Open coldbloodx opened 6 days ago
Just curious why you are using a user namespace (unshare -r
implies --user
)? You do not explicitly mention the usage of a user namespace in your description. Have you tried it without a user namespace?
If I did not create a user ns, unshare will report operation not permitted
like below
[leo@laworks 4cpu]$ unshare -i ./vncserver.sh xclock
unshare: unshare failed: Operation not permitted
just have another try with newns provided by this link: https://criu.org/VNC it cannot create ipc namespace either with normal user.
[leo@laworks 4cpu]$ ./newns ./vncserver.sh xclock
clone() failed: Operation not permitted
[leo@laworks 4cpu]$ ll
total 1968
-rwxr-xr-x 1 leo leo 491 Sep 14 14:42 4cpu.sh
-rw-r--r-- 1 leo leo 58 Sep 14 14:42 clean.sh
-rw-r--r-- 1 leo leo 1970243 Sep 14 14:42 fluent-test.cas
-rw-r--r-- 1 leo leo 32 Sep 14 14:42 hostfile.4cpu
-rw-r--r-- 1 leo leo 158 Sep 14 14:42 journal
-rwxr-xr-x 1 leo leo 18040 Sep 19 10:02 newns
-rwxr-xr-x 1 leo leo 149 Sep 14 14:42 vncserver.sh
[leo@laworks 4cpu]$
any ideas? how could I work around this with a normal user? @adrianreber
Description cannot restore vnc gui application launched by normal user.
Steps to reproduce the issue:
[leo@laworks 4cpu]$ unshare -r -i ./vncserver.sh xclock Xvnc TigerVNC 1.13.1 - built Apr 22 2024 00:00:00 Copyright (C) 1999-2022 TigerVNC Team and many others (see README.rst) See https://www.tigervnc.org for information on TigerVNC. Underlying X server release 12011000
Sat Sep 14 17:54:58 2024 vncext: VNC extension running! vncext: Listening for VNC connections on 0.0.0.0 interface(s), port 5925 vncext: created VNC server for screen 0 Warning: Missing charsets in String to FontSet conversion
[root@laworks criutool]# pgrep vncserver.sh 3768777 [root@laworks criutool]# criu dump -t
pgrep vncserver.sh
-D temp --shell-job Warn (compel/arch/x86/src/lib/infect.c:367): Will restore 3768781 with interrupted system call [root@laworks criutool]# echo $? 0 --> dumpped successfully. [root@laworks criutool]#[root@laworks criutool]# criu restore -D temp -v4 --tcp-established -d -j ... ... (00.003315) 3768777: cg: Move into 2 (00.003327) 3768777: cg:
-> unified//user.slice/user-0.slice/session-5505.scope/cgroup.procs (00.003329) 3768777: uns: calling userns_move (-1, 0) (00.003366) uns: daemon calls 0x4410c0 (3768777, -1, 0) (00.011876) 3768777: Calling restore_sid() for init (00.011932) 3768777: Error (criu/util.c:1551): Unable to open the proc file system: Operation not permitted --> !!!here!!! (00.011990) uns: calling exit_usernsd (-1, 1) (00.012046) uns: daemon calls 0x4823d0 (3768795, -1, 1) (00.012061) uns:
- daemon exits w/ 0 (00.012801) Error (criu/cr-restore.c:1517): 3768777 killed by signal 9: Killed (00.012814) uns: daemon stopped (00.012816) Error (criu/cr-restore.c:2557): Restoring FAILED. (00.013608) Error (criu/cgroup.c:1970): cg: cgroupd: recv req error: No such file or directory[root@laworks criutool]# criu --version Version: 3.19
[root@laworks criutool]# criu check --all Warn (criu/cr-check.c:1346): Nftables based locking requires libnftables and set concatenations support Looks good but some kernel features are missing which, depending on your process tree, may cause dump or restore failure.