[CRIU] [PATCH] zdtm: set the dumpable flag after setuid (v2)
Andrey Vagin
avagin at openvz.org
Wed Dec 23 07:22:55 PST 2015
From: Andrew Vagin <avagin at virtuozzo.com>
Otherwise we will not able to access /proc/pid/* for the process.
v2: s/__NR_WAIT4/__NR_setresuid
Cc: Tycho Andersen <tycho.andersen at canonical.com>
Acked-by: Tycho Andersen <tycho.andersen at canonical.com>
Signed-off-by: Andrew Vagin <avagin at virtuozzo.com>
---
test/zdtm/live/static/seccomp_filter.c | 28 +++++++++++++++++++++++++++-
1 file changed, 27 insertions(+), 1 deletion(-)
diff --git a/test/zdtm/live/static/seccomp_filter.c b/test/zdtm/live/static/seccomp_filter.c
index b1f13e4..1a1f343 100644
--- a/test/zdtm/live/static/seccomp_filter.c
+++ b/test/zdtm/live/static/seccomp_filter.c
@@ -97,7 +97,12 @@ int main(int argc, char ** argv)
if (filter_syscall(__NR_ptrace) < 0)
_exit(1);
- if (filter_syscall(__NR_prctl) < 0)
+ /*
+ * The idea is to have a syscall that is used in restore_creds,
+ * so we can make sure seccomp is actually suspended when that
+ * is called.
+ */
+ if (filter_syscall(__NR_setresuid) < 0)
_exit(1);
setuid(1000);
@@ -115,6 +120,18 @@ int main(int argc, char ** argv)
_exit(1);
}
+ prctl(PR_SET_DUMPABLE, 1);
+
+ if (write(sk, &c, 1) != 1) {
+ pr_perror("write");
+ _exit(1);
+ }
+
+ if (read(sk, &c, 1) != 1) {
+ pr_perror("read");
+ _exit(1);
+ }
+
/* We expect to be killed by our policy above. */
ptrace(PTRACE_TRACEME);
@@ -132,6 +149,15 @@ int main(int argc, char ** argv)
test_daemon();
test_waitsig();
+ if (write(sk, &c, 1) != 1) {
+ pr_perror("write");
+ goto err;
+ }
+ if ((ret = read(sk, &c, 1)) != 1) {
+ pr_perror("read %d", ret);
+ goto err;
+ }
+
mode = get_seccomp_mode(pid);
if (write(sk, &c, 1) != 1) {
pr_perror("write");
--
2.4.3
More information about the CRIU
mailing list