Added a function to the controller to checkpoint a container.

Functionality for checkpoint is not complete, more to come.

PiperOrigin-RevId: 199500803
Change-Id: Iafb0fcde68c584270000fea898e6657a592466f7

2 files changed, 22 insertions, 3 deletions

diff --git a/runsc/boot/controller.go b/runsc/boot/controller.go
index 8fc0a9076..095b0a9b9 100644
--- a/runsc/boot/controller.go
+++ b/runsc/boot/controller.go
@@ -22,9 +22,13 @@ import (
 	"gvisor.googlesource.com/gvisor/pkg/sentry/control"
 	"gvisor.googlesource.com/gvisor/pkg/sentry/kernel"
 	"gvisor.googlesource.com/gvisor/pkg/sentry/socket/epsocket"
+	"gvisor.googlesource.com/gvisor/pkg/sentry/watchdog"
 )
 
 const (
+	// ContainerCheckpoint checkpoints a container.
+	ContainerCheckpoint = "containerManager.Checkpoint"
+
 	// ContainerEvent is the URPC endpoint for getting stats about the
 	// container used by "runsc events".
 	ContainerEvent = "containerManager.Event"
@@ -69,7 +73,7 @@ type controller struct {
 }
 
 // newController creates a new controller and starts it listening.
-func newController(fd int, k *kernel.Kernel) (*controller, error) {
+func newController(fd int, k *kernel.Kernel, w *watchdog.Watchdog) (*controller, error) {
 	srv, err := server.CreateFromFD(fd)
 	if err != nil {
 		return nil, err
@@ -79,6 +83,7 @@ func newController(fd int, k *kernel.Kernel) (*controller, error) {
 		startChan:       make(chan struct{}),
 		startResultChan: make(chan error),
 		k:               k,
+		watchdog:        w,
 	}
 	srv.Register(manager)
 
@@ -113,6 +118,9 @@ type containerManager struct {
 	// k is the emulated linux kernel on which the sandboxed
 	// containers run.
 	k *kernel.Kernel
+
+	// watchdog is the kernel watchdog.
+	watchdog *watchdog.Watchdog
 }
 
 // StartRoot will start the root container process.
@@ -136,6 +144,15 @@ func (cm *containerManager) Execute(e *control.ExecArgs, waitStatus *uint32) err
 	return nil
 }
 
+// Checkpoint pauses a sandbox and saves its state.
+func (cm *containerManager) Checkpoint(o *control.SaveOpts, _ *struct{}) error {
+	state := control.State{
+		Kernel:   cm.k,
+		Watchdog: cm.watchdog,
+	}
+	return state.Save(o, nil)
+}
+
 // Wait waits for the init process in the given container.
 func (cm *containerManager) Wait(cid *string, waitStatus *uint32) error {
 	// TODO: Use the cid and wait on the init process in that
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
index 76edbb905..41d1ee50d 100644
--- a/runsc/boot/loader.go
+++ b/runsc/boot/loader.go
@@ -186,6 +186,9 @@ func New(spec *specs.Spec, conf *Config, controllerFD int, ioFDs []int, console
 		atomic.StoreUint32(&sniffer.LogPackets, 0)
 	}
 
+	// Create a watchdog.
+	watchdog := watchdog.New(k, watchdog.DefaultTimeout, watchdog.LogWarning)
+
 	// Create the control server using the provided FD.
 	//
 	// This must be done *after* we have initialized the kernel since the
@@ -195,7 +198,7 @@ func New(spec *specs.Spec, conf *Config, controllerFD int, ioFDs []int, console
 	// misconfigured process will cause an error, and we want the control
 	// server up before that so that we don't time out trying to connect to
 	// it.
-	ctrl, err := newController(controllerFD, k)
+	ctrl, err := newController(controllerFD, k, watchdog)
 	if err != nil {
 		return nil, fmt.Errorf("error creating control server: %v", err)
 	}
@@ -254,7 +257,6 @@ func New(spec *specs.Spec, conf *Config, controllerFD int, ioFDs []int, console
 	// the emulated kernel.
 	stopSignalForwarding := sighandling.StartForwarding(k)
 
-	watchdog := watchdog.New(k, watchdog.DefaultTimeout, watchdog.LogWarning)
 	return &Loader{
 		k:                    k,
 		ctrl:                 ctrl,