int main(int argc, char *argv[], char *envp[])
{
pid_t pid = 0, tree_id = 0;
int ret = -1;
bool usage_error = true;
bool has_exec_cmd = false;
int opt, idx;
int log_level = LOG_UNSET;
char *imgs_dir = ".";
char *work_dir = NULL;
struct stat tmpst;
static const char short_opts[] = "dSsRf:F:t:p:hcD:o:n:v::x::Vr:jlW:L\
:M:T";
static struct option long_opts[] = {
{ "tree", required_argument, 0, 't' },
{ "pid", required_argument, 0, 'p' },
{ "leave-stopped", no_argument, 0, 's' },
{ "leave-running", no_argument, 0, 'R' },
{ "restore-detached", no_argument, 0, 'd' },
{ "restore-sibling", no_argument, 0, 'S' },
{ "daemon", no_argument, 0, 'd' },
{ "contents", no_argument, 0, 'c' },
{ "file", required_argument, 0, 'f' },
{ "fields", required_argument, 0, 'F' },
{ "images-dir", required_argument, 0, 'D' },
{ "work-dir", required_argument, 0, 'W' },
{ "log-file", required_argument, 0, 'o' },
{ "namespaces", required_argument, 0, 'n' },
{ "root", required_argument, 0, 'r' },
{ USK_EXT_PARAM, optional_argument, 0, 'x' },
{ "help", no_argument, 0, 'h' },
{ SK_EST_PARAM, no_argument, 0, 1042 },
{ "close", required_argument, 0, 1043 },
{ "log-pid", no_argument, 0, 1044 },
{ "version", no_argument, 0, 'V' },
{ "evasive-devices", no_argument, 0, 1045 },
{ "pidfile", required_argument, 0, 1046 },
{ "veth-pair", required_argument, 0, 1047 },
{ "action-script", required_argument, 0, 1049 },
{ LREMAP_PARAM, no_argument, 0, 1041 },
{ OPT_SHELL_JOB, no_argument, 0, 'j' },
{ OPT_FILE_LOCKS, no_argument, 0, 'l' },
{ "page-server", no_argument, 0, 1050 },
{ "address", required_argument, 0, 1051 },
{ "port", required_argument, 0, 1052 },
{ "prev-images-dir", required_argument, 0, 1053 },
{ "ms", no_argument, 0, 1054 },
{ "track-mem", no_argument, 0, 1055 },
{ "auto-dedup", no_argument, 0, 1056 },
{ "libdir", required_argument, 0, 'L' },
{ "cpu-cap", optional_argument, 0, 1057 },
{ "force-irmap", no_argument, 0, 1058 },
{ "ext-mount-map", required_argument, 0, 'M' },
{ "exec-cmd", no_argument, 0, 1059 },
{ "manage-cgroups", optional_argument, 0, 1060 },
{ "cgroup-root", required_argument, 0, 1061 },
{ "inherit-fd", required_argument, 0, 1062 },
{ "feature", required_argument, 0, 1063 },
{ "skip-mnt", required_argument, 0, 1064 },
{ "enable-fs", required_argument, 0, 1065 },
{ "enable-external-sharing", no_argument, 0, 1066 },
{ "enable-external-masters", no_argument, 0, 1067 },
{ "freeze-cgroup", required_argument, 0, 1068 },
{ "ghost-limit", required_argument, 0, 1069 },
{ "irmap-scan-path", required_argument, 0, 1070 },
{ "tmp-dir", optional_argument, 0, 'T' },
{ },
};
BUILD_BUG_ON(PAGE_SIZE != PAGE_IMAGE_SIZE);
if (fault_injection_init())
return 1;
cr_pb_init();
if (restrict_uid(getuid(), getgid()))
return 1;
setproctitle_init(argc, argv, envp);
if (argc < 2)
goto usage;
init_opts();
if (init_service_fd())
return 1;
if (!strcmp(argv[1], "swrk")) {
if (argc < 3)
goto usage;
/*
* This is to start criu service worker from libcriu calls.
