diff options
Diffstat (limited to 'runsc/boot')
-rw-r--r-- | runsc/boot/BUILD | 1 | ||||
-rw-r--r-- | runsc/boot/loader.go | 46 | ||||
-rw-r--r-- | runsc/boot/loader_test.go | 2 |
3 files changed, 33 insertions, 16 deletions
diff --git a/runsc/boot/BUILD b/runsc/boot/BUILD index 1a81acde5..8b3b09a22 100644 --- a/runsc/boot/BUILD +++ b/runsc/boot/BUILD @@ -51,6 +51,7 @@ go_library( "//pkg/sentry/socket/netlink", "//pkg/sentry/socket/netlink/route", "//pkg/sentry/socket/unix", + "//pkg/sentry/state", "//pkg/sentry/strace", "//pkg/sentry/syscalls/linux", "//pkg/sentry/time", diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go index 89300a953..526e8f8bb 100644 --- a/runsc/boot/loader.go +++ b/runsc/boot/loader.go @@ -18,6 +18,7 @@ package boot import ( "fmt" "math/rand" + "os" "runtime" "sync/atomic" "syscall" @@ -35,6 +36,7 @@ import ( "gvisor.googlesource.com/gvisor/pkg/sentry/platform/kvm" "gvisor.googlesource.com/gvisor/pkg/sentry/platform/ptrace" "gvisor.googlesource.com/gvisor/pkg/sentry/sighandling" + "gvisor.googlesource.com/gvisor/pkg/sentry/state" slinux "gvisor.googlesource.com/gvisor/pkg/sentry/syscalls/linux" "gvisor.googlesource.com/gvisor/pkg/sentry/time" "gvisor.googlesource.com/gvisor/pkg/sentry/watchdog" @@ -90,7 +92,7 @@ func init() { } // New initializes a new kernel loader configured by spec. -func New(spec *specs.Spec, conf *Config, controllerFD int, ioFDs []int, console bool) (*Loader, error) { +func New(spec *specs.Spec, conf *Config, controllerFD, restoreFD int, ioFDs []int, console bool) (*Loader, error) { // Create kernel and platform. p, err := createPlatform(conf) if err != nil { @@ -165,20 +167,34 @@ func New(spec *specs.Spec, conf *Config, controllerFD int, ioFDs []int, console // Run(). networkStack := newEmptyNetworkStack(conf, k) - // Initiate the Kernel object, which is required by the Context passed - // to createVFS in order to mount (among other things) procfs. - if err = k.Init(kernel.InitKernelArgs{ - FeatureSet: cpuid.HostFeatureSet(), - Timekeeper: tk, - RootUserNamespace: creds.UserNamespace, - NetworkStack: networkStack, - // TODO: use number of logical processors from cgroups. - ApplicationCores: uint(runtime.NumCPU()), - Vdso: vdso, - RootUTSNamespace: utsns, - RootIPCNamespace: ipcns, - }); err != nil { - return nil, fmt.Errorf("error initializing kernel: %v", err) + // Check if we need to restore the kernel + if restoreFD != -1 { + restoreFile := os.NewFile(uintptr(restoreFD), "restore_file") + defer restoreFile.Close() + + // Load the state. + loadOpts := state.LoadOpts{ + Source: restoreFile, + } + if err := loadOpts.Load(k, p, networkStack); err != nil { + return nil, err + } + } else { + // Initiate the Kernel object, which is required by the Context passed + // to createVFS in order to mount (among other things) procfs. + if err = k.Init(kernel.InitKernelArgs{ + FeatureSet: cpuid.HostFeatureSet(), + Timekeeper: tk, + RootUserNamespace: creds.UserNamespace, + NetworkStack: networkStack, + // TODO: use number of logical processors from cgroups. + ApplicationCores: uint(runtime.NumCPU()), + Vdso: vdso, + RootUTSNamespace: utsns, + RootIPCNamespace: ipcns, + }); err != nil { + return nil, fmt.Errorf("error initializing kernel: %v", err) + } } // Turn on packet logging if enabled. diff --git a/runsc/boot/loader_test.go b/runsc/boot/loader_test.go index a7f59f775..dab7ad0c5 100644 --- a/runsc/boot/loader_test.go +++ b/runsc/boot/loader_test.go @@ -59,7 +59,7 @@ func createLoader() (*Loader, error) { FileAccess: FileAccessDirect, DisableSeccomp: true, } - return New(testSpec(), conf, fd, nil, false) + return New(testSpec(), conf, fd, -1, nil, false) } // TestRun runs a simple application in a sandbox and checks that it succeeds. |