[CRIU] [PATCH 07/17] dump: move the may_dump() check in seize_task()

[Andrey Vagin]

It's a bad idea to a group of processes and only then check
rights for this operation. We need to check permissions a soon as
posible to reduce impacts in case of wrong permissions.

In addtion criu doesn't to parse /proc/pid/state and gets all required
infromation from /proc/pid/status.

Signed-off-by: Andrey Vagin <avagin at openvz.org>
---
 cr-dump.c | 13 -------------
 ptrace.c  | 22 ++++++++++++++--------
 2 files changed, 14 insertions(+), 21 deletions(-)

diff --git a/cr-dump.c b/cr-dump.c
index 7fd7319..ad2b54b 100644
--- a/cr-dump.c
+++ b/cr-dump.c
@@ -1484,19 +1484,6 @@ static int dump_one_task(struct pstree_item *item)
 	if (ret < 0)
 		goto err;
 
-	if (!cr_user_is_root()) {
-		struct proc_status_creds cr;
-
-		ret = parse_pid_status(pid, &cr);
-		if (ret)
-			goto err;
-
-		if (!may_dump(&cr)) {
-			pr_err("Check uid (pid: %d) failed\n", pid);
-			goto err;
-		}
-	}
-
 	ret = collect_mappings(pid, &vmas);
 	if (ret) {
 		pr_err("Collect mappings (pid: %d) failed with %d\n", pid, ret);
diff --git a/ptrace.c b/ptrace.c
index dd7f13f..b102a1b 100644
--- a/ptrace.c
+++ b/ptrace.c
@@ -18,6 +18,7 @@
 #include "util.h"
 #include "ptrace.h"
 #include "proc_parse.h"
+#include "crtools.h"
 
 int unseize_task(pid_t pid, int orig_st, int st)
 {
@@ -49,7 +50,7 @@ int seize_task(pid_t pid, pid_t ppid)
 	siginfo_t si;
 	int status;
 	int ret, ret2, ptrace_errno;
-	struct proc_pid_stat_small ps;
+	struct proc_status_creds cr;
 
 	ret = ptrace(PTRACE_SEIZE, pid, NULL, 0);
 	ptrace_errno = errno;
@@ -78,26 +79,31 @@ int seize_task(pid_t pid, pid_t ppid)
 	 * we might nead at that early point.
 	 */
 
-	ret2 = parse_pid_stat_small(pid, &ps);
-	if (ret2 < 0)
-		return -1;
+	ret2 = parse_pid_status(pid, &cr);
+	if (ret2)
+		goto err;
+
+	if (!may_dump(&cr)) {
+		pr_err("Check uid (pid: %d) failed\n", pid);
+		goto err;
+	}
 
 	if (ret < 0) {
-		if (ps.state != 'Z') {
+		if (cr.state != 'Z') {
 			if (pid == getpid())
 				pr_err("The criu itself is within dumped tree.\n");
 			else
 				pr_err("Unseizable non-zombie %d found, state %c, err %d/%d\n",
-						pid, ps.state, ret, ptrace_errno);
+						pid, cr.state, ret, ptrace_errno);
 			return -1;
 		}
 
 		return TASK_DEAD;
 	}
 
-	if ((ppid != -1) && (ps.ppid != ppid)) {
+	if ((ppid != -1) && (cr.ppid != ppid)) {
 		pr_err("Task pid reused while suspending (%d: %d -> %d)\n",
-				pid, ppid, ps.ppid);
+				pid, ppid, cr.ppid);
 		goto err;
 	}
 
-- 
1.9.3