[CRIU] [PATCH 02/27] seccomp: Fetch seccomp flags if kernel provides
Dmitry Safonov
0x7f454c46 at gmail.com
Thu Mar 1 17:18:40 MSK 2018
Hi Cyrill,
2018-03-01 12:41 GMT+00:00 Cyrill Gorcunov <gorcunov at openvz.org>:
> From: Cyrill Gorcunov <gorcunov at virtuozzo.com>
>
> Note that we don't check it on restore yet just save in image.
>
> Signed-off-by: Cyrill Gorcunov <gorcunov at virtuozzo.com>
[..]
> @@ -72,7 +80,20 @@ static int collect_filter_for_pstree(struct pstree_item *item)
> }
> }
>
> - inherited = find_inherited(item->parent, buf, len);
> + if (!meta)
> + meta = &meta_buf;
> +
> + if (ptrace(PTRACE_SECCOMP_GET_METADATA, item->pid->real, i, meta) < 0) {
> + if (errno == EIO) {
> + meta = NULL;
> + } else {
> + pr_perror("couldn't fetch seccomp metadata: pid %d pos %d",
> + item->pid->real, i);
> + goto out;
> + }
> + }
> +
> + inherited = find_inherited(item->parent, buf, len, meta);
> if (inherited) {
> bool found = false;
Should we possibly introduce kdat feature for SECCOMP_GET_METADATA?
That will reflect the usual policy for kernel features and have two pros:
1. We will not make unneeded ptrace() syscalls on pre-v4.16 kernel that
don't support this kind of request.
2. Someone interested may check it with `criu check --feature <...>`
I don't mind, but it looks to me that we better have the same policy applied
for all new kernel features, having them in kdat..
--
Dmitry
More information about the CRIU
mailing list