[CRIU] is CR_STATE_RESTORE_CREDS necessary?
Tycho Andersen
tycho.andersen at canonical.com
Wed Dec 9 09:05:04 PST 2015
Hi all,
I'm trying to figure out a way to get rid of this FIXME:
https://github.com/xemul/criu/blob/master/test/zdtm/live/static/seccomp_filter.c#L103
to do this, we need to call restore_seccomp() before restore_creds(),
but if we're doing that, we need to suspend seccomp so that it doesn't
kill the task if the policy has blocked some syscall that
restore_creds does.
Right now, seccomp is suspended in attach_to_tasks(), because that's
the last ptrace attach that criu does to the tasks. However, that
happens after CR_STATE_RESTORE_CREDS, i.e. after the creds are
restored.
I could just move the attach_to_tasks call above
CR_STATE_RESTORE_CREDS, but I think that would deadlock since the main criu
tasks waits for the tasks to be complete, but they're all in the
stopped state (because we'd have ptraced them), and the loop that lets
them run is in parasite_stop_on_syscall much further below.
My idea here is to get rid of this CR_STATE_RESTORE_CREDS and just
ptrace attach after CR_STATE_RESTORE_SIGCHLD and run the loop there.
But, I'm not sure if CR_STATE_RESTORE_CREDS is used for anything. It
doesn't seem necessary, but probably I'm missing something :)
Tycho
More information about the CRIU
mailing list