[CRIU] [PATCHv2] files-reg: restore PR_SET_DUMPABLE flag after setfsuid

[Dmitry Safonov]

Restore dumpable flag after setfsuid to assure that created /proc/self/*
file inode had task's credentials. Without it it would have root creds
and trying to access proc files of task will fail from non-root user
in generic vfs permission check.

Signed-off-by: Dmitry Safonov <dsafonov at odin.com>
---
 files-reg.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/files-reg.c b/files-reg.c
index 425dc04..8a2a5fd 100644
--- a/files-reg.c
+++ b/files-reg.c
@@ -1091,13 +1091,22 @@ static int linkat_hard(int odir, char *opath, int ndir, char *npath, uid_t owner
 
 	if (root_ns_mask & CLONE_NEWUSER) {
 		setfsuid(old_fsuid);
-		if (setfsuid(-1) != old_fsuid)
+		if (setfsuid(-1) != old_fsuid) {
 			pr_warn("Failed to restore old fsuid!\n");
 			/*
 			 * Don't fail here. We still have chances to run till
 			 * the pie/restorer, and if _this_ guy fails to set
 			 * the proper fsuid, then we'll abort the restore.
 			 */
+		}
+
+		/*
+		 * Restoring PR_SET_DUMPABLE flag is required after setfsuid,
+		 * as if it not set, proc inode will be created with root cred
+		 * (see proc_pid_make_inode), which will result in permission
+		 * check fail when trying to access files in /proc/self/
+		 */
+		prctl(PR_SET_DUMPABLE, 1, 0);
 	}
 	errno = errno_save;
 
-- 
2.6.3