[CRIU] [PATCH v2 00/30] Support sockets leaked to child user_ns task
Andrei Vagin
avagin at virtuozzo.com
Thu Jun 8 03:47:54 MSK 2017
On Wed, Jun 07, 2017 at 02:22:54PM +0300, Kirill Tkhai wrote:
> Hi,
>
> there is v2 of "Support sockets leaked to child user_ns task" patchset.
> There were accounted notes to v1. The changes:
>
> Test renamed and custom mapping is used.
> Patch [22/30] were added to support this case.
> Also, iteration over fake files list were improved.
> Some new comments added.
>
> Also, this series is extended by [24-30/30], which makes
> some preparation to support inheritance of namespaces
> (when a task can't set net_ns by itself, and the only
> way is parent does that before clone). There is a basic
> support (one-level inheritance), and this patches may
> be considered as separate (the whole series keeps criu
> correctly working after any of its 30 patches).
Kirill, pls pls pls, try to send smaller series, it is very hard to
review big series.
>
> ---
>
> Kirill Tkhai (30):
> shmem: Move pr_info to open_fd_of_real_pid()
> utils: Change open_fd_of_real_pid() to be open_fd_of_vpid()
> utils: Cleanup open_fd_of_vpid()
> utils: Use daemon in open_fd_of_vpid() only its really need
> ns: Add top_net_ns global variable
> net: Fixup net ns_id of sockets on old dumps
> ns: Rename root_user_ns to top_user_ns
> ns: Refactor top_user_ns assignment
> files: Move fle_init() to files.c
> files: Merge shmalloc() to fle_init()
> files: Add task link to created fdinfo_list_entry and populate it
> files: Assign fdesc to fle in collect_fd() earlier
> files: Add file_desc_ops::get_user_ns
> net: Add file_desc_ops::get_user_ns for sockets
> files: Populate file_desc::setns_userns
> files: Declare structures of fake masters
> files: Extract new_fle assignment from collect_fd() to separate func
> files: Choose file master with enough permissions
> files: Add fake fle flag and close such fles after restore files
> files: Teach collect_fd() mark fake files
> files: Add new master to file_desc if owners of existing fles have no permissions
> user_ns: Prepare creds of newly created task
> zdtm: Add userns-leaked-sock test
> ns: Replace last_ns_id with pstree_item->net_ns
> net_ns: Make net_ns check in do_restore_task_net_ns more universal
> net_ns: Split set_netns() and introduce new set_netns_by_id()
> user_ns: Keep setns helpers names in costistent state with net_ns
> files: Create transport socket via usernsd, when it's need
> net_ns: Set net_ns for child, if it has no permissions to do that
> zdtm: Add userns-no-child-setns test
>
>
> criu/autofs.c | 2
> criu/cr-restore.c | 43 +++++-
> criu/files.c | 169 +++++++++++++++++++++--
> criu/include/files.h | 23 ++-
> criu/include/namespaces.h | 8 +
> criu/include/pstree.h | 1
> criu/include/sockets.h | 5 +
> criu/include/util.h | 2
> criu/namespaces.c | 124 +++++++++++------
> criu/net.c | 4 -
> criu/shmem.c | 10 -
> criu/sk-inet.c | 11 +
> criu/sk-netlink.c | 11 +
> criu/sk-packet.c | 11 +
> criu/sk-unix.c | 19 ++-
> criu/sockets.c | 49 +++++--
> criu/util.c | 21 ++-
> test/zdtm/static/Makefile | 2
> test/zdtm/static/userns-denied-child-setns.c | 167 +++++++++++++++++++++++
> test/zdtm/static/userns-denied-child-setns.desc | 1
> test/zdtm/static/userns-leaked-sock.c | 164 ++++++++++++++++++++++
> test/zdtm/static/userns-leaked-sock.desc | 1
> 22 files changed, 732 insertions(+), 116 deletions(-)
> create mode 100644 test/zdtm/static/userns-denied-child-setns.c
> create mode 100644 test/zdtm/static/userns-denied-child-setns.desc
> create mode 100644 test/zdtm/static/userns-leaked-sock.c
> create mode 100644 test/zdtm/static/userns-leaked-sock.desc
>
> --
> Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
More information about the CRIU
mailing list