Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

/var/lib/sss/pipes/nss prevents criu to work #17

Open
judovana opened this issue Aug 11, 2021 · 7 comments
Open

/var/lib/sss/pipes/nss prevents criu to work #17

judovana opened this issue Aug 11, 2021 · 7 comments

Comments

@judovana
Copy link
Collaborator

Hello! I have no idea what this pipe is, but with it, criu fails. If you

sudo rm /var/lib/sss/pipes/nss

it, it will start work... a bit of magic for me. SHoudl be fixed, or documented or IDK....

@judovana
Copy link
Collaborator Author

Maybe at least hook should check the file and throw exception? Now it is cryptic death:)

@chflood
Copy link
Collaborator

chflood commented Aug 12, 2021

OK, so one way to fix this would be to add the following hooks:

class TestClearNSS extends Hook {
public void run() {
try {
Process p = Runtime.getRuntime().exec("rm -rf /var/lib/sss/pipes/nss");
p.waitFor();
p.destroy();
} catch(Exception e) {
}
}
}

class TestRestoreNSS extends Hook {
public void run() {
try {
Process p = Runtime.getRuntime().exec("authconfig --enablesssd --update");
p.waitFor();
p.destroy();
} catch (Exception e) {
}
}
}
I've verified that this works, but it feels like the wrong answer. Better ideas?

@judovana
Copy link
Collaborator Author

Hello! great idea!

However...one show stopper and one small nit:
nit: Why to rm with process?-) The old file.delete or new Files.delete should do the job?
show stopper: both the hooks require root. Although you are clear in readme that you need root, on systems I tried I had not yet needed the root to successfully suspend/restore. Based on that, I would say majority of systems can use jigawatts without root.

Based on that. If jigawatts is running as root, then add you pre and post hooks. If not, then instead of remova, trhow exception or at least print warning. The outpu when you attempt to suspend process and the file exists, do not let any clues

@judovana
Copy link
Collaborator Author

Update: in my previous comment, I was wrong. Only very dummy usecases on some systems do not require root. Everithing serius needs root, so the above gave sense.
Maybe more configurabele?
Like throw if the file exists, to provide good eception?
And provide property to to ignore its existence or on "force" to remvoe and restore it?

@tjwatson
Copy link

In my experience with criu you need to set many capabilities to the executable to get "real" things to work non-root:

setcap cap_sys_time,cap_dac_override,cap_chown,cap_setpcap,cap_setgid,cap_audit_control,cap_dac_read_search,cap_net_admin,cap_sys_chroot,cap_sys_ptrace,cap_fowner,cap_kill,cap_fsetid,cap_sys_resource,cap_setuid,cap_sys_admin=eip /usr/sbin/criu

@judovana
Copy link
Collaborator Author

Thanx a lot for enumeration!

@judovana
Copy link
Collaborator Author

Possible handling: #30

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants