[CRIU] RPC support for --shell-job missing on restore
Ruslan Kuprieiev
kupruser at gmail.com
Fri May 16 16:07:17 PDT 2014
On 16.05.2014 19:50, Allan Cecil wrote:
> On 2014-05-16 07:55, Ruslan Kuprieiev wrote:
>> On 16.05.2014 17:22, Ruslan Kuprieiev wrote:
>>> On 16.05.2014 17:20, Andrew Vagin wrote:
>>>> On Fri, May 16, 2014 at 05:16:02PM +0300, Ruslan Kuprieiev wrote:
>>>>> On 16.05.2014 17:08, Andrew Vagin wrote:
>>>>>> On Fri, May 16, 2014 at 04:49:16PM +0300, Ruslan Kuprieiev wrote:
>>>>>>> On 16.05.2014 16:28, Andrew Vagin wrote:
>>>>>>>> On Fri, May 16, 2014 at 08:33:41AM -0400, Christopher Covington
>>>>>>>> wrote:
> ~snip~
>>>>>>> If i get it right, there are some typos in check_ids() from
>>>>>>> security.c:
>>>>>>> static bool check_ids(unsigned int crid, unsigned int rid,
>>>>>>> unsigned int eid,
>>>>>>> unsigned int sid)
>>>>>>> {
>>>>>>> if (crid == 0)
>>>>>>> return true;
>>>>>>> if (crid == rid && crid == eid && crid == sid) // Here
>>>>>>> probably should
>>>>>>> be "||"s instead of "&&"s
>>>>>>> return true;
>>>>>>>
>>>>>>> pr_err("UID/GID mismatch %u != (%u,%u,%u)\n", crid, rid,
>>>>>>> eid, sid);
>>>>>>> return false;
>>>>>>> }
>>>>>>>
>>>>>>> Does it look right to you? If so, will send patch.
>>>>>> Yes, it does. Is it correct that if we can kill a task, we should be
>>>>>> able to dump it?
>>>>> Looks correct to me.
>>>>>
>>>>>> static int kill_ok_by_cred(struct task_struct *t)
>>>>>> {
>>>>>> const struct cred *cred = current_cred();
>>>>>> const struct cred *tcred = __task_cred(t);
>>>>>>
>>>>>> if (uid_eq(cred->euid, tcred->suid) ||
>>>>>> uid_eq(cred->euid, tcred->uid) ||
>>>>>> uid_eq(cred->uid, tcred->suid) ||
>>>>>> uid_eq(cred->uid, tcred->uid))
>>>>>> return 1;
>>>>>>
>>>>>> if (ns_capable(tcred->user_ns, CAP_KILL))
>>>>>> return 1;
>>>>>>
>>>>>> return 0;
>>>>>> }
>>>>>>
>>>>> Sorry if I didn't get smth right, but where and why do you want to
>>>>> put this
>>>>> function(kill_ok_by_cred)?
>>>> This function from the linux kernel is used to check permission to
>>>> kill
>>>> a "t" task
>>>
>>> Oh, I see.=) Thanks.
>>> Will send patch ASAP.
>>>
>>
>> Done.
>
> Thank you to everyone for the fast response on this! Will this be
> checked in to the main git repository? If so I'll try this out
> tonight. Thanks again,
>
It probably will be applied at Monday.
Until then, you can apply patch on your own copy of repo.
> A.C.
> ******
--
Signed-off-by: Ruslan Kuprieiev kupruser at gmail.com
More information about the CRIU
mailing list