[CRIU] [PATCH 0/8] One-level leaked net_ns support
Kirill Tkhai
ktkhai at virtuozzo.com
Wed Jun 28 14:47:44 MSK 2017
These patches were a tail of "Support sockets leaked to child user_ns task" series.
I'm resending them as a separate series.
***
This series adds basic support of leaked net namespace:
when a child has a net_ns, inherited from his parent,
but it has no permittions to setns() the ns itself.
One level of inheritance is supported only: when
grand child - grand parent relations are not supported yet.
---
Kirill Tkhai (8):
zdtm: Make write_map() a part of lib
ns: Replace last_ns_id with pstree_item->net_ns
net_ns: Make net_ns check in do_restore_task_net_ns more universal
net_ns: Split set_netns() and introduce new set_netns_by_id()
user_ns: Keep setns helpers names in costistent state with net_ns
files: Create transport socket via usernsd, when it's need
net_ns: Set net_ns for child, if it has no permissions to do that
zdtm: Add userns-no-child-setns test
criu/cr-restore.c | 22 +++
criu/files.c | 11 ++
criu/include/namespaces.h | 5 -
criu/include/pstree.h | 1
criu/include/sockets.h | 3
criu/namespaces.c | 33 +++++
criu/net.c | 2
criu/sk-inet.c | 2
criu/sk-netlink.c | 2
criu/sk-packet.c | 2
criu/sk-unix.c | 4 -
criu/sockets.c | 33 +++--
test/zdtm/lib/ns.c | 50 ++++----
test/zdtm/lib/ns.h | 1
test/zdtm/static/Makefile | 1
test/zdtm/static/pidns01.c | 25 ----
test/zdtm/static/userns-denied-child-setns.c | 146 +++++++++++++++++++++++
test/zdtm/static/userns-denied-child-setns.desc | 1
test/zdtm/static/userns-leaked-sock.c | 23 ----
test/zdtm/static/userns00.c | 31 +----
test/zdtm/static/userns01.c | 23 ----
21 files changed, 273 insertions(+), 148 deletions(-)
create mode 100644 test/zdtm/static/userns-denied-child-setns.c
create mode 100644 test/zdtm/static/userns-denied-child-setns.desc
--
Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
More information about the CRIU
mailing list