
if (optind >= argc) {
pr_msg("Error: command is required\n");
goto usage;
}
if (!strcmp(argv[optind], "exec")) {
pr_msg("The \"exec\" action is deprecated by the Compel library.\n");
return -1;
}
has_sub_command = (argc - optind) > 1;
if (has_exec_cmd) {
if (!has_sub_command) {
pr_msg("Error: --exec-cmd requires a command\n");
goto usage;
}
if (strcmp(argv[optind], "restore")) {
pr_msg("Error: --exec-cmd is available for the restore command only\n");
goto usage;
}
if (opts.restore_detach) {
pr_msg("Error: --restore-detached and --exec-cmd cannot be used together\n");
goto usage;
}
opts.exec_cmd = xmalloc((argc - optind) * sizeof(char *));
if (!opts.exec_cmd)
return 1;
memcpy(opts.exec_cmd, &argv[optind + 1], (argc - optind - 1) * sizeof(char *));
opts.exec_cmd[argc - optind - 1] = NULL;
} else {
/* No subcommands except for cpuinfo and restore --exec-cmd */
if (strcmp(argv[optind], "cpuinfo") && has_sub_command) {
pr_msg("Error: excessive parameter%s for command %s\n",
(argc - optind) > 2 ? "s" : "", argv[optind]);
goto usage;
}
}
/* We must not open imgs dir, if service is called */
if (strcmp(argv[optind], "service")) {
ret = open_image_dir(imgs_dir);
if (ret < 0)
return 1;
}
/*
* When a process group becomes an orphan,
* its processes are sent a SIGHUP signal
*/
if (!strcmp(argv[optind], "restore") &&
opts.restore_detach &&
opts.final_state == TASK_STOPPED &&
opts.shell_job)
pr_warn("Stopped and detached shell job will get SIGHUP from OS.");
if (chdir(opts.work_dir)) {
pr_perror("Can't change directory to %s", opts.work_dir);
return 1;
}
log_set_loglevel(log_level);
if (log_init(opts.output))
return 1;
libsoccr_set_log(log_level, print_on_level);
compel_log_init(vprint_on_level, log_get_loglevel());
pr_debug("Version: %s (gitid %s)\n", CRIU_VERSION, CRIU_GITID);
if (opts.deprecated_ok)
pr_debug("DEPRECATED ON\n");
if (!list_empty(&opts.inherit_fds)) {
if (strcmp(argv[optind], "restore")) {
pr_err("--inherit-fd is restore-only option\n");
return 1;
}
/* now that log file is set up, print inherit fd list */
inherit_fd_log();
}
if (opts.img_parent)
pr_info("Will do snapshot from %s\n", opts.img_parent);
if (!strcmp(argv[optind], "dump")) {
if (!tree_id)
goto opt_pid_missing;
return cr_dump_tasks(tree_id);
}
if (!strcmp(argv[optind], "pre-dump")) {
if (!tree_id)
goto opt_pid_missing;
return cr_pre_dump_tasks(tree_id) != 0;
}
if (!strcmp(argv[optind], "restore")) {
if (tree_id)
pr_warn("Using -t with criu restore is obsoleted\n");
ret = cr_restore_tasks();
if (ret == 0 && opts.exec_cmd) {
close_pid_proc();
execvp(opts.exec_cmd[0], opts.exec_cmd);
pr_perror("Failed to exec command %s", opts.exec_cmd[0]);
ret = 1;
}
return ret != 0;
}
if (!strcmp(argv[optind], "show")) {
pr_msg("The \"show\" action is deprecated by the CRIT utility.\n");
pr_msg("To view an image use the \"crit decode -i $name --pretty\" command.\n");
return -1;
}
if (!strcmp(argv[optind], "check"))
return cr_check() != 0;
if (!strcmp(argv[optind], "page-server"))
return cr_page_server(opts.daemon_mode, -1) != 0;
