Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[question] why containerd can not dump and restore net ns #538

Closed
Ace-Tang opened this issue Aug 9, 2018 · 7 comments
Closed

[question] why containerd can not dump and restore net ns #538

Ace-Tang opened this issue Aug 9, 2018 · 7 comments

Comments

@Ace-Tang
Copy link

Ace-Tang commented Aug 9, 2018

Hi, @avagin , I come from the containerd project, and see you pr to fix broken criu in moby. I am new to criu, as I know, criu is support dump and restore network namespace, so I am wondering why you write this,

checkpoint: don't restore a container network namespace
A network namespace should not be dumped and restored, it is created by
Docker even for restored containers.

Is this related to moby?
@avagin
Copy link
Member

avagin commented Aug 10, 2018

Here I mean that runc doesn't restore network devices and their configurations. When a container is started, its network namespace is configured by third-party tools from a pre-start hook. A container network namespace is connected with an external network and containerd, runc know nothing about this. I mean that we know nothing about how a container is connected into an external network.

So when we were doing the integration of criu with docker, we decided that criu will create an empty network namespace and call a pre-start hook, which will create (restore) network devices and configure them. It is the same hook what is called when a container is started.

@Ace-Tang
Copy link
Author

Thanks very much for you detail explain, I think I have understand.

@Ace-Tang Ace-Tang reopened this Aug 16, 2018
@Ace-Tang
Copy link
Author

Oh, sorry, I forget to ask one more question. So we should always set empty-ns with network in runc restore? but I found that default umask nsmask := unix.CLONE_NEWNET is only set in runc checkpoint, but not in runc restore, is restore process need to set this by default?

@avagin
Copy link
Member

avagin commented Aug 16, 2018

@Ace-Tang It will work even if we set unix.CLONE_NEWNET only on dump, but it is better to set it on restore too. Do you want to fix this in runc?

@Ace-Tang
Copy link
Author

@avagin , sure, I want to do this, we are using checkpoint/restore to support our business, I find if we are not set this mask, it will cost more time(millisecond or less), if you don't mind, I will try to create a pr for runc, see if runc can accept this.

@avagin
Copy link
Member

avagin commented Aug 17, 2018

@Ace-Tang I don't mind:). Add me into CC of this pr or post a link here. Thanks.

@Ace-Tang
Copy link
Author

I create a pr opencontainers/runc#1871 in runc, @avagin please help me to check that, thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@avagin @Ace-Tang