[CRIU] [PATCH] zdtm: set the dumpable flag after setuid
Tycho Andersen
tycho.andersen at canonical.com
Wed Dec 23 06:57:12 PST 2015
On Tue, Dec 22, 2015 at 07:01:48PM +0300, Andrey Vagin wrote:
> From: Andrew Vagin <avagin at virtuozzo.com>
>
> Otherwise we will not able to access /proc/pid/* for the process.
>
> Cc: Tycho Andersen <tycho.andersen at canonical.com>
> Signed-off-by: Andrew Vagin <avagin at virtuozzo.com>
> ---
> test/zdtm/live/static/seccomp_filter.c | 23 ++++++++++++++++++++++-
> 1 file changed, 22 insertions(+), 1 deletion(-)
>
> diff --git a/test/zdtm/live/static/seccomp_filter.c b/test/zdtm/live/static/seccomp_filter.c
> index b1f13e4..329ac8a 100644
> --- a/test/zdtm/live/static/seccomp_filter.c
> +++ b/test/zdtm/live/static/seccomp_filter.c
> @@ -97,7 +97,7 @@ int main(int argc, char ** argv)
> if (filter_syscall(__NR_ptrace) < 0)
> _exit(1);
>
> - if (filter_syscall(__NR_prctl) < 0)
> + if (filter_syscall(__NR_wait4) < 0)
> _exit(1);
Can we use __NR_setresuid here? The idea is to have a syscall that is
used in restore_creds, so we can make sure seccomp is actually
suspended when that is called. Also, I guess this fixes the bug you
mailed me about?
Acked-by: Tycho Andersen <tycho.andersen at canonical.com>
> setuid(1000);
> @@ -115,6 +115,18 @@ int main(int argc, char ** argv)
> _exit(1);
> }
>
> + prctl(PR_SET_DUMPABLE, 1);
> +
> + if (write(sk, &c, 1) != 1) {
> + pr_perror("write");
> + _exit(1);
> + }
> +
> + if (read(sk, &c, 1) != 1) {
> + pr_perror("read");
> + _exit(1);
> + }
> +
> /* We expect to be killed by our policy above. */
> ptrace(PTRACE_TRACEME);
>
> @@ -132,6 +144,15 @@ int main(int argc, char ** argv)
> test_daemon();
> test_waitsig();
>
> + if (write(sk, &c, 1) != 1) {
> + pr_perror("write");
> + goto err;
> + }
> + if ((ret = read(sk, &c, 1)) != 1) {
> + pr_perror("read %d", ret);
> + goto err;
> + }
> +
> mode = get_seccomp_mode(pid);
> if (write(sk, &c, 1) != 1) {
> pr_perror("write");
> --
> 2.4.3
>
More information about the CRIU
mailing list