[CRIU] [PATCH] Allow passing ps-socket file descriptor when launching criu.
Andrei Vagin
avagin at virtuozzo.com
Thu Jun 21 23:51:44 MSK 2018
On Wed, Jun 13, 2018 at 12:27:37PM +0200, Pawel Stradomski wrote:
> Allow passing ps-socket file descriptor when launching criu.
>
> This makes it possible to have the pageserver communication go over anonymous
> unix sockets, e.g. created by socketpair().
>
> Such setup makes it easier to secure pageserver connection by wrapping
> it in an encrypted tunnel. It also helps prevent attacks where
> a malicious process connects to page server and injects its own
> stream of pages to either fool criu into restoring wrong pages or
> to DoS the pageserver by having it exhaust local storage by writing
> large .img files.
Hello Pawel,
Thank you for the patch. Can you add a decription for this option into
Documentation/criu.txt and the usage message (criu/crtools.c).
Thanks,
Andrei
>
> Signed-off-by: Pawel Stradomski <pstradomski at google.com>
> ---
> criu/crtools.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/criu/crtools.c b/criu/crtools.c
> index 4ff7a9f2..cd049fbc 100644
> --- a/criu/crtools.c
> +++ b/criu/crtools.c
> @@ -351,6 +351,7 @@ int main(int argc, char *argv[], char *envp[])
> BOOL_OPT("remote", &opts.remote),
> { "config", required_argument, 0, 1089},
> { "no-default-config", no_argument, 0, 1090},
> + { "ps-socket", required_argument, 0, 1091},
> { },
> };
>
> @@ -679,6 +680,9 @@ int main(int argc, char *argv[], char *envp[])
> break;
> case 1090:
> break;
> + case 1091:
> + opts.ps_socket = atoi(optarg);
> + break;
> case 'V':
> pr_msg("Version: %s\n", CRIU_VERSION);
> if (strcmp(CRIU_GITID, "0"))
> --
> 2.18.0.rc1.242.g61856ae69a-goog
>
>
> --
> Pawel Stradomski
> _______________________________________________
> CRIU mailing list
> CRIU at openvz.org
> https://lists.openvz.org/mailman/listinfo/criu
More information about the CRIU
mailing list