if (!strcmp(argv[optind], "service"))
return cr_service(opts.daemon_mode);
if (!strcmp(argv[optind], "dedup"))
return cr_dedup() != 0;
if (!strcmp(argv[optind], "cpuinfo")) {
if (!argv[optind + 1]) {
pr_msg("Error: cpuinfo requires an action: dump or check\n");
goto usage;
}
if (!strcmp(argv[optind + 1], "dump"))
return cpuinfo_dump();
else if (!strcmp(argv[optind + 1], "check"))
return cpuinfo_check();
}
pr_msg("Error: unknown command: %s\n", argv[optind]);
usage:
pr_msg("\n"
"Usage:\n"
" criu dump|pre-dump -t PID [<options>]\n"
" criu restore [<options>]\n"
" criu check [--feature FEAT]\n"
" criu page-server\n"
" criu service [<options>]\n"
" criu dedup\n"
"\n"
"Commands:\n"
" dump checkpoint a process/tree identified by pid\n"
" pre-dump pre-dump task(s) minimizing their frozen time\n"
" restore restore a process/tree\n"
" check checks whether the kernel support is up-to-date\n"
" page-server launch page server\n"
" service launch service\n"
" dedup remove duplicates in memory dump\n"
" cpuinfo dump writes cpu information into image file\n"
" cpuinfo check validates cpu information read from image file\n"
);
if (usage_error) {
pr_msg("\nTry -h|--help for more info\n");
return 1;
}
pr_msg("\n"
"Most of the true / false long options (the ones without arguments) can be\n"
"prefixed with --no- to negate the option (example: --display-stats and\n"
"--no-display-stats).\n"
"\n"
"Dump/Restore options:\n"
"\n"
"* Generic:\n"
" -t|--tree PID checkpoint a process tree identified by PID\n"
" -d|--restore-detached detach after restore\n"
" -S|--restore-sibling restore root task as sibling\n"
" -s|--leave-stopped leave tasks in stopped state after checkpoint\n"
" -R|--leave-running leave tasks in running state after checkpoint\n"
" -D|--images-dir DIR directory for image files\n"
" --pidfile FILE write root task, service or page-server pid to FILE\n"
" -W|--work-dir DIR directory to cd and write logs/pidfiles/stats to\n"
" (if not specified, value of --images-dir is used)\n"
" --cpu-cap [CAP] CPU capabilities to write/check. CAP is comma-separated\n"
" list of: cpu, fpu, all, ins, none. To disable\n"
" a capability, use ^CAP. Empty argument implies all\n"
" --exec-cmd execute the command specified after '--' on successful\n"
" restore making it the parent of the restored process\n"
" --freeze-cgroup use cgroup freezer to collect processes\n"
" --weak-sysctls skip restoring sysctls that are not available\n"
"\n"
"* External resources support:\n"
" --external RES dump objects from this list as external resources:\n"
" Formats of RES on dump:\n"
" tty[rdev:dev]\n"
" file[mnt_id:inode]\n"
" dev[major/minor]:NAME\n"
" unix[ino]\n"
" mnt[MOUNTPOINT]:COOKIE\n"
" mnt[]{:AUTO_OPTIONS}\n"
" Formats of RES on restore:\n"
" dev[NAME]:DEVPATH\n"
" veth[IFNAME]:OUTNAME{@BRIDGE}\n"
" macvlan[IFNAME]:OUTNAME\n"
" mnt[COOKIE]:ROOT\n"
"\n"
"* Special resources support:\n"
" --" SK_EST_PARAM " checkpoint/restore established TCP connections\n"
" --" SK_INFLIGHT_PARAM " skip (ignore) in-flight TCP connections\n"
