-
Notifications
You must be signed in to change notification settings - Fork 325
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crun should never checkpoint the netns #1210
Comments
I had a look at it and can provide a fix. Different then in runc, but similar. |
This first needs changes in libcriu. The needed interface has not been exported, yet. I will open a PR in CRIU first. |
See checkpoint-restore/criu#2175 for the CRIU changes. |
@adrianreber Is there a way we can move forward here or do we need to wait on a new criu release? |
I see CI runs based on Ubuntu. I think we can update CRIU in Fedora and the Ubuntu PPA to include the necessary patch in the current release without waiting for a new release. @rst0git Can you update the CRIU PPA to 3.18 with the patch from checkpoint-restore/criu#2175 (maybe also the Sapphire Rapids patch)? |
Any update here? It would be great if we could get this fixed. |
Basically the same as 2a0947e but this made the exception to checkpoint the netns when the netns path is empty in the runtime spec. This works only for the case where podman creates a netns in advance but this is not always the case, i.e. when a custom userns is used (which also doesn't work in crun right now but this is a different issue #1207).
The problem now is that I want to consolidate the network setup code in podman containers/podman#18468 to only use one setup path instead of two for with and without userns. So going forward I always want to let the runtime create the netns (empty netns path in config) and after the create call configure the netns in podman. This works just fine except for the checkpoint/restore case. On restore criu tries to restore the netns which fails:
The same commands work just fine with runc because they always ignore the netns. opencontainers/runc@8187fb7
So my ask is to always ignore the netns to match runc behavior and allow poman to work correctly.
The text was updated successfully, but these errors were encountered: