[CRIU] [PATCH 00/28] Support sockets leaked to child user_ns task

Kirill Tkhai ktkhai at virtuozzo.com
Mon Jun 5 20:23:23 MSK 2017 

Hi,

this series aims to support sockets, which are created in a parent
user_ns task, but exist only in child user_ns tasks. The problem is
the task-owner can't do setns() on original socket's net_ns.

To fix that, we try to make master of file_desc a fle, which task
has permissions to do setns(). If there is no such a task, we create
a fake master fle in root_item (it's not distributed over task list,
but it may be ~easily done. Now it's not need, I think).
Also, we try to keep sorting by pid in file_desc::fd_info_head,
where it's possible.

Patches [1,2/28] are fixes, that are already sent.

Patch [3/28] is a new fix.

Patches [5-10/28] are relaxing of usernsd daemon.
They are not directly have a deal with fake masters,
but they were for the similar problem, solved before.
I send them together, hope, it's OK.

Patches [11-28/28] are about fake masters.

https://travis-ci.org/tkhai/criu/builds/239641623
---

Kirill Tkhai (28):
      pid_ns: Set sid for root_item
      pre_dump: Assign parasite pid only if it hasn't collected yet
      pid_ns: Make add_child_task() working with last_level_pid()
      files: Kill file_desc_options::collect_fd()
      shmem: Remove pid argument of shmem_wait_and_open()
      shmem: Move pr_info to open_fd_of_real_pid()
      utils: Change open_fd_of_real_pid() to be open_fd_of_vpid()
      utils: Cleanup open_fd_of_vpid()
      ns: Add can_access_userns() helper
      utils: Use daemon in open_fd_of_vpid() only its really need
      ns: Add top_net_ns global variable
      net: Fixup net ns_id of sockets on old dumps
      ns: Rename root_user_ns to top_user_ns
      ns: Refactor top_user_ns assignment
      files: Move fle_init() to files.c
      files: Merge shmalloc() to fle_init()
      files: Add task link to created fdinfo_list_entry and populate it
      files: Assign fdesc to fle in collect_fd() earlier
      files: Add file_desc_ops::get_user_ns
      net: Add file_desc_ops::get_user_ns for sockets
      files: Populate file_desc::setns_userns
      files: Declare structures of fake masters
      files: Extract new_fle assignment from collect_fd() to separate func
      files: Choose file master with enough permissions
      files: Add fake fle flag and close such fles after restore files
      files: Teach collect_fd() mark fake files
      files: Add new master to file_desc if owners of existing fles have no permissions
      zdtm: Add userns03 test


 criu/autofs.c                  |    2 -
 criu/cr-dump.c                 |   36 ++++++---
 criu/cr-restore.c              |   12 +++
 criu/fifo.c                    |   18 +----
 criu/files.c                   |  154 +++++++++++++++++++++++++++++++++++-----
 criu/include/files.h           |   26 +++----
 criu/include/namespaces.h      |    5 +
 criu/include/sockets.h         |    2 +
 criu/include/util.h            |    2 -
 criu/namespaces.c              |   86 ++++++++++++++--------
 criu/net.c                     |    2 -
 criu/pstree.c                  |   10 ++-
 criu/shmem.c                   |   12 +--
 criu/sk-inet.c                 |    9 ++
 criu/sk-netlink.c              |    9 ++
 criu/sk-packet.c               |    9 ++
 criu/sk-unix.c                 |   15 ++++
 criu/sockets.c                 |   16 ++++
 criu/util.c                    |   21 ++++-
 test/zdtm/static/Makefile      |    1 
 test/zdtm/static/userns03.c    |  143 +++++++++++++++++++++++++++++++++++++
 test/zdtm/static/userns03.desc |    1 
 22 files changed, 476 insertions(+), 115 deletions(-)
 create mode 100644 test/zdtm/static/userns03.c
 create mode 100644 test/zdtm/static/userns03.desc

--
Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>

More information about the CRIU mailing list