" -r|--root PATH change the root filesystem (when run in mount namespace)\n"
" --evasive-devices use any path to a device file if the original one\n"
" is inaccessible\n"
" --link-remap allow one to link unlinked files back when possible\n"
" --ghost-limit size limit max size of deleted file contents inside image\n"
" --action-script FILE add an external action script\n"
" -j|--" OPT_SHELL_JOB " allow one to dump and restore shell jobs\n"
" -l|--" OPT_FILE_LOCKS " handle file locks, for safety, only used for container\n"
" -L|--libdir path to a plugin directory (by default " CR_PLUGIN_DEFAULT ")\n"
" --force-irmap force resolving names for inotify/fsnotify watches\n"
" --irmap-scan-path FILE\n"
" add a path the irmap hints to scan\n"
" --manage-cgroups [m] dump/restore process' cgroups; argument can be one of\n"
" 'none', 'props', 'soft' (default), 'full' or 'strict'\n"
" --cgroup-root [controller:]/newroot\n"
" on dump: change the root for the controller that will\n"
" be dumped. By default, only the paths with tasks in\n"
" them and below will be dumped.\n"
" on restore: change the root cgroup the controller will\n"
" be installed into. No controller means that root is the\n"
" default for all controllers not specified\n"
" --cgroup-props STRING\n"
" define cgroup controllers and properties\n"
" to be checkpointed, which are described\n"
" via STRING using simplified YAML format\n"
" --cgroup-props-file FILE\n"
" same as --cgroup-props, but taking description\n"
" from the path specified\n"
" --cgroup-dump-controller NAME\n"
" define cgroup controller to be dumped\n"
" and skip anything else present in system\n"
" --skip-mnt PATH ignore this mountpoint when dumping the mount namespace\n"
" --enable-fs FSNAMES a comma separated list of filesystem names or \"all\"\n"
" force criu to (try to) dump/restore these filesystem's\n"
" mountpoints even if fs is not supported\n"
" --inherit-fd fd[NUM]:RES\n"
" Inherit file descriptors, treating fd NUM as being\n"
" already opened via an existing RES, which can be:\n"
" tty[rdev:dev]\n"
" pipe[inode]\n"
" socket[inode]\n"
" file[mnt_id:inode]\n"
" path/to/file\n"
" --empty-ns net Create a namespace, but don't restore its properties\n"
" (assuming it will be restored by action scripts)\n"
" -J|--join-ns NS:{PID|NS_FILE}[,OPTIONS]\n"
" Join existing namespace and restore process in it.\n"
" Namespace can be specified as either pid or file path.\n"
" OPTIONS can be used to specify parameters for userns:\n"
" user:PID,UID,GID\n"
"\n"
"Check options:\n"
" Without options, \"criu check\" checks availability of absolutely required\n"
" kernel features, critical for performing dump and restore.\n"
" --extra add check for extra kernel features\n"
" --experimental add check for experimental kernel features\n"
" --all same as --extra --experimental\n"
" --feature FEAT only check a particular feature, one of:"
);
pr_check_features(" ", ", ", 80);
pr_msg(
"\n"
"* Logging:\n"
" -o|--log-file FILE log file name\n"
" --log-pid enable per-process logging to separate FILE.pid files\n"
