[CRIU] [PATCH] zdtm: set the dumpable flag after setuid

Tycho Andersen tycho.andersen at canonical.com
Wed Dec 23 07:32:30 PST 2015


On Wed, Dec 23, 2015 at 06:23:58PM +0300, Andrew Vagin wrote:
> On Wed, Dec 23, 2015 at 07:57:12AM -0700, Tycho Andersen wrote:
> > On Tue, Dec 22, 2015 at 07:01:48PM +0300, Andrey Vagin wrote:
> > > From: Andrew Vagin <avagin at virtuozzo.com>
> > > 
> > > Otherwise we will not able to access /proc/pid/* for the process.
> > > 
> > > Cc: Tycho Andersen <tycho.andersen at canonical.com>
> > > Signed-off-by: Andrew Vagin <avagin at virtuozzo.com>
> > > ---
> > >  test/zdtm/live/static/seccomp_filter.c | 23 ++++++++++++++++++++++-
> > >  1 file changed, 22 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/test/zdtm/live/static/seccomp_filter.c b/test/zdtm/live/static/seccomp_filter.c
> > > index b1f13e4..329ac8a 100644
> > > --- a/test/zdtm/live/static/seccomp_filter.c
> > > +++ b/test/zdtm/live/static/seccomp_filter.c
> > > @@ -97,7 +97,7 @@ int main(int argc, char ** argv)
> > >  		if (filter_syscall(__NR_ptrace) < 0)
> > >  			_exit(1);
> > >  
> > > -		if (filter_syscall(__NR_prctl) < 0)
> > > +		if (filter_syscall(__NR_wait4) < 0)
> > >  			_exit(1);
> > 
> > Can we use __NR_setresuid here? The idea is to have a syscall that is
> > used in restore_creds, so we can make sure seccomp is actually
> > suspended when that is called. Also, I guess this fixes the bug you
> > mailed me about?
> 
> I've sent a new version. Thank you for this comment. Yes, it fixes this
> bug.

Great, thanks! And sorry for the delay :)


More information about the CRIU mailing list