* The usage is "criu swrk <fd>" and is not for CLI/scripts.
* The arguments semantics can change at any tyme with the
* corresponding lib call change.
*/
opts.swrk_restore = true;
return cr_service_work(atoi(argv[2]));
}
while (1) {
idx = -1;
opt = getopt_long(argc, argv, short_opts, long_opts, &idx);
if (opt == -1)
break;
switch (opt) {
case 's':
opts.final_state = TASK_STOPPED;
break;
case 'R':
opts.final_state = TASK_ALIVE;
break;
case 'x':
if (optarg && unix_sk_ids_parse(optarg) < 0)
return 1;
opts.ext_unix_sk = true;
break;
case 'p':
pid = atoi(optarg);
if (pid <= 0)
goto bad_arg;
break;
case 't':
tree_id = atoi(optarg);
if (tree_id <= 0)
goto bad_arg;
break;
case 'c':
opts.show_pages_content = true;
break;
case 'f':
opts.show_dump_file = optarg;
break;
case 'F':
opts.show_fmt = optarg;
break;
case 'r':
opts.root = optarg;
break;
case 'd':
opts.restore_detach = true;
break;
case 'S':
opts.restore_sibling = true;
break;
case 'D':
imgs_dir = optarg;
break;
case 'W':
work_dir = optarg;
break;
case 'o':
opts.output = optarg;
break;
case 'n':
if (parse_ns_string(optarg))
goto bad_arg;
break;
case 'v':
if (log_level == LOG_UNSET)
log_level = 0;
if (optarg) {
if (optarg[0] == 'v')
/* handle -vvvvv */
log_level += strlen(optarg) + 1;
else
log_level = atoi(optarg);
} else
log_level++;
break;
case 1041:
pr_info("Will allow link remaps on FS\n");
opts.link_remap_ok = true;
break;
case 1042:
pr_info("Will dump TCP connections\n");
opts.tcp_established_ok = true;
break;
case 1043: {
int fd;
fd = atoi(optarg);
pr_info("Closing fd %d\n", fd);
close(fd);
break;
}
case 1044:
opts.log_file_per_pid = 1;
break;
case 1045:
opts.evasive_devices = true;
break;
case 1046:
opts.pidfile = optarg;
break;
case 1047:
{
char *aux;
aux = strchr(optarg, '=');
if (aux == NULL)
goto bad_arg;
*aux = '\0';
if (veth_pair_add(optarg, aux + 1))
return 1;
}
break;
case 1049:
if (add_script(optarg, 0))
return 1;
break;
case 1050:
opts.use_page_server = true;
break;
case 1051:
opts.addr = optarg;
break;
case 1052:
opts.ps_port = htons(atoi(optarg));
if (!opts.ps_port)
goto bad_arg;
break;
case 'j':
opts.shell_job = true;
break;
case 'l':
opts.handle_file_locks = true;
break;
case 1053:
opts.img_parent = optarg;
break;
case 1055:
opts.track_mem = true;
break;
case 1056:
opts.auto_dedup = true;
break;
case 1057:
if (parse_cpu_cap(&opts, optarg))
goto usage;
break;
case 1058:
opts.force_irmap = true;
break;
case 1054:
opts.check_ms_kernel = true;
break;
case 'L':
opts.libdir = optarg;
break;
case 1059:
has_exec_cmd = true;
break;
case 1060:
if (parse_manage_cgroups(&opts, optarg))
goto usage;
break;
case 1061:
{
char *path, *ctl;
path = strchr(optarg, ':');
if (path) {
*path = '\0';
path++;
ctl = optarg;
} else {
path = optarg;
ctl = NULL;
}
if (new_cg_root_add(ctl, path))
return -1;
}
break;
case 1062:
if (inherit_fd_parse(optarg) < 0)
return 1;
break;
case 1063:
if (check_add_feature(optarg) < 0)
return 1;
break;
case 1064:
if (!add_skip_mount(optarg))
return 1;
break;
case 1065:
if (!add_fsname_auto(optarg))
return 1;
break;
case 1066:
opts.enable_external_sharing = true;
break;
case 1067:
opts.enable_external_masters = true;
break;
case 1068:
opts.freeze_cgroup = optarg;
break;
case 1069:
opts.ghost_limit = parse_size(optarg);
break;
case 1070:
if (irmap_scan_path_add(optarg))
return -1;
break;
case 'M':
{
char *aux;
if (strcmp(optarg, "auto") == 0) {
opts.autodetect_ext_mounts = true;
break;
}
aux = strchr(optarg, ':');
if (aux == NULL)
goto bad_arg;
*aux = '\0';
if (ext_mount_add(optarg, aux + 1))
return 1;
}
break;
case 'T':
opts.tmpdir = optarg;
case 'V':
pr_msg("Version: %s\n", CRIU_VERSION);
if (strcmp(CRIU_GITID, "0"))
pr_msg("GitID: %s\n", CRIU_GITID);
return 0;
case 'h':
usage_error = false;
goto usage;
default:
goto usage;
}
}
if (!opts.restore_detach && opts.restore_sibling) {
pr_msg("--restore-sibling only makes sense with --restore-detach\n");
return 1;
}
if (!opts.autodetect_ext_mounts && (opts.enable_external_masters || opts.enable_external_sharing)) {
pr_msg("must specify --ext-mount-map auto with --enable-external-{sharing|masters}");
return 1;
}
if (work_dir == NULL)
work_dir = imgs_dir;
if (!opts.tmpdir) {
opts.tmpdir = "/tmp";
}
if (stat(opts.tmpdir, &tmpst) || !(S_ISDIR(tmpst.st_mode))
|| !(S_IRWXU & tmpst.st_mode)) {
pr_perror("%s is not a valid directory", opts.tmpdir);
return 1;
}
if (optind >= argc) {
pr_msg("Error: command is required\n");
goto usage;
}
if (has_exec_cmd) {
if (argc - optind <= 1) {
pr_msg("Error: --exec-cmd requires a command\n");
goto usage;
}
if (strcmp(argv[optind], "restore")) {
pr_msg("Error: --exec-cmd is available for the restore command only\n");
goto usage;
}
if (opts.restore_detach) {
pr_msg("Error: --restore-detached and --exec-cmd cannot be used together\n");
goto usage;
}
opts.exec_cmd = xmalloc((argc - optind) * sizeof(char *));
if (!opts.exec_cmd)
return 1;
memcpy(opts.exec_cmd, &argv[optind + 1], (argc - optind - 1) * sizeof(char *));
opts.exec_cmd[argc - optind - 1] = NULL;
}
/* We must not open imgs dir, if service is called */
if (strcmp(argv[optind], "service")) {
ret = open_image_dir(imgs_dir);
if (ret < 0)
return 1;
}
if (chdir(work_dir)) {
pr_perror("Can't change directory to %s", work_dir);
return 1;
}
log_set_loglevel(log_level);
if (log_init(opts.output))
return 1;
if (!list_empty(&opts.inherit_fds)) {
if (strcmp(argv[optind], "restore")) {
pr_err("--inherit-fd is restore-only option\n");
return 1;
}
/* now that log file is set up, print inherit fd list */
inherit_fd_log();
}
if (opts.img_parent)
pr_info("Will do snapshot from %s\n", opts.img_parent);
if (!strcmp(argv[optind], "dump")) {
preload_socket_modules();
if (!tree_id)
goto opt_pid_missing;
return cr_dump_tasks(tree_id);
}
if (!strcmp(argv[optind], "pre-dump")) {
if (!tree_id)
goto opt_pid_missing;
return cr_pre_dump_tasks(tree_id) != 0;
}
if (!strcmp(argv[optind], "restore")) {
if (tree_id)
pr_warn("Using -t with criu restore is obsoleted\n");
ret = cr_restore_tasks();
if (ret == 0 && opts.exec_cmd) {
close_pid_proc();
execvp(opts.exec_cmd[0], opts.exec_cmd);
pr_perror("Failed to exec command %s", opts.exec_cmd[0]);
ret = 1;
}
return ret != 0;
}
if (!strcmp(argv[optind], "show"))
return cr_show(pid) != 0;
if (!strcmp(argv[optind], "check"))
return cr_check() != 0;
if (!strcmp(argv[optind], "exec")) {
if (!pid)
pid = tree_id; /* old usage */
if (!pid)
goto opt_pid_missing;
return cr_exec(pid, argv + optind + 1) != 0;
}
if (!strcmp(argv[optind], "page-server"))
return cr_page_server(opts.daemon_mode, -1) > 0 ? 0 : 1;
