Open osctobe opened 11 months ago
All modified and coverable lines are covered by tests :white_check_mark:
Comparison is base (
cda1c5c
) 70.51% compared to head (e2ae63e
) 70.50%.:exclamation: Current head e2ae63e differs from pull request most recent head ff088a7. Consider uploading reports for the commit ff088a7 to get more accurate results
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Hello @avagin and @osctobe, I had one idea, which I like a lot, but guys in mainstream Linux faced it with total silence.
The idea was to allow clone3 syscall to alter owner user namespace of newly created namespaces (e.g. new pid namespace owner if CLONE_NEWPID is specified). https://lore.kernel.org/all/20210402155131.119872-1-ptikhomirov@virtuozzo.com/
This way using clone3 CRIU is able to create all restored processes in topmost user namespace available, while preserving namespace ownership topology. So at each clone3 call we would have all permissions needed by clone3_set_tid functionality. (Later we can switch to proper user namespace for each process to also preserve task's user namespaces.)
I believe my fix would help in this case too. @osctobe Can you, please, give it a try on your environment?
A friendly reminder that this PR had no activity for 30 days.
A set of fixes for kerndat tests and a few debug logging improvements.