criu: enable setting of RPC config file

[rst0git]

This commit adds support for specifying a CRIU RPC configuration file. This allows users to overwrite the default CRIU options used by the container runtimes, for example, to specify options such as --tcp-established when checkpointing containers in Kubernetes. For compatibility with runc, the default config file path is set to /etc/criu/runc.conf.

We check for newer CRIU version than 4.1.1 as libcriu doesn't provide criu_set_config_file() in previous versions: checkpoint-restore/criu#2777

Summary by Sourcery

Enable users to override the default CRIU options by specifying a custom RPC configuration file, with support gated on CRIU versions >4.1.1.

New Features:

• Allow specifying a custom CRIU RPC config file for container checkpoint/restore operations

Enhancements:

• Add default config file path (/etc/criu/runc.conf) and wrap criu_set_config_file calls behind a CRIU_CONFIG_FILE guard
• Detect CRIU versions >4.1.1 in configure.ac to enable RPC config file support

Chores:

• Add config_file field to libcrun_checkpoint_restore_t structure

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Enables specifying a custom CRIU RPC configuration file by conditionally exposing and invoking criu_set_config_file in libcrun (defaulting to /etc/criu/runc.conf) when CRIU ≥ 4.1.1, gated via autotools checks.

Class diagram for updated libcrun_checkpoint_restore_s structure

classDiagram
class libcrun_checkpoint_restore_s {
  int network_lock_method
  char* lsm_profile
  char* lsm_mount_context
  char* config_file
}

Loading

Class diagram for updated libcriu_wrapper_s structure

classDiagram
class libcriu_wrapper_s {
  void (*criu_set_work_dir_fd)(int fd)
  int (*criu_set_lsm_profile)(const char* name)
  int (*criu_set_lsm_mount_context)(const char* name)
  int (*criu_set_config_file)(const char* path)  // Only if CRIU_CONFIG_FILE is defined
}

Loading

File-Level Changes

Change	Details	Files
Implement CRIU config file support in libcrun wrapper	Define default config path macro CRIU_RUNC_CONFIG_FILE Add criu_set_config_file pointer to wrapper struct Load criu_set_config_file in load_wrapper under CRIU_CONFIG_FILE guard Invoke criu_set_config_file during checkpoint setup	src/libcrun/criu.c
Add autotools checks for CRIU_CONFIG_FILE support	Check for CRIU > 4.1.1 via PKG_CHECK_MODULES Define CRIU_CONFIG_FILE macro when supported Emit notice if libcriu lacks config file API	configure.ac
Extend checkpoint/restore struct to carry config file path	Add config_file field to libcrun_checkpoint_restore_s	src/libcrun/container.h

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[rst0git]

cc: @adrianreber

[giuseppe]

should we have a crun version as well?

If the crun version doesn't exist we can use this one

[rst0git]

We want users be able to use the checkpointing functionality of CRI-O, Podman and containerd with crun in the same way as they would with runc. Support for the runc.conf file was introduced back in 2019 (opencontainers/runc#1933) and has been used as a method to overwrite the CRIU options set by the container runtime. This configuration file allows, for example, to checkpoint/restore containers with established TCP connections in Kubernetes.

In addition to runc.conf, CRIU supports /etc/criu/default.conf. This file is parsed before the CRIU options set by the container runtime via RPC and doesn't overwrite them.

Adding support for crun.conf could confuse users about which configuration file to use and end up being more frustrating than helpful. However, from the perspective of users who do not use runc at all, they might expect the file to be called /etc/criu/crun.conf.

@adrianreber What do you think?

[kolyshkin]

I think @giuseppe means to support both crun.conf and runc.conf, with the former one being a priority.

[adrianreber]

The correct name of the file is tricky. Not sure if we should use runc.conf or crun.conf.

@rst0git You should include the annotation possibility from runc also https://github.com/opencontainers/runc/blob/main/docs%2Fcheckpoint-restore.md