[CRIU] [PATCH] Allow passing ps-socket file descriptor when launching criu.
Pawel Stradomski
pstradomski at google.com
Wed Jun 13 13:27:37 MSK 2018
Allow passing ps-socket file descriptor when launching criu.
This makes it possible to have the pageserver communication go over anonymous
unix sockets, e.g. created by socketpair().
Such setup makes it easier to secure pageserver connection by wrapping
it in an encrypted tunnel. It also helps prevent attacks where
a malicious process connects to page server and injects its own
stream of pages to either fool criu into restoring wrong pages or
to DoS the pageserver by having it exhaust local storage by writing
large .img files.
Signed-off-by: Pawel Stradomski <pstradomski at google.com>
---
criu/crtools.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/criu/crtools.c b/criu/crtools.c
index 4ff7a9f2..cd049fbc 100644
--- a/criu/crtools.c
+++ b/criu/crtools.c
@@ -351,6 +351,7 @@ int main(int argc, char *argv[], char *envp[])
BOOL_OPT("remote", &opts.remote),
{ "config", required_argument, 0, 1089},
{ "no-default-config", no_argument, 0, 1090},
+ { "ps-socket", required_argument, 0, 1091},
{ },
};
@@ -679,6 +680,9 @@ int main(int argc, char *argv[], char *envp[])
break;
case 1090:
break;
+ case 1091:
+ opts.ps_socket = atoi(optarg);
+ break;
case 'V':
pr_msg("Version: %s\n", CRIU_VERSION);
if (strcmp(CRIU_GITID, "0"))
--
2.18.0.rc1.242.g61856ae69a-goog
--
Pawel Stradomski
More information about the CRIU
mailing list