search

checkpoint-restore / criu

Checkpoint/Restore tool
criu.org
Other
2.9k stars 583 forks source link

Following the `setcap` instruction raises 'fatal error: Invalid argument' #2401

Closed aqjune closed 4 months ago

aqjune commented 4 months ago

Description

When I try criu dump it requests that capability of CAP_SYS_ADMIN or CAP_CHECKPOINT_RESTORE must be given to criu, with an instruction showing how to use setcap. However, if I follow it, I am seeing the following error:

$ ~/criu-3.19/criu/criu dump -t 31058 -vvv -o dump.log --unprivileged && echo OK
CRIU needs to have the CAP_SYS_ADMIN or the CAP_CHECKPOINT_RESTORE capability:
setcap cap_checkpoint_restore+eip /home/aqjune/criu-3.19/criu/criu
(00.000000) Effective capability 40 missing
(00.000000) Effective capability 21 missing
$ setcap cap_checkpoint_restore+eip /home/aqjune/criu-3.19/criu/criu
fatal error: Invalid argument
usage: setcap [-q] [-v] [-n <rootid>] (-r|-|<caps>) <filename> [ ... (-r|-|<capsN>) <filenameN> ]

 Note <filename> must be a regular (non-symlink) file.

This might not be a problem of criu (I found that criu's CI script is in fact using the same command), but was just wondering whether any further instruction could be given in the case, which might be helpful to beginners.

Describe the results you expected:

The setcap command is succesfully done

Additional information you deem important (e.g. issue happens only occasionally):

$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.6 LTS"

CRIU logs and information:

criu 3.19

CRIU full dump/restore logs:

None

Output of `criu --version`:

``` Version: 3.19 ```

Output of `criu check --all`:

``` $ ~/criu-3.19/criu/criu check --all CRIU needs to have the CAP_SYS_ADMIN or the CAP_CHECKPOINT_RESTORE capability: setcap cap_checkpoint_restore+eip /home/aqjune/criu-3.19/criu/criu ```

Additional environment details:

adrianreber commented 4 months ago

My first guess would be that Ubuntu 20.04 is just too old. Please retry with something newer.

aqjune commented 4 months ago

Thanks @adrianreber, it worked on 24.04. If CAP_CHECKPOINT_RESTORE is a new capability option of a newer Linux, I think that printing something like This linux does not unsupport CAP_CHECKPOINT_RESTORE other than the setcap cap_checkpoint_restore+eip ... command line could be an option.

adrianreber commented 4 months ago

Please close if resolved.

aqjune commented 4 months ago

My concern was that it was printing a wrong diagnostic message, sorry - I think it should emit a different message than 'setcap ...' if the capability was not available. The issue is not resolved yet.

adrianreber commented 4 months ago

If your setcap is too old there is nothing CRIU can do.

avagin commented 4 months ago

@aqjune if you don't like the error message, pls open a pull request with the fix. We will be glad to accept it.