[CRIU] Cannot restore from regular user when RPC service running as root
Jason L. Turner
jlturner at mdacorporation.com
Fri Jan 16 08:12:54 PST 2015
Hi Ruslan,
Thanks for confirming =]
Please find my criu-service.log below:
(00.000085) The service socket is bound to /var/run/criu_service.socket
(00.000134) Waiting for connection...
(20.491721) Connected.
(20.491876) Waiting for connection...
(20.492207) Restrict C/R with 1000:100 uid:gid
(20.500247) Worker(pid 16800) exited with 0
-----Original Message-----
From: Ruslan Kuprieiev [mailto:kupruser at gmail.com]
Sent: Friday, January 16, 2015 11:50 AM
To: Jason L. Turner
Cc: criu at openvz.org
Subject: Re: [CRIU] Cannot restore from regular user when RPC service running as root
Hi Jason,
On 01/16/2015 05:32 PM, Jason L. Turner wrote:
> Hi Ruslan,
>
> I've tried my program with CRIU v1.4 as well as updating my kernel to v3.18 with the configurations recommended on the CRIU.org installation page but the same problem occurs.
>
> I am using SUSE Enterprise Server 11 and the CRIU C API with the CRIU service running as root.
>
> The error I received last in my restore log has stopped occurring, as Pavel had mentioned there is no such error message in the CRIU v1.4 source code, but the program still won't restore my child process when using "criu_restore_child()" from the C API when running my program as a regular user.
>
> The error code returned from "criu_restore_child()" is EBADE (-52).
Ok, looks like it is a rpc error(according to http://criu.org/C_API#Return_values).
So, now we need criu service log to see what has happened on the service side.
Could you provide it?
It is probably located at /var/log/criu-service.log. If not - location depends on what you specified in cmdline options when run criu service.
> I would also just like to confirm that restoring a process using CRIU is possible as a regular user if using the CRIU service as root as I have met a bit of a contradiction on criu.org:
>
> From "criu.org/Security":
> "However, if the node administrator sets the +suid bit on the criu binary, or runs criu as an RPC service, criu will be able to work on behalf of regular user"
>
> But then I also read
> under"http://criu.org/Comparison_to_other_CR_projects" it mentions
>
> "Requires root privileges | No, but user can only dump tasks belonging to him."
Yes, sorry for that. I fixed that page to say "modify"(dump and restore) instead of "dump" to clarify.
Thanks,
Ruslan
More information about the CRIU
mailing list