if (!strcmp(argv[optind], "service"))
return cr_service(opts.daemon_mode);
if (!strcmp(argv[optind], "dedup"))
return cr_dedup() != 0;
if (!strcmp(argv[optind], "cpuinfo")) {
if (!argv[optind + 1])
goto usage;
if (!strcmp(argv[optind + 1], "dump"))
return cpuinfo_dump();
else if (!strcmp(argv[optind + 1], "check"))
return cpuinfo_check();
}
pr_msg("Error: unknown command: %s\n", argv[optind]);
usage:
pr_msg("\n"
"Usage:\n"
" criu dump|pre-dump -t PID [<options>]\n"
" criu restore [<options>]\n"
" criu check [--ms]\n"
" criu exec -p PID <syscall-string>\n"
" criu page-server\n"
" criu service [<options>]\n"
" criu dedup\n"
"\n"
"Commands:\n"
" dump checkpoint a process/tree identified by pid\n"
" pre-dump pre-dump task(s) minimizing their frozen time\n"
" restore restore a process/tree\n"
" check checks whether the kernel support is up-to-date\n"
" exec execute a system call by other task\n"
" page-server launch page server\n"
" service launch service\n"
" dedup remove duplicates in memory dump\n"
" cpuinfo dump writes cpu information into image file\n"
" cpuinfo check validates cpu information read from image file\n"
);
if (usage_error) {
pr_msg("\nTry -h|--help for more info\n");
return 1;
}
pr_msg("\n"
"Dump/Restore options:\n"
"\n"
"* Generic:\n"
" -t|--tree PID checkpoint a process tree identified by PID\n"
" -d|--restore-detached detach after restore\n"
" -S|--restore-sibling restore root task as sibling\n"
" -s|--leave-stopped leave tasks in stopped state after checkpoint\n"
" -R|--leave-running leave tasks in running state after checkpoint\n"
" -D|--images-dir DIR directory for image files\n"
" --pidfile FILE write root task, service or page-server pid to FILE\n"
" -W|--work-dir DIR directory to cd and write logs/pidfiles/stats to\n"
" (if not specified, value of --images-dir is used)\n"
" --cpu-cap [CAP] require certain cpu capability. CAP: may be one of:\n"
" 'cpu','fpu','all','ins','none'. To disable capability, prefix it with '^'.\n"
" --exec-cmd execute the command specified after '--' on successful\n"
" restore making it the parent of the restored process\n"
" --freeze-cgroup\n"
" use cgroup freezer to collect processes\n"
"\n"
"* Special resources support:\n"
" -x|--" USK_EXT_PARAM "inode,.." " allow external unix connections (optionally can be assign socket's inode that allows one-sided dump)\n"
" --" SK_EST_PARAM " checkpoint/restore established TCP connections\n"
" -r|--root PATH change the root filesystem (when run in mount namespace)\n"
" --evasive-devices use any path to a device file if the original one\n"
" is inaccessible\n"
" --veth-pair IN=OUT map inside veth device name to outside one\n"
" can optionally append @<bridge-name> to OUT for moving\n"
" the outside veth to the named bridge\n"
" --link-remap allow one to link unlinked files back when possible\n"
" --ghost-limit size specify maximum size of deleted file contents to be carried inside an image file\n"
" --action-script FILE add an external action script\n"
" -j|--" OPT_SHELL_JOB " allow one to dump and restore shell jobs\n"
" -l|--" OPT_FILE_LOCKS " handle file locks, for safety, only used for container\n"
" -L|--libdir path to a plugin directory (by default " CR_PLUGIN_DEFAULT ")\n"
" --force-irmap force resolving names for inotify/fsnotify watches\n"
" --irmap-scan-path FILE\n"
" add a path the irmap hints to scan\n"
" -M|--ext-mount-map KEY:VALUE\n"
" add external mount mapping\n"
" -M|--ext-mount-map auto\n"
" attempt to autodetect external mount mapings\n"
" --enable-external-sharing\n"
" allow autoresolving mounts with external sharing\n"
" --enable-external-masters\n"
" allow autoresolving mounts with external masters\n"
" --manage-cgroups [m] dump or restore cgroups the process is in usig mode:\n"
" 'none', 'props', 'soft' (default), 'full' and 'strict'.\n"
" --cgroup-root [controller:]/newroot\n"
" change the root cgroup the controller will be\n"
" installed into. No controller means that root is the\n"
" default for all controllers not specified.\n"
" --skip-mnt PATH ignore this mountpoint when dumping the mount namespace.\n"
" --enable-fs FSNAMES a comma separated list of filesystem names or \"all\".\n"
" force criu to (try to) dump/restore these filesystem's\n"
" mountpoints even if fs is not supported.\n"
"\n"
"* Logging:\n"
" -o|--log-file FILE log file name\n"
" --log-pid enable per-process logging to separate FILE.pid files\n"
" -v[NUM] set logging level (higher level means more output):\n"
" -v1|-v - only errors and messages\n"
" -v2|-vv - also warnings (default level)\n"
" -v3|-vvv - also information messages and timestamps\n"
" -v4|-vvvv - lots of debug\n"
"\n"
"* Memory dumping options:\n"
" --track-mem turn on memory changes tracker in kernel\n"
" --prev-images-dir DIR path to images from previous dump (relative to -D)\n"
" --page-server send pages to page server (see options below as well)\n"
" --auto-dedup when used on dump it will deduplicate \"old\" data in\n"
" pages images of previous dump\n"
" when used on restore, as soon as page is restored, it\n"
" will be punched from the image.\n"
"\n"
"Page/Service server options:\n"
" --address ADDR address of server or service\n"
" --port PORT port of page server\n"
" -d|--daemon run in the background after creating socket\n"
"\n"
"Other options:\n"
" -h|--help show this text\n"
" -V|--version show version\n"
" --ms don't check not yet merged kernel features\n"
);
return 0;
opt_pid_missing:
pr_msg("Error: pid not specified\n");
return 1;
bad_arg:
if (idx < 0) /* short option */
pr_msg("Error: invalid argument for -%c: %s\n",
opt, optarg);
else /* long option */
pr_msg("Error: invalid argument for --%s: %s\n",
long_opts[idx].name, optarg);
return 1;
}
static int setup_opts_from_req(int sk, CriuOpts *req)
{
struct ucred ids;
struct stat st;
socklen_t ids_len = sizeof(struct ucred);
char images_dir_path[PATH_MAX];
char work_dir_path[PATH_MAX];
int i;
if (getsockopt(sk, SOL_SOCKET, SO_PEERCRED, &ids, &ids_len)) {
pr_perror("Can't get socket options");
goto err;
}
if (restrict_uid(ids.uid, ids.gid))
goto err;
if (fstat(sk, &st)) {
pr_perror("Can't get socket stat");
goto err;
}
BUG_ON(st.st_ino == -1);
service_sk_ino = st.st_ino;
/* open images_dir */
sprintf(images_dir_path, "/proc/%d/fd/%d", ids.pid, req->images_dir_fd);
if (req->parent_img)
opts.img_parent = req->parent_img;
if (open_image_dir(images_dir_path) < 0) {
pr_perror("Can't open images directory");
goto err;
}
/* get full path to images_dir to use in process title */
