Open zcharlesz opened 1 year ago
adrianreber
commented
1 year ago At this point I would not try to use CRIU on CentOS 7. That is a really old OS and CRIU was only available as a tech preview. You should try something newer. With all these capabilities set you can also run it just as root.
@ymanton any ideas? Have you seen something like this before?
ymanton
commented
1 year ago I've seen setgroups fail for reasons that I haven't completely figured out, but that is the first such call in that part of the code, where as in this case setgroups and others that require CAP_SETUID have succeeded but setresgid fails.
I'd suggest trying CentOS 8 as a first step.
zcharlesz
commented
1 year ago Thanks for your reply, I'll try with newer system.
github-actions[bot]
commented
1 year ago A friendly reminder that this issue had no activity for 30 days.
I tried to use non-root to save and restore program;
Save works perfectly, while restore gives Error below:
pie: 34336: seccomp: mode 0 on tid 34336 .... Error (criu/pie/restorer.c:243): Uable to set real, effective and saved group ID: -1 Error (criu/pie/restorer.c:752): BUG at criu/pie/restorer.c:752 ....
I've set all linux capabilies for criu (include cap_setuid,cap_setgid,cap_fsetid):
Capabilies have been set : cap_syslog,cap_syslog,cap_mac_override,cap_setfcap,cap_audit_control,cap_audit_write,cap_lease,cap_mknod,cap_sys_tty_config,cap_sys_time,cap_sys_resource,cap_sys_nice,cap_sys_boot,cap_sys_admin,cap_sys_pacct,cap_sys_ptrace,cap_sys_chroot,cap_sys_rawio,cap_sys_module,cap_ipc_owner,cap_ipc_lock,cap_net_raw,cap_net_admin,cap_net_broadcast,cap_net_bind_service,cap_linux_immutable,cap_setpcap,cap_setuid,cap_setgid,cap_kill,cap_fsetid,cap_fowner,cap_dac_read_search,cap_dac_override,cap_chown+eip /usr/local/sbin/criu
Any ideas about this error?
CRIU full dump/restore logs:
``` (paste your output here) ```
Output of `criu --version`:
``` 3.17 ```
Output of `criu check --all`:
```  ```
Additional environment details:
CentOS Linux release 7.9.2009 (Core) kernel: 3.10.0-1160.el7.x86_64