[CRIU] [PATCH 0/9] Per-thread seccomp support, v3

Cyrill Gorcunov gorcunov at gmail.com
Thu Apr 26 23:14:34 MSK 2018 

Andrew found that in case if several threads are involved into
filtering we may hang on restore. This is due to lack of calling
seccomp suspension for threads. Thus I decided to make a new
series which has two additional patches 8 and 9, where this
issue addressed and test updated as well.

Note we still have obscure situation with metadata fetching/restore.
Previously we simply ignore it at all, now we try to fetch and
restore it. What is worse is that currently this metadata carries
only "log" flags which tells kernel to write syscall auditing
into system console, not sure yet how to test it. Still I think
it is not critical for now.

https://travis-ci.org/cyrillos/criu/builds/371719705

Cyrill Gorcunov (9):
  seccomp: compel -- Add PTRACE_SECCOMP_GET_METADATA definition
  seccomp: Define log prefix
  seccomp: Move seccomp_info into seccomp.h
  seccomp: Fetch seccomp flags if kernel provides
  seccomp: Add engine to restore per-thread seccomp chains
  seccomp: Add engine to checkpoint per-thread seccomp chains
  seccomp: test -- Add seccomp_filter_threads
  seccomp: Dont forget to suspend filtering on threads
  seccomp: test,seccomp_filter_threads -- Use multiple threads

 compel/include/uapi/ptrace.h                 |  11 +
 criu/cr-dump.c                               |  19 +-
 criu/cr-restore.c                            |  54 ++-
 criu/include/proc_parse.h                    |   7 -
 criu/include/pstree.h                        |   6 +-
 criu/include/restorer.h                      |  16 +-
 criu/include/rst_info.h                      |   5 +
 criu/include/seccomp.h                       |  47 ++-
 criu/pie/restorer.c                          | 124 ++++---
 criu/seccomp.c                               | 537 +++++++++++++++++++--------
 criu/seize.c                                 |  77 +---
 images/core.proto                            |   8 +-
 images/seccomp.proto                         |   1 +
 test/zdtm/static/Makefile                    |   2 +
 test/zdtm/static/seccomp_filter_threads.c    | 225 +++++++++++
 test/zdtm/static/seccomp_filter_threads.desc |   1 +
 16 files changed, 846 insertions(+), 294 deletions(-)
 create mode 100644 test/zdtm/static/seccomp_filter_threads.c
 create mode 100644 test/zdtm/static/seccomp_filter_threads.desc

-- 
2.14.3

More information about the CRIU mailing list