When restoring tasks we call clone() and unshare() with flags needed but some of VE settings such as @iptables_mask affects how create proceed new namespace. Thus we need to restore this member at the very early pre-restore stage. I put @features here as well, for example sitX net_init action depends on it.
Signed-off-by: Cyrill Gorcunov <[email protected]> --- Igor, don't apply it please until explicit Ack from CC'ed list. scripts/vz-rst-action.in | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/scripts/vz-rst-action.in b/scripts/vz-rst-action.in index 4e408f2..f0b6aca 100755 --- a/scripts/vz-rst-action.in +++ b/scripts/vz-rst-action.in @@ -68,6 +68,12 @@ fi set -e case "$CRTOOLS_SCRIPT_ACTION" in +"pre-restore") + if [ -n "$VEID" ]; then + [ -n "$VE_IPTABLES_MASK" ] && cgset -r ve.iptables_mask="$VE_IPTABLES_MASK" $VEID + [ -n "$VE_FEATURES" ] && cgset -r ve.features="$VE_FEATURES" $VEID + fi + ;; "setup-namespaces") pid=$(cat $VE_PIDFILE) ln -s /proc/$pid/ns/net $VE_NETNS_FILE @@ -75,8 +81,6 @@ case "$CRTOOLS_SCRIPT_ACTION" in if [ -n "$VEID" ]; then [ -n "$VE_CLOCK_BOOTBASED" ] && cgset -r ve.clock_bootbased="$VE_CLOCK_BOOTBASED" $VEID [ -n "$VE_CLOCK_MONOTONIC" ] && cgset -r ve.clock_monotonic="$VE_CLOCK_MONOTONIC" $VEID - [ -n "$VE_IPTABLES_MASK" ] && cgset -r ve.iptables_mask="$VE_IPTABLES_MASK" $VEID - [ -n "$VE_FEATURES" ] && cgset -r ve.features="$VE_FEATURES" $VEID [ -n "$VE_AIO_MAX_NR" ] && cgset -r ve.aio_max_nr="$VE_AIO_MAX_NR" $VEID cgset -r ve.state="START $pid" $VEID || { echo "Failed to start $VEID"; exit 1; } fi -- 2.5.5 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
