[CRIU] [PATCH] zdtm: set the dumpable flag after setuid
Tycho Andersen
tycho.andersen at canonical.com
Wed Dec 23 07:32:30 PST 2015
On Wed, Dec 23, 2015 at 06:23:58PM +0300, Andrew Vagin wrote:
> On Wed, Dec 23, 2015 at 07:57:12AM -0700, Tycho Andersen wrote:
> > On Tue, Dec 22, 2015 at 07:01:48PM +0300, Andrey Vagin wrote:
> > > From: Andrew Vagin <avagin at virtuozzo.com>
> > >
> > > Otherwise we will not able to access /proc/pid/* for the process.
> > >
> > > Cc: Tycho Andersen <tycho.andersen at canonical.com>
> > > Signed-off-by: Andrew Vagin <avagin at virtuozzo.com>
> > > ---
> > > test/zdtm/live/static/seccomp_filter.c | 23 ++++++++++++++++++++++-
> > > 1 file changed, 22 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/test/zdtm/live/static/seccomp_filter.c b/test/zdtm/live/static/seccomp_filter.c
> > > index b1f13e4..329ac8a 100644
> > > --- a/test/zdtm/live/static/seccomp_filter.c
> > > +++ b/test/zdtm/live/static/seccomp_filter.c
> > > @@ -97,7 +97,7 @@ int main(int argc, char ** argv)
> > > if (filter_syscall(__NR_ptrace) < 0)
> > > _exit(1);
> > >
> > > - if (filter_syscall(__NR_prctl) < 0)
> > > + if (filter_syscall(__NR_wait4) < 0)
> > > _exit(1);
> >
> > Can we use __NR_setresuid here? The idea is to have a syscall that is
> > used in restore_creds, so we can make sure seccomp is actually
> > suspended when that is called. Also, I guess this fixes the bug you
> > mailed me about?
>
> I've sent a new version. Thank you for this comment. Yes, it fixes this
> bug.
Great, thanks! And sorry for the delay :)
More information about the CRIU
mailing list