CRIU always restores processes into a time namespace

Maybe makes sense to add "Since v3.14, CRIU always restores ..."

@adrianreber @lifubang @rata PTAL

CRIU always restores processes into a time namespace to prevent backward jumps of monotonic and boottime clocks.

Do you know whether this is a long term solution or not in CRIU. It seems that criu set a wrong time offset config for the restored process.

diff --git a/tests/integration/checkpoint.bats b/tests/integration/checkpoint.bats
index 3db34061..85368a8a 100644
--- a/tests/integration/checkpoint.bats
+++ b/tests/integration/checkpoint.bats
@@ -474,5 +474,9 @@ function simple_cr() {
                runc exec test_busybox sh -c 'sleep 1000 < /dev/null &> /dev/null & echo $!'
                [ "$status" -eq 0 ]
                execed_pid=$output
+               runc exec test_busybox cat /proc/self/timens_offsets
+               [ "$status" -eq 0 ]
+               grep -E '^monotonic\s+0\s+0$' <<<"$output"
+               grep -E '^boottime\s+0\s+0$' <<<"$output"
        done
 }

Test error msg:

...
   runc exec test_busybox sh -c sleep 1000 < /dev/null &> /dev/null & echo $! (status=0):
   29
   runc exec test_busybox cat /proc/self/timens_offsets (status=0):
   monotonic          -1 955929992
   boottime           -1 955925201
   --- teardown ---

12 tests, 1 failure, 2 skipped

I don't know whether this is the expected result or not.

CRIU always restores processes into a time namespace to prevent backward jumps of monotonic and boottime clocks.

Do you know whether this is a long term solution or not in CRIU.

It is a long-term solution. The time namespace was designed for the C/R purpose, and there is no way to restore processes without using time namespaces.

It seems that criu set a wrong time offset config for the restored process.

CRIU sets offsets so that the monotonic and boottime clocks continue ticking from the moment when a container was dumped. The monotonic and boottime clocks cannot jump backward. When a container is restored on another machine or on the same machine after a reboot, the "native" clocks can have any values, and we need to adjust them according to their values when the processes were dumped.

PTAL to see if your concern is addressed

I think it's reasonable for CRIU to set the restored processes's time offset.
But after the container restored, maybe the new exec processes to this container shouldn't join the init's process's time ns? Because I think these new processes didn't need to know whether this container has been check pointed and restored for sometimes or not. But maybe I'm wrong.

@lifubang what do you mean exactly? That the container process and the exec'ed process should not use the same time namespace?

@lifubang what do you mean exactly? That the container process and the exec'ed process should not use the same time namespace?

Yes, I think because the original config.json may not contain time namespace when creating a container. So the new exec'ed process after restored should not have a different time offset too.

@lifubang but having a different view in exec than the container seems very confusing. And debugging anything might be very hard (if it's timens related)

@lifubang but having a different view in exec than the container seems very confusing. And debugging anything might be very hard (if it's timens related)

Yes, so I have no strong opinion to change. Feel free to merge this PR.

@lifubang merging then. We can revert or fix if you find any weird issue, as you usually do. I hope not in this case, though :)

1.3 backport: #4705

Looking at the upstream issue, it was reported with 1.2. So we should backport it there too.

Looking at the upstream issue, it was reported with 1.2. So we should backport it there too.

I'm not sure if we'll ever do 1.2.7 but why not.

1.2 backport: #4714