[CRIU] [PATCH] report the potential selinux problem if mmap_seized() fails
Oleg Nesterov
oleg at redhat.com
Tue Apr 21 10:16:22 PDT 2015
selinux can deny mmap(PROT_WRITE | PROT_EXEC) and in this case it is
not clear why CRIU fails, "Can't allocate memory for parasite blob"
doesn't tell too much. Add a pr_warn() hint for the user.
Signed-off-by: Oleg Nesterov <oleg at redhat.com>
---
arch/x86/crtools.c | 11 +++++++++--
1 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/arch/x86/crtools.c b/arch/x86/crtools.c
index 02ce2e5..06d824a 100644
--- a/arch/x86/crtools.c
+++ b/arch/x86/crtools.c
@@ -445,8 +445,15 @@ void *mmap_seized(struct parasite_ctl *ctl,
err = syscall_seized(ctl, __NR_mmap, &map,
(unsigned long)addr, length, prot, flags, fd, offset);
- if (err < 0 || map > TASK_SIZE)
- map = 0;
+ if (err < 0)
+ return NULL;
+
+ if (IS_ERR_VALUE(map)) {
+ if (map == -EACCES && (prot & PROT_WRITE) && (prot & PROT_EXEC))
+ pr_warn("mmap(PROT_WRITE | PROT_EXEC) failed for %d, "
+ "check selinux execmem policy\n", ctl->pid.real);
+ return NULL;
+ }
return (void *)map;
}
--
1.5.5.1
More information about the CRIU
mailing list