" -v[v...] increase verbosity (can use multiple v)\n"
" -vNUM set verbosity to NUM (higher level means more output):\n"
" -v1 - only errors and messages\n"
" -v2 - also warnings (default level)\n"
" -v3 - also information messages and timestamps\n"
" -v4 - lots of debug\n"
" --display-stats print out dump/restore stats\n"
"\n"
"* Memory dumping options:\n"
" --track-mem turn on memory changes tracker in kernel\n"
" --prev-images-dir DIR path to images from previous dump (relative to -D)\n"
" --page-server send pages to page server (see options below as well)\n"
" --auto-dedup when used on dump it will deduplicate \"old\" data in\n"
" pages images of previous dump\n"
" when used on restore, as soon as page is restored, it\n"
" will be punched from the image\n"
"\n"
"Page/Service server options:\n"
" --address ADDR address of server or service\n"
" --port PORT port of page server\n"
" -d|--daemon run in the background after creating socket\n"
" --status-fd FD write \\0 to the FD and close it once process is ready\n"
" to handle requests\n"
"\n"
"Other options:\n"
" -h|--help show this text\n"
" -V|--version show version\n"
);
return 0;
opt_pid_missing:
pr_msg("Error: pid not specified\n");
return 1;
bad_arg:
if (idx < 0) /* short option */
pr_msg("Error: invalid argument for -%c: %s\n",
opt, optarg);
else /* long option */
pr_msg("Error: invalid argument for --%s: %s\n",
long_opts[idx].name, optarg);
return 1;
}
static int setup_opts_from_req(int sk, CriuOpts *req)
{
struct ucred ids;
struct stat st;
socklen_t ids_len = sizeof(struct ucred);
char images_dir_path[PATH_MAX];
char work_dir_path[PATH_MAX];
int i;
if (getsockopt(sk, SOL_SOCKET, SO_PEERCRED, &ids, &ids_len)) {
pr_perror("Can't get socket options");
return -1;
}
if (restrict_uid(ids.uid, ids.gid))
return -1;
if (fstat(sk, &st)) {
pr_perror("Can't get socket stat");
return -1;
}
BUG_ON(st.st_ino == -1);
service_sk_ino = st.st_ino;
/* open images_dir */
sprintf(images_dir_path, "/proc/%d/fd/%d", ids.pid, req->images_dir_fd);
if (req->parent_img)
opts.img_parent = req->parent_img;
if (open_image_dir(images_dir_path) < 0) {
pr_perror("Can't open images directory");
return -1;
}
/* get full path to images_dir to use in process title */
if (readlink(images_dir_path, images_dir, PATH_MAX) == -1) {
pr_perror("Can't readlink %s", images_dir_path);
return -1;
}
/* chdir to work dir */
if (req->has_work_dir_fd)
sprintf(work_dir_path, "/proc/%d/fd/%d", ids.pid, req->work_dir_fd);
else
strcpy(work_dir_path, images_dir_path);
if (chdir(work_dir_path)) {
pr_perror("Can't chdir to work_dir");
return -1;
}
/* initiate log file in work dir */
if (req->log_file) {
if (strchr(req->log_file, '/')) {
pr_perror("No subdirs are allowed in log_file name");
return -1;
}
opts.output = req->log_file;
} else
opts.output = DEFAULT_LOG_FILENAME;
log_set_loglevel(req->log_level);
if (log_init(opts.output) == -1) {
pr_perror("Can't initiate log");
return -1;
}
/* checking flags from client */
if (req->has_leave_running && req->leave_running)
