[CRIU] [PATCHv5 3/3] crtools: cr_service() meat and a few fixes to properly dump cr_service socket
Ruslan Kuprieiev
kupruser at gmail.com
Tue Sep 10 09:32:34 EDT 2013
On 09/10/2013 04:51 PM, Pavel Emelyanov wrote:
> On 09/09/2013 11:46 PM, Ruslan Kuprieiev wrote:
>> On 09/09/2013 10:51 PM, Pavel Emelyanov wrote:
>>> On 09/09/2013 04:30 PM, Ruslan Kuprieiev wrote:
>>>> + pr_perror("Can't stat images direcrtory");
>>>> + goto err;
>>>> + }
>>>> +
>>>> + if (ids.uid == st.st_uid || ids.gid == st.st_gid || ids.uid == 0) {
>>> This check is pointless. Kernel would do it itself properly.
>> But criu will open dir as root. And here we are checking if client has
>> permissions to write to this directory.
> Crap :( Well, this check is wrong anyway -- the permissions to access
> a directory are not just about ids matching.
>
> Then we have to do a trick -- an application opens the directory and sends
> us just the file descriptor number in the protobuf message. Criu service then
> goes and opens /proc/$pid/fd/$img_fd and sets one as destination directory.
Oh, cool :).
> Got it?
Yep.
>
>>> I think in RPC we should use raw pb messages w/o u32 size-s pb_foo
>>> engine adds.
>> Why? Isn't sending sizes of msgs good?
> For RPC -- no. This engine is planned to be used as-is by python/java/ruby
> and other apps, and forcing them to mess with uint32-s and alike is not nice.
> Just protobuf messages.
More information about the CRIU
mailing list