From 3e99aa3628544e71a8a21f5ee2db94fa273dc9f8 Mon Sep 17 00:00:00 2001 From: Adrian Reber Date: Wed, 5 Feb 2020 13:58:25 +0000 Subject: [PATCH] Fix checkpoint/restore tests on Fedora 31 The Travis tests running on Fedora 31 with cgroup2 on Vagrant had the CRIU parts disabled because of a couple of problems. One problem was a bug in runc and CRIU handling that Andrei fixed. In addition four patches from the upcoming CRIU 3.14 are needed for minimal cgroup2 support (freezer and mounting of cgroup2). With Andrei's fix and the CRIU cgroup2 support and the runc CRIU cgroup2 integration it is now possible the checkpoint integration tests again on the Fedora Vagrant cgroup2 based integration test. To run CRIU based tests the modules of Fedora 31 (the test host system) are mounted inside of the container used to test runc in the buster based container with -v /lib/modules:/lib/modules. Signed-off-by: Adrian Reber --- .travis.yml | 3 ++- Dockerfile | 8 ++++++- libcontainer/integration/checkpoint_test.go | 23 +++++++++++++-------- 3 files changed, 23 insertions(+), 11 deletions(-) diff --git a/.travis.yml b/.travis.yml index b762b632..5bbcf6eb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -32,7 +32,8 @@ matrix: - ssh default sudo dnf install -y podman script: - ssh default sudo podman build -t test /vagrant - - ssh default sudo podman run --privileged --cgroupns=private test make localunittest + # Mounting /lib/modules into the container is necessary as CRIU wants to load (via iptables) additional modules + - ssh default sudo podman run --privileged --cgroupns=private -v /lib/modules:/lib/modules:ro test make localunittest allow_failures: - go: tip - name: "cgroup-v2" diff --git a/Dockerfile b/Dockerfile index d3e91bc7..94be151e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ ARG GO_VERSION=1.13 ARG BATS_VERSION=03608115df2071fff4eaaff1605768c275e5f81f -ARG CRIU_VERSION=v3.12 +ARG CRIU_VERSION=v3.13 FROM golang:${GO_VERSION}-buster ARG DEBIAN_FRONTEND=noninteractive @@ -62,7 +62,13 @@ ARG CRIU_VERSION RUN mkdir -p /usr/src/criu \ && curl -fsSL https://github.com/checkpoint-restore/criu/archive/${CRIU_VERSION}.tar.gz | tar -C /usr/src/criu/ -xz --strip-components=1 \ && cd /usr/src/criu \ + && echo 1 > .gitid \ + && curl -sSL https://github.com/checkpoint-restore/criu/commit/4c27b3db4f4325a311d8bfa9a50ea3efb4d6e377.patch | patch -p1 \ + && curl -sSL https://github.com/checkpoint-restore/criu/commit/aac41164b2cd7f0d2047f207b32844524682e43f.patch | patch -p1 \ + && curl -sSL https://github.com/checkpoint-restore/criu/commit/6f19249b2565f3f7c0a1f8f65b4ae180e8f7f34b.patch | patch -p1 \ + && curl -sSL https://github.com/checkpoint-restore/criu/commit/378337a496ca759848180bc5411e4446298c5e4e.patch | patch -p1 \ && make install-criu \ + && cd - \ && rm -rf /usr/src/criu COPY script/tmpmount / diff --git a/libcontainer/integration/checkpoint_test.go b/libcontainer/integration/checkpoint_test.go index 51ed401f..2f6990f8 100644 --- a/libcontainer/integration/checkpoint_test.go +++ b/libcontainer/integration/checkpoint_test.go @@ -60,9 +60,6 @@ func testCheckpoint(t *testing.T, userns bool) { if testing.Short() { return } - if cgroups.IsCgroup2UnifiedMode() { - t.Skip("cgroup v2 is not supported") - } root, err := newTestRoot() if err != nil { @@ -78,16 +75,24 @@ func testCheckpoint(t *testing.T, userns bool) { config := newTemplateConfig(rootfs) - config.Mounts = append(config.Mounts, &configs.Mount{ - Destination: "/sys/fs/cgroup", - Device: "cgroup", - Flags: defaultMountFlags | unix.MS_RDONLY, - }) - if userns { config.UidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}} config.GidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}} config.Namespaces = append(config.Namespaces, configs.Namespace{Type: configs.NEWUSER}) + } else { + var cgroupDevice string + + if cgroups.IsCgroup2UnifiedMode() { + cgroupDevice = "cgroup2" + } else { + cgroupDevice = "cgroup" + } + + config.Mounts = append(config.Mounts, &configs.Mount{ + Destination: "/sys/fs/cgroup", + Device: cgroupDevice, + Flags: defaultMountFlags | unix.MS_RDONLY, + }) } factory, err := libcontainer.New(root, libcontainer.Cgroupfs)