if (readlink(images_dir_path, images_dir, PATH_MAX) == -1) {
pr_perror("Can't readlink %s", images_dir_path);
goto err;
}
/* chdir to work dir */
if (req->has_work_dir_fd)
sprintf(work_dir_path, "/proc/%d/fd/%d", ids.pid, req->work_dir_fd);
else
strcpy(work_dir_path, images_dir_path);
if (chdir(work_dir_path)) {
pr_perror("Can't chdir to work_dir");
goto err;
}
/* initiate log file in work dir */
if (req->log_file) {
if (strchr(req->log_file, '/')) {
pr_perror("No subdirs are allowed in log_file name");
goto err;
}
opts.output = req->log_file;
} else
opts.output = DEFAULT_LOG_FILENAME;
log_set_loglevel(req->log_level);
if (log_init(opts.output) == -1) {
pr_perror("Can't initiate log");
goto err;
}
/* checking flags from client */
if (req->has_leave_running && req->leave_running)
opts.final_state = TASK_ALIVE;
if (!req->has_pid) {
req->has_pid = true;
req->pid = ids.pid;
}
if (req->has_ext_unix_sk) {
opts.ext_unix_sk = req->ext_unix_sk;
for (i = 0; i < req->n_unix_sk_ino; i++) {
if (unix_sk_id_add(req->unix_sk_ino[i]->inode) < 0)
goto err;
}
}
if (req->root)
opts.root = req->root;
if (req->has_rst_sibling) {
if (!opts.swrk_restore) {
pr_err("rst_sibling is not allowed in standalone service\n");
goto err;
}
opts.restore_sibling = req->rst_sibling;
}
if (req->has_tcp_established)
opts.tcp_established_ok = req->tcp_established;
if (req->has_evasive_devices)
opts.evasive_devices = req->evasive_devices;
if (req->has_shell_job)
opts.shell_job = req->shell_job;
if (req->has_file_locks)
opts.handle_file_locks = req->file_locks;
if (req->has_track_mem)
opts.track_mem = req->track_mem;
if (req->has_link_remap)
opts.link_remap_ok = req->link_remap;
if (req->has_auto_dedup)
opts.auto_dedup = req->auto_dedup;
if (req->has_force_irmap)
opts.force_irmap = req->force_irmap;
if (req->n_exec_cmd > 0) {
opts.exec_cmd = xmalloc((req->n_exec_cmd + 1) * sizeof(char *));
memcpy(opts.exec_cmd, req->exec_cmd, req->n_exec_cmd * sizeof(char *));
opts.exec_cmd[req->n_exec_cmd] = NULL;
}
if (req->ps) {
opts.use_page_server = true;
opts.addr = req->ps->address;
opts.ps_port = htons((short)req->ps->port);
if (req->ps->has_fd) {
if (!opts.swrk_restore)
goto err;
opts.ps_socket = req->ps->fd;
}
}
if (req->notify_scripts &&
add_script(SCRIPT_RPC_NOTIFY, sk))
goto err;
for (i = 0; i < req->n_veths; i++) {
if (veth_pair_add(req->veths[i]->if_in, req->veths[i]->if_out))
goto err;
}
for (i = 0; i < req->n_ext_mnt; i++) {
if (ext_mount_add(req->ext_mnt[i]->key, req->ext_mnt[i]->val))
goto err;
}
if (req->n_inherit_fd && !opts.swrk_restore) {
pr_err("inherit_fd is not allowed in standalone service\n");
goto err;
}
for (i = 0; i < req->n_inherit_fd; i++) {
if (inherit_fd_add(req->inherit_fd[i]->fd, req->inherit_fd[i]->key))
goto err;
}
for (i = 0; i < req->n_cg_root; i++) {
if (new_cg_root_add(req->cg_root[i]->ctrl,
req->cg_root[i]->path))
goto err;
}
for (i = 0; i < req->n_enable_fs; i++) {
if (!add_fsname_auto(req->enable_fs[i]))
goto err;
}
for (i = 0; i < req->n_skip_mnt; i++) {
if (!add_skip_mount(req->skip_mnt[i]))
goto err;
}
if (req->has_cpu_cap)
opts.cpu_cap = req->cpu_cap;
/*
* FIXME: For backward compatibility we setup
* soft mode here, need to enhance to support
* other modes as well via separate option
* probably.
*/
if (req->has_manage_cgroups)
opts.manage_cgroups = req->manage_cgroups ? CG_MODE_SOFT : CG_MODE_IGNORE;
/* Override the manage_cgroup if mode is set explicitly */
if (req->has_manage_cgroups_mode) {
unsigned int mode;
switch (req->manage_cgroups_mode) {
case CRIU_CG_MODE__IGNORE:
mode = CG_MODE_IGNORE;
break;
case CRIU_CG_MODE__NONE:
mode = CG_MODE_NONE;
break;
case CRIU_CG_MODE__PROPS:
mode = CG_MODE_PROPS;
break;
case CRIU_CG_MODE__SOFT:
mode = CG_MODE_SOFT;
break;
case CRIU_CG_MODE__FULL:
mode = CG_MODE_FULL;
break;
case CRIU_CG_MODE__STRICT:
mode = CG_MODE_STRICT;
break;
case CRIU_CG_MODE__DEFAULT:
mode = CG_MODE_DEFAULT;
break;
default:
goto err;
}
opts.manage_cgroups = mode;
}
if (req->has_auto_ext_mnt)
opts.autodetect_ext_mounts = req->auto_ext_mnt;
if (req->has_ext_sharing)
opts.enable_external_sharing = req->ext_sharing;
if (req->has_ext_masters)
opts.enable_external_masters = req->ext_masters;
if (req->has_ghost_limit)
opts.ghost_limit = req->ghost_limit;
return 0;
err:
set_cr_errno(EBADRQC);
return -1;
}
static int setup_opts_from_req(int sk, CriuOpts *req)
{
struct ucred ids;
struct stat st;
socklen_t ids_len = sizeof(struct ucred);
char images_dir_path[PATH_MAX];
char work_dir_path[PATH_MAX];
int i;
if (getsockopt(sk, SOL_SOCKET, SO_PEERCRED, &ids, &ids_len)) {
pr_perror("Can't get socket options");
return -1;
}
if (restrict_uid(ids.uid, ids.gid))
return -1;
if (fstat(sk, &st)) {
pr_perror("Can't get socket stat");
return -1;
}
BUG_ON(st.st_ino == -1);
service_sk_ino = st.st_ino;
/* open images_dir */
sprintf(images_dir_path, "/proc/%d/fd/%d", ids.pid, req->images_dir_fd);
if (req->parent_img)
opts.img_parent = req->parent_img;
if (open_image_dir(images_dir_path) < 0) {
pr_perror("Can't open images directory");
return -1;
}
/* get full path to images_dir to use in process title */
if (readlink(images_dir_path, images_dir, PATH_MAX) == -1) {
pr_perror("Can't readlink %s", images_dir_path);
return -1;
}
/* chdir to work dir */
if (req->has_work_dir_fd)
sprintf(work_dir_path, "/proc/%d/fd/%d", ids.pid, req->work_dir_fd);
else
strcpy(work_dir_path, images_dir_path);
if (chdir(work_dir_path)) {
pr_perror("Can't chdir to work_dir");
return -1;
}
/* initiate log file in work dir */
if (req->log_file) {
if (strchr(req->log_file, '/')) {
pr_perror("No subdirs are allowed in log_file name");
return -1;
}
opts.output = req->log_file;
} else
opts.output = DEFAULT_LOG_FILENAME;
log_set_loglevel(req->log_level);
if (log_init(opts.output) == -1) {
pr_perror("Can't initiate log");
return -1;
}
/* checking flags from client */
if (req->has_leave_running && req->leave_running)
opts.final_state = TASK_ALIVE;
if (!req->has_pid) {
req->has_pid = true;
req->pid = ids.pid;
}
if (req->has_ext_unix_sk)
opts.ext_unix_sk = req->ext_unix_sk;
if (req->root)
opts.root = req->root;
if (req->has_rst_sibling) {
if (!opts.swrk_restore) {
pr_err("rst_sibling is not allowed in standalone service\n");
return -1;
}