opts.final_state = TASK_ALIVE;
if (!req->has_pid) {
req->has_pid = true;
req->pid = ids.pid;
}
if (req->has_ext_unix_sk)
opts.ext_unix_sk = req->ext_unix_sk;
if (req->root)
opts.root = req->root;
if (req->has_rst_sibling) {
if (!opts.swrk_restore) {
pr_err("rst_sibling is not allowed in standalone service\n");
return -1;
}
opts.restore_sibling = req->rst_sibling;
}
if (req->has_tcp_established)
opts.tcp_established_ok = req->tcp_established;
if (req->has_evasive_devices)
opts.evasive_devices = req->evasive_devices;
if (req->has_shell_job)
opts.shell_job = req->shell_job;
if (req->has_file_locks)
opts.handle_file_locks = req->file_locks;
if (req->has_track_mem)
opts.track_mem = req->track_mem;
if (req->has_link_remap)
opts.link_remap_ok = req->link_remap;
if (req->has_auto_dedup)
opts.auto_dedup = req->auto_dedup;
if (req->has_force_irmap)
opts.force_irmap = req->force_irmap;
if (req->n_exec_cmd > 0) {
opts.exec_cmd = xmalloc((req->n_exec_cmd + 1) * sizeof(char *));
memcpy(opts.exec_cmd, req->exec_cmd, req->n_exec_cmd * sizeof(char *));
opts.exec_cmd[req->n_exec_cmd] = NULL;
}
if (req->ps) {
opts.use_page_server = true;
opts.addr = req->ps->address;
opts.ps_port = htons((short)req->ps->port);
if (req->ps->has_fd) {
if (!opts.swrk_restore)
return -1;
opts.ps_socket = req->ps->fd;
}
}
if (req->notify_scripts &&
add_script(SCRIPT_RPC_NOTIFY, sk))
return -1;
for (i = 0; i < req->n_veths; i++) {
if (veth_pair_add(req->veths[i]->if_in, req->veths[i]->if_out))
return -1;
}
for (i = 0; i < req->n_ext_mnt; i++) {
if (ext_mount_add(req->ext_mnt[i]->key, req->ext_mnt[i]->val))
return -1;
}
for (i = 0; i < req->n_cg_root; i++) {
if (new_cg_root_add(req->cg_root[i]->ctrl,
req->cg_root[i]->path))
return -1;
}
if (req->has_cpu_cap)
opts.cpu_cap = req->cpu_cap;
if (req->has_manage_cgroups)
opts.manage_cgroups = req->manage_cgroups;
return 0;
}
static int handle_args (int argc, qse_char_t* argv[])
{
static qse_opt_lng_t lng[] =
{
#if defined(QSE_CHAR_IS_WCHAR)
{ QSE_T(":script-encoding"), QSE_T('\0') },
{ QSE_T(":infile-encoding"), QSE_T('\0') },
{ QSE_T(":outfile-encoding"), QSE_T('\0') },
#endif
{ QSE_T("version"), QSE_T('\0') },
{ QSE_T("help"), QSE_T('h') },
{ QSE_NULL, QSE_T('\0') }
};
static qse_opt_t opt =
{
#if defined(QSE_BUILD_DEBUG)
QSE_T("hne:f:o:rRisabxytm:wX:"),
#else
QSE_T("hne:f:o:rRisabxytm:w"),
#endif
lng
};
qse_cint_t c;
while ((c = qse_getopt (argc, argv, &opt)) != QSE_CHAR_EOF)
{
switch (c)
{
default:
print_usage (QSE_STDERR, argc, argv);
goto oops;
case QSE_T('?'):
qse_fprintf (QSE_STDERR,
QSE_T("ERROR: bad option - %c\n"),
opt.opt
);
print_usage (QSE_STDERR, argc, argv);
goto oops;
case QSE_T(':'):
qse_fprintf (QSE_STDERR,
QSE_T("ERROR: bad parameter for %c\n"),
opt.opt
);
print_usage (QSE_STDERR, argc, argv);
goto oops;
case QSE_T('h'):
print_usage (QSE_STDOUT, argc, argv);
goto done;
case QSE_T('n'):
g_option |= QSE_SED_QUIET;
break;
case QSE_T('e'):
if (add_script (opt.arg, 1) <= -1) goto oops;
break;
case QSE_T('f'):
if (add_script (opt.arg, 0) <= -1) goto oops;
