[CRIU] [PATCH 1/5] kdat: Relax loginuid checks

Pavel Emelyanov xemul at virtuozzo.com
Thu May 4 06:31:44 PDT 2017


Introduce 3-state mode and check them always.

Signed-off-by: Pavel Emelyanov <xemul at virtuozzo.com>
---
 criu/cr-check.c        |  4 ++--
 criu/cr-dump.c         |  2 +-
 criu/cr-restore.c      |  6 +++---
 criu/include/kerndat.h | 10 ++++++++--
 criu/kerndat.c         | 15 ++++++---------
 5 files changed, 20 insertions(+), 17 deletions(-)

diff --git a/criu/cr-check.c b/criu/cr-check.c
index 591298d..8d13504 100644
--- a/criu/cr-check.c
+++ b/criu/cr-check.c
@@ -1045,10 +1045,10 @@ static int check_userns(void)
 
 static int check_loginuid(void)
 {
-	if (kerndat_loginuid(false) < 0)
+	if (kerndat_loginuid() < 0)
 		return -1;
 
-	if (!kdat.has_loginuid) {
+	if (kdat.luid != LUID_FULL) {
 		pr_warn("Loginuid restore is OFF.\n");
 		return -1;
 	}
diff --git a/criu/cr-dump.c b/criu/cr-dump.c
index 4562eee..d95246b 100644
--- a/criu/cr-dump.c
+++ b/criu/cr-dump.c
@@ -342,7 +342,7 @@ static int dump_pid_misc(pid_t pid, TaskCoreEntry *tc)
 {
 	int ret;
 
-	if (kdat.has_loginuid) {
+	if (kdat.luid != LUID_NONE) {
 		pr_info("dumping /proc/%d/loginuid\n", pid);
 
 		tc->has_loginuid = true;
diff --git a/criu/cr-restore.c b/criu/cr-restore.c
index bcc00fa..488d602 100644
--- a/criu/cr-restore.c
+++ b/criu/cr-restore.c
@@ -764,7 +764,7 @@ static int prepare_proc_misc(pid_t pid, TaskCoreEntry *tc)
 	int ret;
 
 	/* loginuid value is critical to restore */
-	if (kdat.has_loginuid && tc->has_loginuid &&
+	if (kdat.luid == LUID_FULL && tc->has_loginuid &&
 			tc->loginuid != INVALID_UID) {
 		ret = prepare_loginuid(tc->loginuid, LOG_ERROR);
 		if (ret < 0)
@@ -1807,7 +1807,7 @@ static int prepare_userns_hook(void)
 {
 	int ret;
 
-	if (!kdat.has_loginuid)
+	if (kdat.luid != LUID_FULL)
 		return 0;
 	/*
 	 * Save old loginuid and set it to INVALID_UID:
@@ -1829,7 +1829,7 @@ static int prepare_userns_hook(void)
 
 static void restore_origin_ns_hook(void)
 {
-	if (!kdat.has_loginuid)
+	if (kdat.luid != LUID_FULL)
 		return;
 
 	/* not critical: it does not affect CT in any way */
diff --git a/criu/include/kerndat.h b/criu/include/kerndat.h
index 8674c81..b8508ff 100644
--- a/criu/include/kerndat.h
+++ b/criu/include/kerndat.h
@@ -14,7 +14,7 @@ extern int kerndat_init(void);
 extern int kerndat_init_rst(void);
 extern int kerndat_get_dirty_track(void);
 extern int kerndat_fdinfo_has_lock(void);
-extern int kerndat_loginuid(bool only_dump);
+extern int kerndat_loginuid(void);
 
 enum pagemap_func {
 	PM_UNKNOWN,
@@ -23,6 +23,12 @@ enum pagemap_func {
 	PM_FULL,
 };
 
+enum loginuid_func {
+	LUID_NONE,
+	LUID_READ,
+	LUID_FULL,
+};
+
 struct kerndat_s {
 	dev_t shmem_dev;
 	int last_cap;
@@ -32,7 +38,7 @@ struct kerndat_s {
 	bool has_fdinfo_lock;
 	unsigned long task_size;
 	bool ipv6;
-	bool has_loginuid;
+	enum loginuid_func luid;
 	bool compat_cr;
 	bool sk_ns;
 	enum pagemap_func pmap;
diff --git a/criu/kerndat.c b/criu/kerndat.c
index 02f4d95..9c47b13 100644
--- a/criu/kerndat.c
+++ b/criu/kerndat.c
@@ -444,22 +444,19 @@ static int get_ipv6()
 	return 0;
 }
 
-int kerndat_loginuid(bool only_dump)
+int kerndat_loginuid(void)
 {
 	unsigned int saved_loginuid;
 	int ret;
 
-	kdat.has_loginuid = false;
+	kdat.luid = LUID_NONE;
 
 	/* No such file: CONFIG_AUDITSYSCALL disabled */
 	saved_loginuid = parse_pid_loginuid(PROC_SELF, &ret, true);
 	if (ret < 0)
 		return 0;
 
-	if (only_dump) {
-		kdat.has_loginuid = true;
-		return 0;
-	}
+	kdat.luid = LUID_READ;
 
 	/*
 	 * From kernel v3.13-rc2 it's possible to unset loginuid value,
@@ -472,7 +469,7 @@ int kerndat_loginuid(bool only_dump)
 	if (prepare_loginuid(saved_loginuid, LOG_WARN) < 0)
 		return 0;
 
-	kdat.has_loginuid = true;
+	kdat.luid = LUID_FULL;
 	return 0;
 }
 
@@ -673,7 +670,7 @@ int kerndat_init(void)
 	if (!ret)
 		ret = get_ipv6();
 	if (!ret)
-		ret = kerndat_loginuid(true);
+		ret = kerndat_loginuid();
 	if (!ret)
 		ret = kerndat_iptables_has_xtlocks();
 	if (!ret)
@@ -713,7 +710,7 @@ int kerndat_init_rst(void)
 	if (!ret)
 		ret = get_ipv6();
 	if (!ret)
-		ret = kerndat_loginuid(false);
+		ret = kerndat_loginuid();
 	if (!ret)
 		ret = kerndat_iptables_has_xtlocks();
 	if (!ret)
-- 
2.1.4



More information about the CRIU mailing list