[CRIU] [PATCH 2/3] seccomp: Move changed ptrace flags setup after creds

Wed May 16 04:33:09 MSK 2018

2018-05-15 9:12 GMT+01:00 Cyrill Gorcunov <gorcunov at gmail.com>:
> Credential commitment affects dumpable and pdeath signals
> so we have to move their restore after the restore_creds,
> just like we have in __export_restore_task (ie for
> group leader).
>
> https://jira.sw.ru/browse/PSBM-84198
>
> Signed-off-by: Cyrill Gorcunov <gorcunov at gmail.com>

Ack,
Fixes: s390
Please, pay attention to Andrey comment about goto core_restore_end
in "[PATCH 08/10] seccomp: Dont forget to suspend filtering on threads"

Also, it might be worth to update:

--- a/criu/include/restorer.h
+++ b/criu/include/restorer.h
@@ -282,7 +282,7 @@ enum {
         * almost ready and what's left is:
         *   pick up zombies and helpers
         *   restore sigchild handlers used to detect restore errors
-        *   restore credentials
+        *   restore credentials, seccomp, dumpable and pdeath_sig
         */
        CR_STATE_RESTORE,
        /*
@@ -297,6 +297,8 @@ enum {
         * credentials are restored. Otherwise someone can attach to a
         * process, which are not restored credentials yet and execute
         * some code.
+        * Seccomp needs to be restored after creds.
+        * Dumpable and pdeath signal are restored after seccomp.
         */
        CR_STATE_RESTORE_CREDS,
        CR_STATE_COMPLETE

Thanks,
             Dmitry
