[CRIU] RPC support for --shell-job missing on restore

Ruslan Kuprieiev kupruser at gmail.com
Fri May 16 16:07:17 PDT 2014


On 16.05.2014 19:50, Allan Cecil wrote:
> On 2014-05-16 07:55, Ruslan Kuprieiev wrote:
>> On 16.05.2014 17:22, Ruslan Kuprieiev wrote:
>>> On 16.05.2014 17:20, Andrew Vagin wrote:
>>>> On Fri, May 16, 2014 at 05:16:02PM +0300, Ruslan Kuprieiev wrote:
>>>>> On 16.05.2014 17:08, Andrew Vagin wrote:
>>>>>> On Fri, May 16, 2014 at 04:49:16PM +0300, Ruslan Kuprieiev wrote:
>>>>>>> On 16.05.2014 16:28, Andrew Vagin wrote:
>>>>>>>> On Fri, May 16, 2014 at 08:33:41AM -0400, Christopher Covington 
>>>>>>>> wrote:
> ~snip~
>>>>>>> If i get it right, there are some typos in check_ids() from 
>>>>>>> security.c:
>>>>>>> static bool check_ids(unsigned int crid, unsigned int rid, 
>>>>>>> unsigned int eid,
>>>>>>> unsigned int sid)
>>>>>>> {
>>>>>>>      if (crid == 0)
>>>>>>>          return true;
>>>>>>>      if (crid == rid && crid == eid && crid == sid) // Here 
>>>>>>> probably should
>>>>>>> be "||"s instead of "&&"s
>>>>>>>          return true;
>>>>>>>
>>>>>>>      pr_err("UID/GID mismatch %u != (%u,%u,%u)\n", crid, rid, 
>>>>>>> eid, sid);
>>>>>>>      return false;
>>>>>>> }
>>>>>>>
>>>>>>> Does it look right to you? If so, will send patch.
>>>>>> Yes, it does. Is it correct that if we can kill a task, we should be
>>>>>> able to dump it?
>>>>> Looks correct to me.
>>>>>
>>>>>> static int kill_ok_by_cred(struct task_struct *t)
>>>>>> {
>>>>>>          const struct cred *cred = current_cred();
>>>>>>          const struct cred *tcred = __task_cred(t);
>>>>>>
>>>>>>          if (uid_eq(cred->euid, tcred->suid) ||
>>>>>>              uid_eq(cred->euid, tcred->uid)  ||
>>>>>>              uid_eq(cred->uid,  tcred->suid) ||
>>>>>>              uid_eq(cred->uid,  tcred->uid))
>>>>>>                  return 1;
>>>>>>
>>>>>>          if (ns_capable(tcred->user_ns, CAP_KILL))
>>>>>>                  return 1;
>>>>>>
>>>>>>          return 0;
>>>>>> }
>>>>>>
>>>>> Sorry if I didn't get smth right, but where and why do you want to 
>>>>> put this
>>>>> function(kill_ok_by_cred)?
>>>> This function from the linux kernel is used to check permission to 
>>>> kill
>>>> a "t" task
>>>
>>> Oh, I see.=) Thanks.
>>> Will send patch ASAP.
>>>
>>
>> Done.
>
> Thank you to everyone for the fast response on this!  Will this be 
> checked in to the main git repository?  If so I'll try this out 
> tonight.  Thanks again,
>

It probably will be applied at Monday.
Until then, you can apply patch on your own copy of repo.

> A.C.
> ******


-- 
Signed-off-by: Ruslan Kuprieiev kupruser at gmail.com



More information about the CRIU mailing list