[CRIU] [PATCH] Allow passing ps-socket file descriptor when launching criu.

Andrei Vagin avagin at virtuozzo.com
Fri Jun 29 00:58:06 MSK 2018 

Applied, thanks a lot

On Thu, Jun 28, 2018 at 04:26:09PM +0200, Paweł Stradomski wrote:
> Done - two more patches sent to this list
> czw., 21 cze 2018 o 22:52 Andrei Vagin <avagin at virtuozzo.com> napisał(a):
> >
> > On Wed, Jun 13, 2018 at 12:27:37PM +0200, Pawel Stradomski wrote:
> > > Allow passing ps-socket file descriptor when launching criu.
> > >
> > > This makes it possible to have the pageserver communication go over anonymous
> > > unix sockets, e.g. created by socketpair().
> > >
> > > Such setup makes it easier to secure pageserver connection by wrapping
> > > it in an encrypted tunnel. It also helps prevent attacks where
> > > a malicious process connects to page server and injects its own
> > > stream of pages to either fool criu into restoring wrong pages or
> > > to DoS the pageserver by having it exhaust local storage by writing
> > > large .img files.
> >
> >
> > Hello Pawel,
> >
> > Thank you for the patch. Can you add a decription for this option into
> > Documentation/criu.txt and the usage message (criu/crtools.c).
> >
> > Thanks,
> > Andrei
> >
> > >
> > > Signed-off-by: Pawel Stradomski <pstradomski at google.com>
> > > ---
> > >  criu/crtools.c | 4 ++++
> > >  1 file changed, 4 insertions(+)
> > >
> > > diff --git a/criu/crtools.c b/criu/crtools.c
> > > index 4ff7a9f2..cd049fbc 100644
> > > --- a/criu/crtools.c
> > > +++ b/criu/crtools.c
> > > @@ -351,6 +351,7 @@ int main(int argc, char *argv[], char *envp[])
> > >               BOOL_OPT("remote", &opts.remote),
> > >               { "config",                     required_argument,      0, 1089},
> > >               { "no-default-config",          no_argument,            0, 1090},
> > > +             { "ps-socket",                  required_argument,      0, 1091},
> > >               { },
> > >       };
> > >
> > > @@ -679,6 +680,9 @@ int main(int argc, char *argv[], char *envp[])
> > >                       break;
> > >               case 1090:
> > >                       break;
> > > +             case 1091:
> > > +                     opts.ps_socket = atoi(optarg);
> > > +                     break;
> > >               case 'V':
> > >                       pr_msg("Version: %s\n", CRIU_VERSION);
> > >                       if (strcmp(CRIU_GITID, "0"))
> > > --
> > > 2.18.0.rc1.242.g61856ae69a-goog
> > >
> > >
> > > --
> > > Pawel Stradomski
> > > _______________________________________________
> > > CRIU mailing list
> > > CRIU at openvz.org
> > > https://lists.openvz.org/mailman/listinfo/criu
> 
> 
> 
> --
> Paweł Stradomski

More information about the CRIU mailing list