opts.restore_sibling = req->rst_sibling;
}
if (req->has_tcp_established)
opts.tcp_established_ok = req->tcp_established;
if (req->has_evasive_devices)
opts.evasive_devices = req->evasive_devices;
if (req->has_shell_job)
opts.shell_job = req->shell_job;
if (req->has_file_locks)
opts.handle_file_locks = req->file_locks;
if (req->has_track_mem)
opts.track_mem = req->track_mem;
if (req->has_link_remap)
opts.link_remap_ok = req->link_remap;
if (req->has_auto_dedup)
opts.auto_dedup = req->auto_dedup;
if (req->has_force_irmap)
opts.force_irmap = req->force_irmap;
if (req->n_exec_cmd > 0) {
opts.exec_cmd = xmalloc((req->n_exec_cmd + 1) * sizeof(char *));
memcpy(opts.exec_cmd, req->exec_cmd, req->n_exec_cmd * sizeof(char *));
opts.exec_cmd[req->n_exec_cmd] = NULL;
}
if (req->ps) {
opts.use_page_server = true;
opts.addr = req->ps->address;
opts.ps_port = htons((short)req->ps->port);
if (req->ps->has_fd) {
if (!opts.swrk_restore)
return -1;
opts.ps_socket = req->ps->fd;
}
}
if (req->notify_scripts &&
add_script(SCRIPT_RPC_NOTIFY, sk))
return -1;
for (i = 0; i < req->n_veths; i++) {
if (veth_pair_add(req->veths[i]->if_in, req->veths[i]->if_out))
return -1;
}
for (i = 0; i < req->n_ext_mnt; i++) {
if (ext_mount_add(req->ext_mnt[i]->key, req->ext_mnt[i]->val))
return -1;
}
for (i = 0; i < req->n_cg_root; i++) {
if (new_cg_root_add(req->cg_root[i]->ctrl,
req->cg_root[i]->path))
return -1;
}
if (req->has_cpu_cap)
opts.cpu_cap = req->cpu_cap;
if (req->has_manage_cgroups)
opts.manage_cgroups = req->manage_cgroups;
return 0;
}
static int setup_opts_from_req(int sk, CriuOpts *req)
{
struct ucred ids;
struct stat st;
socklen_t ids_len = sizeof(struct ucred);
char images_dir_path[PATH_MAX];
if (getsockopt(sk, SOL_SOCKET, SO_PEERCRED, &ids, &ids_len)) {
pr_perror("Can't get socket options");
return -1;
}
restrict_uid(ids.uid, ids.gid);
if (fstat(sk, &st)) {
pr_perror("Can't get socket stat");
return -1;
}
BUG_ON(st.st_ino == -1);
service_sk_ino = st.st_ino;
/* going to dir, where to place/get images*/
sprintf(images_dir_path, "/proc/%d/fd/%d", ids.pid, req->images_dir_fd);
if (chdir(images_dir_path)) {
pr_perror("Can't chdir to images directory");
return -1;
}
if (open_image_dir(".") < 0)
return -1;
/* initiate log file in imgs dir */
if (req->log_file)
opts.output = req->log_file;
else
opts.output = DEFAULT_LOG_FILENAME;
log_set_loglevel(req->log_level);
if (log_init(opts.output) == -1) {
pr_perror("Can't initiate log");
return -1;
}
/* checking flags from client */
if (req->has_leave_running && req->leave_running)
opts.final_state = TASK_ALIVE;
if (!req->has_pid) {
req->has_pid = true;
req->pid = ids.pid;
}
if (req->has_ext_unix_sk)
opts.ext_unix_sk = req->ext_unix_sk;
if (req->has_tcp_established)
opts.tcp_established_ok = req->tcp_established;
if (req->has_evasive_devices)
opts.evasive_devices = req->evasive_devices;
if (req->has_shell_job)
opts.shell_job = req->shell_job;
if (req->has_file_locks)
opts.handle_file_locks = req->file_locks;
return 0;
}