[CRIU] [PATCH v2 00/30] Support sockets leaked to child user_ns task
Kirill Tkhai
ktkhai at virtuozzo.com
Thu Jun 8 14:29:47 MSK 2017
On 08.06.2017 03:47, Andrei Vagin wrote:
> On Wed, Jun 07, 2017 at 02:22:54PM +0300, Kirill Tkhai wrote:
>> Hi,
>>
>> there is v2 of "Support sockets leaked to child user_ns task" patchset.
>> There were accounted notes to v1. The changes:
>>
>> Test renamed and custom mapping is used.
>> Patch [22/30] were added to support this case.
>> Also, iteration over fake files list were improved.
>> Some new comments added.
>>
>> Also, this series is extended by [24-30/30], which makes
>> some preparation to support inheritance of namespaces
>> (when a task can't set net_ns by itself, and the only
>> way is parent does that before clone). There is a basic
>> support (one-level inheritance), and this patches may
>> be considered as separate (the whole series keeps criu
>> correctly working after any of its 30 patches).
>
>
> Kirill, pls pls pls, try to send smaller series, it is very hard to
> review big series.
Ok, lets stop on 23 patches of this series as it's a logical one.
>>
>> ---
>>
>> Kirill Tkhai (30):
>> shmem: Move pr_info to open_fd_of_real_pid()
>> utils: Change open_fd_of_real_pid() to be open_fd_of_vpid()
>> utils: Cleanup open_fd_of_vpid()
>> utils: Use daemon in open_fd_of_vpid() only its really need
>> ns: Add top_net_ns global variable
>> net: Fixup net ns_id of sockets on old dumps
>> ns: Rename root_user_ns to top_user_ns
>> ns: Refactor top_user_ns assignment
>> files: Move fle_init() to files.c
>> files: Merge shmalloc() to fle_init()
>> files: Add task link to created fdinfo_list_entry and populate it
>> files: Assign fdesc to fle in collect_fd() earlier
>> files: Add file_desc_ops::get_user_ns
>> net: Add file_desc_ops::get_user_ns for sockets
>> files: Populate file_desc::setns_userns
>> files: Declare structures of fake masters
>> files: Extract new_fle assignment from collect_fd() to separate func
>> files: Choose file master with enough permissions
>> files: Add fake fle flag and close such fles after restore files
>> files: Teach collect_fd() mark fake files
>> files: Add new master to file_desc if owners of existing fles have no permissions
>> user_ns: Prepare creds of newly created task
>> zdtm: Add userns-leaked-sock test
>> ns: Replace last_ns_id with pstree_item->net_ns
>> net_ns: Make net_ns check in do_restore_task_net_ns more universal
>> net_ns: Split set_netns() and introduce new set_netns_by_id()
>> user_ns: Keep setns helpers names in costistent state with net_ns
>> files: Create transport socket via usernsd, when it's need
>> net_ns: Set net_ns for child, if it has no permissions to do that
>> zdtm: Add userns-no-child-setns test
>>
>>
>> criu/autofs.c | 2
>> criu/cr-restore.c | 43 +++++-
>> criu/files.c | 169 +++++++++++++++++++++--
>> criu/include/files.h | 23 ++-
>> criu/include/namespaces.h | 8 +
>> criu/include/pstree.h | 1
>> criu/include/sockets.h | 5 +
>> criu/include/util.h | 2
>> criu/namespaces.c | 124 +++++++++++------
>> criu/net.c | 4 -
>> criu/shmem.c | 10 -
>> criu/sk-inet.c | 11 +
>> criu/sk-netlink.c | 11 +
>> criu/sk-packet.c | 11 +
>> criu/sk-unix.c | 19 ++-
>> criu/sockets.c | 49 +++++--
>> criu/util.c | 21 ++-
>> test/zdtm/static/Makefile | 2
>> test/zdtm/static/userns-denied-child-setns.c | 167 +++++++++++++++++++++++
>> test/zdtm/static/userns-denied-child-setns.desc | 1
>> test/zdtm/static/userns-leaked-sock.c | 164 ++++++++++++++++++++++
>> test/zdtm/static/userns-leaked-sock.desc | 1
>> 22 files changed, 732 insertions(+), 116 deletions(-)
>> create mode 100644 test/zdtm/static/userns-denied-child-setns.c
>> create mode 100644 test/zdtm/static/userns-denied-child-setns.desc
>> create mode 100644 test/zdtm/static/userns-leaked-sock.c
>> create mode 100644 test/zdtm/static/userns-leaked-sock.desc
>>
>> --
>> Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
More information about the CRIU
mailing list