[CRIU] [PATCH 1/5] kdat: Relax loginuid checks
Pavel Emelyanov
xemul at virtuozzo.com
Thu May 4 06:31:44 PDT 2017
Introduce 3-state mode and check them always.
Signed-off-by: Pavel Emelyanov <xemul at virtuozzo.com>
---
criu/cr-check.c | 4 ++--
criu/cr-dump.c | 2 +-
criu/cr-restore.c | 6 +++---
criu/include/kerndat.h | 10 ++++++++--
criu/kerndat.c | 15 ++++++---------
5 files changed, 20 insertions(+), 17 deletions(-)
diff --git a/criu/cr-check.c b/criu/cr-check.c
index 591298d..8d13504 100644
--- a/criu/cr-check.c
+++ b/criu/cr-check.c
@@ -1045,10 +1045,10 @@ static int check_userns(void)
static int check_loginuid(void)
{
- if (kerndat_loginuid(false) < 0)
+ if (kerndat_loginuid() < 0)
return -1;
- if (!kdat.has_loginuid) {
+ if (kdat.luid != LUID_FULL) {
pr_warn("Loginuid restore is OFF.\n");
return -1;
}
diff --git a/criu/cr-dump.c b/criu/cr-dump.c
index 4562eee..d95246b 100644
--- a/criu/cr-dump.c
+++ b/criu/cr-dump.c
@@ -342,7 +342,7 @@ static int dump_pid_misc(pid_t pid, TaskCoreEntry *tc)
{
int ret;
- if (kdat.has_loginuid) {
+ if (kdat.luid != LUID_NONE) {
pr_info("dumping /proc/%d/loginuid\n", pid);
tc->has_loginuid = true;
diff --git a/criu/cr-restore.c b/criu/cr-restore.c
index bcc00fa..488d602 100644
--- a/criu/cr-restore.c
+++ b/criu/cr-restore.c
@@ -764,7 +764,7 @@ static int prepare_proc_misc(pid_t pid, TaskCoreEntry *tc)
int ret;
/* loginuid value is critical to restore */
- if (kdat.has_loginuid && tc->has_loginuid &&
+ if (kdat.luid == LUID_FULL && tc->has_loginuid &&
tc->loginuid != INVALID_UID) {
ret = prepare_loginuid(tc->loginuid, LOG_ERROR);
if (ret < 0)
@@ -1807,7 +1807,7 @@ static int prepare_userns_hook(void)
{
int ret;
- if (!kdat.has_loginuid)
+ if (kdat.luid != LUID_FULL)
return 0;
/*
* Save old loginuid and set it to INVALID_UID:
@@ -1829,7 +1829,7 @@ static int prepare_userns_hook(void)
static void restore_origin_ns_hook(void)
{
- if (!kdat.has_loginuid)
+ if (kdat.luid != LUID_FULL)
return;
/* not critical: it does not affect CT in any way */
diff --git a/criu/include/kerndat.h b/criu/include/kerndat.h
index 8674c81..b8508ff 100644
--- a/criu/include/kerndat.h
+++ b/criu/include/kerndat.h
@@ -14,7 +14,7 @@ extern int kerndat_init(void);
extern int kerndat_init_rst(void);
extern int kerndat_get_dirty_track(void);
extern int kerndat_fdinfo_has_lock(void);
-extern int kerndat_loginuid(bool only_dump);
+extern int kerndat_loginuid(void);
enum pagemap_func {
PM_UNKNOWN,
@@ -23,6 +23,12 @@ enum pagemap_func {
PM_FULL,
};
+enum loginuid_func {
+ LUID_NONE,
+ LUID_READ,
+ LUID_FULL,
+};
+
struct kerndat_s {
dev_t shmem_dev;
int last_cap;
@@ -32,7 +38,7 @@ struct kerndat_s {
bool has_fdinfo_lock;
unsigned long task_size;
bool ipv6;
- bool has_loginuid;
+ enum loginuid_func luid;
bool compat_cr;
bool sk_ns;
enum pagemap_func pmap;
diff --git a/criu/kerndat.c b/criu/kerndat.c
index 02f4d95..9c47b13 100644
--- a/criu/kerndat.c
+++ b/criu/kerndat.c
@@ -444,22 +444,19 @@ static int get_ipv6()
return 0;
}
-int kerndat_loginuid(bool only_dump)
+int kerndat_loginuid(void)
{
unsigned int saved_loginuid;
int ret;
- kdat.has_loginuid = false;
+ kdat.luid = LUID_NONE;
/* No such file: CONFIG_AUDITSYSCALL disabled */
saved_loginuid = parse_pid_loginuid(PROC_SELF, &ret, true);
if (ret < 0)
return 0;
- if (only_dump) {
- kdat.has_loginuid = true;
- return 0;
- }
+ kdat.luid = LUID_READ;
/*
* From kernel v3.13-rc2 it's possible to unset loginuid value,
@@ -472,7 +469,7 @@ int kerndat_loginuid(bool only_dump)
if (prepare_loginuid(saved_loginuid, LOG_WARN) < 0)
return 0;
- kdat.has_loginuid = true;
+ kdat.luid = LUID_FULL;
return 0;
}
@@ -673,7 +670,7 @@ int kerndat_init(void)
if (!ret)
ret = get_ipv6();
if (!ret)
- ret = kerndat_loginuid(true);
+ ret = kerndat_loginuid();
if (!ret)
ret = kerndat_iptables_has_xtlocks();
if (!ret)
@@ -713,7 +710,7 @@ int kerndat_init_rst(void)
if (!ret)
ret = get_ipv6();
if (!ret)
- ret = kerndat_loginuid(false);
+ ret = kerndat_loginuid();
if (!ret)
ret = kerndat_iptables_has_xtlocks();
if (!ret)
--
2.1.4
More information about the CRIU
mailing list