break;
case QSE_T('o'):
g_output_file = opt.arg;
break;
case QSE_T('r'):
g_option |= QSE_SED_EXTENDEDREX;
break;
case QSE_T('R'):
g_option |= QSE_SED_NONSTDEXTREX;
break;
case QSE_T('i'):
/* 'i' implies 's'. */
g_inplace = 1;
case QSE_T('s'):
g_separate = 1;
break;
case QSE_T('a'):
g_option |= QSE_SED_STRICT;
break;
case QSE_T('b'):
g_option |= QSE_SED_EXTENDEDADR;
break;
case QSE_T('x'):
g_option |= QSE_SED_SAMELINE;
break;
case QSE_T('y'):
g_option |= QSE_SED_ENSURENL;
break;
case QSE_T('t'):
#if defined(QSE_ENABLE_SEDTRACER)
g_trace = 1;
break;
#else
print_usage (QSE_STDERR, argc, argv);
goto oops;
#endif
case QSE_T('m'):
g_memlimit = qse_strtoulong (opt.arg, 10);
break;
case QSE_T('w'):
g_wildcard = 1;
break;
#if defined(QSE_BUILD_DEBUG)
case QSE_T('X'):
g_failmalloc = qse_strtoulong (opt.arg, 10);
break;
#endif
case QSE_T('\0'):
{
if (qse_strcmp(opt.lngopt, QSE_T("version")) == 0)
{
print_version ();
goto done;
}
else if (qse_strcmp(opt.lngopt, QSE_T("script-encoding")) == 0)
{
g_script_cmgr = qse_findcmgr (opt.arg);
if (g_script_cmgr == QSE_NULL)
{
qse_fprintf (QSE_STDERR, QSE_T("ERROR: unknown script encoding - %s\n"), opt.arg);
goto oops;
}
}
else if (qse_strcmp(opt.lngopt, QSE_T("infile-encoding")) == 0)
{
g_infile_cmgr = qse_findcmgr (opt.arg);
if (g_infile_cmgr == QSE_NULL)
{
qse_fprintf (QSE_STDERR, QSE_T("ERROR: unknown input file encoding - %s\n"), opt.arg);
goto oops;
}
}
else if (qse_strcmp(opt.lngopt, QSE_T("outfile-encoding")) == 0)
{
g_outfile_cmgr = qse_findcmgr (opt.arg);
if (g_outfile_cmgr == QSE_NULL)
{
qse_fprintf (QSE_STDERR, QSE_T("ERROR: unknown output file encoding - %s\n"), opt.arg);
goto oops;
}
}
break;
}
}
}
if (opt.ind < argc && g_script.size <= 0)
{
if (add_script (argv[opt.ind++], 1) <= -1) goto oops;
}
if (opt.ind < argc) g_infile_pos = opt.ind;
if (g_script.size <= 0)
{
print_usage (QSE_STDERR, argc, argv);
goto oops;
}
g_script.io[g_script.size].type = QSE_SED_IOSTD_NULL;
return 1;
oops:
free_scripts ();
return -1;
done:
free_scripts ();
return 0;
}
static int setup_opts_from_req(int sk, CriuOpts *req)
{
struct ucred ids;
struct stat st;
socklen_t ids_len = sizeof(struct ucred);
char images_dir_path[PATH_MAX];
char work_dir_path[PATH_MAX];
int i;
if (getsockopt(sk, SOL_SOCKET, SO_PEERCRED, &ids, &ids_len)) {
pr_perror("Can't get socket options");
goto err;
}
if (restrict_uid(ids.uid, ids.gid))
goto err;
if (fstat(sk, &st)) {
pr_perror("Can't get socket stat");
goto err;
}
BUG_ON(st.st_ino == -1);
service_sk_ino = st.st_ino;
/* open images_dir */
sprintf(images_dir_path, "/proc/%d/fd/%d", ids.pid, req->images_dir_fd);
if (req->parent_img)
opts.img_parent = req->parent_img;
if (open_image_dir(images_dir_path) < 0) {
pr_perror("Can't open images directory");
goto err;
}
/* get full path to images_dir to use in process title */
if (readlink(images_dir_path, images_dir, PATH_MAX) == -1) {
pr_perror("Can't readlink %s", images_dir_path);
goto err;
}
/* chdir to work dir */
if (req->has_work_dir_fd)
sprintf(work_dir_path, "/proc/%d/fd/%d", ids.pid, req->work_dir_fd);
