[CRIU] Cannot restore from regular user when RPC service running as root

[Ruslan Kuprieiev]

On 01/19/2015 12:02 PM, Pavel Emelyanov wrote:
> On 01/16/2015 11:33 PM, Jason L. Turner wrote:
>> Hi Ruslan,
>>
>> That's no problem, hopefully my answers can help.
>>
>> Yes that restore log is the original from when I ran my program.
>>
>> I built CRIU from source, it is not from a package.
>>
>> When running "which criu" it shows,
>>
>> 	"/opt/CRIU-v1-4/criu/deps/criu-x86_64/criu"
>>
>> When running "ls -la $(which criu)" it shows,
>>
>> 	"-rwxrwxr-x 1 jturner dev 904201 2015-01-18 09:09 /opt/CRIU-v1-4/criu/deps/criu-x86_64/criu"
> I guess this is the reason for failure.
>
> The thing is that criu_restore_child() doesn't use the service, because in Linux it's
> not possible to create a process with _arbitrary_ parent and if we ask service to restore
> from images it will restore the tree as _its_ child, not as requester's one.
>
> So the criu_restore_child() fork()-s and exec()-s CRIU binary and ask _it_ to restore the
> tree with special flag called CLONE_PARENT. The result of this action is the tree restored
> as criu's sibling, i.e. -- the caller's kid.
>
> So, since criu binary is owned by non-root it doesn't have the required capabilities.
>
> To fix that criu should be owned by root and the suid bit should be set.
>
>
> I guess we've paid too little attention to our C-API recently :) Time to improve. Ruslan,
> may I ask you to fix the documentation (and when required the code) according to what we
> find with Jason's help?

Sure, I will take a look at libcriu and its docs.

>
>> I am sure that the service was started with the correct criu as the "which criu" command returns
>> the same when run from the root user as well as my linking as it links to the lib directory in the
>> path shown above.
>>
>> Jason
> Thanks,
> Pavel
>