[CRIU] [PATCH 2/3] rst: No exe link restore for unpriviledged mode

Pavel Emelyanov xemul at virtuozzo.com
Thu May 5 13:31:10 PDT 2016


When having uid and gid not zero exe link restore is not
allowed by the kernel.

Signed-off-by: Pavel Emelyanov <xemul at virtuozzo.com>
---
 criu/cr-restore.c   | 14 +++++++++-----
 criu/pie/restorer.c |  9 +++++++--
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/criu/cr-restore.c b/criu/cr-restore.c
index ef77abe..797669d 100644
--- a/criu/cr-restore.c
+++ b/criu/cr-restore.c
@@ -79,7 +79,7 @@
 #include "fault-injection.h"
 #include "uffd.h"
 #include "sk-queue.h"
-
+#include "syscall-types.h"
 #include "parasite-syscall.h"
 
 #include "protobuf.h"
@@ -2644,11 +2644,15 @@ static int prepare_mm(pid_t pid, struct task_restore_args *args)
 		args->mm_saved_auxv[i] = (auxv_t)mm->mm_saved_auxv[i];
 	}
 
-	exe_fd = open_reg_by_id(mm->exe_file_id);
-	if (exe_fd < 0)
-		goto out;
+	if (!(opts.unshare_flags & UNSHARE_UNPRIVILEDGED)) {
+		exe_fd = open_reg_by_id(mm->exe_file_id);
+		if (exe_fd < 0)
+			goto out;
+
+		args->fd_exe_link = exe_fd;
+	} else
+		args->fd_exe_link = -1;
 
-	args->fd_exe_link = exe_fd;
 	ret = 0;
 out:
 	return ret;
diff --git a/criu/pie/restorer.c b/criu/pie/restorer.c
index 5fc8949..1058dbf 100644
--- a/criu/pie/restorer.c
+++ b/criu/pie/restorer.c
@@ -498,6 +498,9 @@ static long restore_self_exe_late(struct task_restore_args *args)
 {
 	int fd = args->fd_exe_link, ret;
 
+	if (fd == -1)
+		return 0;
+
 	pr_info("Restoring EXE link\n");
 	ret = sys_prctl_safe(PR_SET_MM, PR_SET_MM_EXE_FILE, fd, 0);
 	if (ret)
@@ -1282,8 +1285,10 @@ long __export_restore_task(struct task_restore_args *args)
 		 * new ones from image file.
 		 */
 		ret |= restore_self_exe_late(args);
-	} else
-		sys_close(args->fd_exe_link);
+	} else {
+		if (args->fd_exe_link != -1)
+			sys_close(args->fd_exe_link);
+	}
 
 	if (ret)
 		goto core_restore_end;
-- 
2.5.0



More information about the CRIU mailing list