else
strcpy(work_dir_path, images_dir_path);
if (chdir(work_dir_path)) {
pr_perror("Can't chdir to work_dir");
goto err;
}
/* initiate log file in work dir */
if (req->log_file) {
if (strchr(req->log_file, '/')) {
pr_perror("No subdirs are allowed in log_file name");
goto err;
}
opts.output = req->log_file;
} else
opts.output = DEFAULT_LOG_FILENAME;
log_set_loglevel(req->log_level);
if (log_init(opts.output) == -1) {
pr_perror("Can't initiate log");
goto err;
}
/* checking flags from client */
if (req->has_leave_running && req->leave_running)
opts.final_state = TASK_ALIVE;
if (!req->has_pid) {
req->has_pid = true;
req->pid = ids.pid;
}
if (req->has_ext_unix_sk) {
opts.ext_unix_sk = req->ext_unix_sk;
for (i = 0; i < req->n_unix_sk_ino; i++) {
if (unix_sk_id_add(req->unix_sk_ino[i]->inode) < 0)
goto err;
}
}
if (req->root)
opts.root = req->root;
if (req->has_rst_sibling) {
if (!opts.swrk_restore) {
pr_err("rst_sibling is not allowed in standalone service\n");
goto err;
}
opts.restore_sibling = req->rst_sibling;
}
if (req->has_tcp_established)
opts.tcp_established_ok = req->tcp_established;
if (req->has_evasive_devices)
opts.evasive_devices = req->evasive_devices;
if (req->has_shell_job)
opts.shell_job = req->shell_job;
if (req->has_file_locks)
opts.handle_file_locks = req->file_locks;
if (req->has_track_mem)
opts.track_mem = req->track_mem;
if (req->has_link_remap)
opts.link_remap_ok = req->link_remap;
if (req->has_auto_dedup)
opts.auto_dedup = req->auto_dedup;
if (req->has_force_irmap)
opts.force_irmap = req->force_irmap;
if (req->n_exec_cmd > 0) {
opts.exec_cmd = xmalloc((req->n_exec_cmd + 1) * sizeof(char *));
memcpy(opts.exec_cmd, req->exec_cmd, req->n_exec_cmd * sizeof(char *));
opts.exec_cmd[req->n_exec_cmd] = NULL;
}
if (req->ps) {
opts.use_page_server = true;
opts.addr = req->ps->address;
opts.ps_port = htons((short)req->ps->port);
if (req->ps->has_fd) {
if (!opts.swrk_restore)
goto err;
opts.ps_socket = req->ps->fd;
}
}
if (req->notify_scripts &&
add_script(SCRIPT_RPC_NOTIFY, sk))
goto err;
for (i = 0; i < req->n_veths; i++) {
if (veth_pair_add(req->veths[i]->if_in, req->veths[i]->if_out))
goto err;
}
for (i = 0; i < req->n_ext_mnt; i++) {
if (ext_mount_add(req->ext_mnt[i]->key, req->ext_mnt[i]->val))
goto err;
}
if (req->n_inherit_fd && !opts.swrk_restore) {
pr_err("inherit_fd is not allowed in standalone service\n");
goto err;
}
for (i = 0; i < req->n_inherit_fd; i++) {
if (inherit_fd_add(req->inherit_fd[i]->fd, req->inherit_fd[i]->key))
goto err;
}
for (i = 0; i < req->n_cg_root; i++) {
if (new_cg_root_add(req->cg_root[i]->ctrl,
req->cg_root[i]->path))
goto err;
}
for (i = 0; i < req->n_enable_fs; i++) {
if (!add_fsname_auto(req->enable_fs[i]))
goto err;
}
for (i = 0; i < req->n_skip_mnt; i++) {
if (!add_skip_mount(req->skip_mnt[i]))
goto err;
}
if (req->has_cpu_cap)
opts.cpu_cap = req->cpu_cap;
/*
* FIXME: For backward compatibility we setup
* soft mode here, need to enhance to support
* other modes as well via separate option
* probably.
