[CRIU] [PATCH 2/2] tty: Set fsuid/fsgid when opening master peer
Andrew Vagin
avagin at virtuozzo.com
Fri Aug 5 13:32:13 PDT 2016
On Fri, Aug 05, 2016 at 08:55:41PM +0300, Cyrill Gorcunov wrote:
> https://github.com/xemul/criu/issues/198
>
> Signed-off-by: Cyrill Gorcunov <gorcunov at openvz.org>
> ---
> criu/tty.c | 20 +++++++++++++++++++-
> 1 file changed, 19 insertions(+), 1 deletion(-)
>
> diff --git a/criu/tty.c b/criu/tty.c
> index ec09f30d9d8d..5f6a05674003 100644
> --- a/criu/tty.c
> +++ b/criu/tty.c
> @@ -5,6 +5,7 @@
> #include <string.h>
> #include <limits.h>
> #include <fcntl.h>
> +#include <sys/fsuid.h>
> #include <sys/stat.h>
> #include <sys/types.h>
> #include <sys/mman.h>
> @@ -555,12 +556,24 @@ static char *path_from_reg(struct file_desc *d)
>
> static int pty_open_ptmx_index(struct file_desc *d, int index, int flags)
> {
> + CredsEntry *ce = current->core[0]->thread_core->creds;
> int fds[32], i, ret = -1, cur_idx;
> + int old_fsuid, old_fsgid;
>
> memset(fds, 0xff, sizeof(fds));
>
> mutex_lock(tty_mutex);
>
> + /*
> + * The kernel creates slave peers with
> + * fsuid/fsgid taken from mount options
> + * or current task, so we have to setup
> + * destination uids here and restore them
> + * back upon open.
> + */
> + old_fsuid = setfsuid(ce->fsuid);
> + old_fsgid = setfsgid(ce->fsgid);
Actually a slave end can have other uid, gid then a process where it is
opened.
You need to save uid and gid for it on dump and restore them back with
help of chown().
> +
> for (i = 0; i < ARRAY_SIZE(fds); i++) {
> fds[i] = open_tty_reg(d, flags);
> if (fds[i] < 0) {
> @@ -600,8 +613,13 @@ static int pty_open_ptmx_index(struct file_desc *d, int index, int flags)
> close(fds[i]);
> }
>
> - mutex_unlock(tty_mutex);
> + setfsuid(old_fsuid);
> + setfsgid(old_fsgid);
> +
> + if (setfsuid(-1) != old_fsuid || setfsgid(-1) != old_fsgid)
> + pr_warn("Failed to restore old fsuid/fsgid!\n");
>
> + mutex_unlock(tty_mutex);
> return ret;
> }
>
> --
> 2.7.4
>
> _______________________________________________
> CRIU mailing list
> CRIU at openvz.org
> https://lists.openvz.org/mailman/listinfo/criu
More information about the CRIU
mailing list