[CRIU] [PATCH] Preserve the dumpable flag on criu dump/restore.

[Filipe Brandenburger]

Preserve the dumpable flag, which affects whether a core dump will be
generated, but also affects the ownership of the virtual files under
/proc/$pid after restoring a process.

Tested: Restored a process with a criu including this patch and looked
at /proc/$pid to confirm that the virtual files were no longer all owned
by root:root.

zdtm tests pass except for cow01 which seems to be broken.
(see https://bugzilla.openvz.org/show_bug.cgi?id=2967 for details.)

This patch fixes https://bugzilla.openvz.org/show_bug.cgi?id=2968

Signed-off-by: Filipe Brandenburger <filbranden at google.com>
---
 include/parasite.h   | 1 +
 include/prctl.h      | 6 ++++++
 parasite-syscall.c   | 2 ++
 pie/parasite.c       | 1 +
 pie/restorer.c       | 8 ++++++++
 protobuf/creds.proto | 2 ++
 6 files changed, 20 insertions(+)

diff --git a/include/parasite.h b/include/parasite.h
index 502d57504328..8416f01c5448 100644
--- a/include/parasite.h
+++ b/include/parasite.h
@@ -162,6 +162,7 @@ struct parasite_dump_misc {
 
 struct parasite_dump_creds {
 	unsigned int		secbits;
+	unsigned int		dumpable;
 	unsigned int		ngroups;
 	unsigned int		groups[PARASITE_MAX_GROUPS];
 };
diff --git a/include/prctl.h b/include/prctl.h
index 2bf1a13c00e5..b815b96bb631 100644
--- a/include/prctl.h
+++ b/include/prctl.h
@@ -16,6 +16,12 @@
 #ifndef PR_SET_SECUREBITS
 # define PR_SET_SECUREBITS	28
 #endif
+#ifndef PR_GET_DUMPABLE
+# define PR_GET_DUMPABLE	3
+#endif
+#ifndef PR_SET_DUMPABLE
+# define PR_SET_DUMPABLE	4
+#endif
 
 #ifndef PR_SET_MM
 #define PR_SET_MM		35
diff --git a/parasite-syscall.c b/parasite-syscall.c
index 8a758dd03fc2..110d4f064cfc 100644
--- a/parasite-syscall.c
+++ b/parasite-syscall.c
@@ -740,6 +740,8 @@ int parasite_dump_creds(struct parasite_ctl *ctl, CredsEntry *ce)
 		return -1;
 
 	ce->secbits = pc->secbits;
+	ce->dumpable = pc->dumpable;
+	ce->has_dumpable = true;
 	ce->n_groups = pc->ngroups;
 
 	/*
diff --git a/pie/parasite.c b/pie/parasite.c
index 152186271361..1b3588a1613f 100644
--- a/pie/parasite.c
+++ b/pie/parasite.c
@@ -168,6 +168,7 @@ static int dump_creds(struct parasite_dump_creds *args)
 	int ret;
 
 	args->secbits = sys_prctl(PR_GET_SECUREBITS, 0, 0, 0, 0);
+	args->dumpable = sys_prctl(PR_GET_DUMPABLE, 0, 0, 0, 0);
 
 	ret = sys_getgroups(0, NULL);
 	if (ret < 0)
diff --git a/pie/restorer.c b/pie/restorer.c
index f0a2d3e55309..70f893aa43eb 100644
--- a/pie/restorer.c
+++ b/pie/restorer.c
@@ -141,6 +141,14 @@ static int restore_creds(CredsEntry *ce)
 		return -1;
 	}
 
+	if (ce->has_dumpable) {
+		ret = sys_prctl(PR_SET_DUMPABLE, ce->dumpable, 0, 0, 0);
+		if (ret) {
+			pr_err("Unable to set PR_SET_DUMPABLE: %d\n", ret);
+			return -1;
+		}
+	}
+
 	/*
 	 * Fourth -- trim bset. This can only be done while
 	 * having the CAP_SETPCAP capablity.
diff --git a/protobuf/creds.proto b/protobuf/creds.proto
index 68894ac074b1..b5b3ba0d40ff 100644
--- a/protobuf/creds.proto
+++ b/protobuf/creds.proto
@@ -16,4 +16,6 @@ message creds_entry {
 	required uint32	secbits	= 13;
 
 	repeated uint32	groups	= 14;
+
+	optional uint32	dumpable = 15;
 }
-- 
1.9.1.423.g4596e3a