*/
if (req->has_manage_cgroups)
opts.manage_cgroups = req->manage_cgroups ? CG_MODE_SOFT : CG_MODE_IGNORE;
/* Override the manage_cgroup if mode is set explicitly */
if (req->has_manage_cgroups_mode) {
unsigned int mode;
switch (req->manage_cgroups_mode) {
case CRIU_CG_MODE__IGNORE:
mode = CG_MODE_IGNORE;
break;
case CRIU_CG_MODE__NONE:
mode = CG_MODE_NONE;
break;
case CRIU_CG_MODE__PROPS:
mode = CG_MODE_PROPS;
break;
case CRIU_CG_MODE__SOFT:
mode = CG_MODE_SOFT;
break;
case CRIU_CG_MODE__FULL:
mode = CG_MODE_FULL;
break;
case CRIU_CG_MODE__STRICT:
mode = CG_MODE_STRICT;
break;
case CRIU_CG_MODE__DEFAULT:
mode = CG_MODE_DEFAULT;
break;
default:
goto err;
}
opts.manage_cgroups = mode;
}
if (req->has_auto_ext_mnt)
opts.autodetect_ext_mounts = req->auto_ext_mnt;
if (req->has_ext_sharing)
opts.enable_external_sharing = req->ext_sharing;
if (req->has_ext_masters)
opts.enable_external_masters = req->ext_masters;
if (req->has_ghost_limit)
opts.ghost_limit = req->ghost_limit;
return 0;
err:
set_cr_errno(EBADRQC);
return -1;
}
bool CheckMKServer::loadModuleEx(std::string alias, NSCAPI::moduleLoadMode mode) {
root_ = get_base_path();
nscp_runtime_.reset(new scripts::nscp::nscp_runtime_impl(get_id(), get_core()));
lua_runtime_.reset(new lua::lua_runtime(utf8::cvt<std::string>(root_.string())));
lua_runtime_->register_plugin(boost::shared_ptr<check_mk::check_mk_plugin>(new check_mk::check_mk_plugin()));
scripts_.reset(new scripts::script_manager<lua::lua_traits>(lua_runtime_, nscp_runtime_, get_id(), utf8::cvt<std::string>(alias)));
handler_.reset(new handler_impl(scripts_));
sh::settings_registry settings(get_settings_proxy());
settings.set_alias("check_mk", alias, "server");
settings.alias().add_path_to_settings()
("CHECK MK SERVER SECTION", "Section for check_mk (CheckMKServer.dll) protocol options.")
("scripts", sh::fun_values_path(boost::bind(&CheckMKServer::add_script, this, _1, _2)),
"REMOTE TARGET DEFINITIONS", "",
"TARGET", "For more configuration options add a dedicated section")
;
settings.alias().add_key_to_settings()
("port", sh::string_key(&info_.port_, "6556"),
"PORT NUMBER", "Port to use for check_mk.")
;
socket_helpers::settings_helper::add_core_server_opts(settings, info_);
socket_helpers::settings_helper::add_ssl_server_opts(settings, info_, false);
settings.register_all();
settings.notify();
if (scripts_->empty()) {
add_script("default", "default_check_mk.lua");
}
#ifndef USE_SSL
if (info_.use_ssl) {
NSC_LOG_ERROR_STD(_T("SSL not avalible! (not compiled with openssl support)"));
return false;
}
#endif
NSC_LOG_ERROR_LISTS(info_.validate());
std::list<std::string> errors;
info_.allowed_hosts.refresh(errors);
NSC_LOG_ERROR_LISTS(errors);
NSC_DEBUG_MSG_STD("Allowed hosts definition: " + info_.allowed_hosts.to_string());
boost::asio::io_service io_service_;
scripts_->load_all();
if (mode == NSCAPI::normalStart) {
server_.reset(new check_mk::server::server(info_, handler_));
if (!server_) {
NSC_LOG_ERROR_STD("Failed to create server instance!");
return false;
}
server_->start();
}
return true;
}