[Devel] Re: [PATCH 1/1] restart: accept the lsm_name field in header and add -k flag

Oren Laadan orenl at librato.com
Fri Oct 2 14:02:54 PDT 2009 


Serge E. Hallyn wrote:
> The checkpoint file header now has an 11-character string
> containing the name of the active LSM, following the uts
> info, and a variable length buffer type conaining LSM-specific
> version information (for instance a sha1sum of policy).
> Handle these.
> 
> Also add a -k (--keeplsm) flag to tell restart to set the
> RESTART_KEEP_LSM flag to sys_restart().
> 
> Signed-off-by: Serge E. Hallyn <serue at us.ibm.com>

A couple of comments below. Otherwise:

Acked-by: Oren Laadan <orenl at cs.columbia.edu>


> ---
>  restart.c |   32 +++++++++++++++++++++++++++++++-
>  1 files changed, 31 insertions(+), 1 deletions(-)
> 
> diff --git a/restart.c b/restart.c
> index b810ca9..44ae252 100644
> --- a/restart.c
> +++ b/restart.c
> @@ -68,6 +68,7 @@ static char usage_str[] =
>  "     --signal=SIG       send SIG to root task on SIGINT (default: SIGKILL\n"
>  "                        to container root, SIGINT otherwise)\n"
>  "  -w,--wait             wait for root task to termiate (default)\n"
> +"  -k,--keeplsm          Try to recreate original LSM labels on all objects\n"
>  "     --show-status      show exit status of root task (implies -w)\n"
>  "     --copy-status      imitate exit status of root task (implies -w)\n"
>  "  -W,--no-wait          do not wait for root task to terminate\n"
> @@ -349,6 +350,8 @@ struct args {
>  	char *input;
>  };
>  
> +int keep_lsm;

Can you please use 'struct args' for this ?
	
> +
>  static void usage(char *str)
>  {
>  	fprintf(stderr, "%s", str);
> @@ -377,6 +380,7 @@ static void parse_args(struct args *args, int argc, char *argv[])
>  		{ "self",	no_argument,		NULL, 6},
>  		{ "signal",	required_argument,	NULL, 4 },
>  		{ "inspect",	no_argument,		NULL, 5 },
> +		{ "keeplsm",	no_argument,		NULL, 'k' },
>  		{ "input",	required_argument,	NULL, 'i' },
>  		{ "root",	required_argument,	NULL, 'r' },
>  		{ "wait",	no_argument,		NULL, 'w' },
> @@ -388,7 +392,7 @@ static void parse_args(struct args *args, int argc, char *argv[])
>  		{ "debug",	no_argument,		NULL, 'd' },
>  		{ NULL,		0,			NULL, 0 }
>  	};
> -	static char optc[] = "hdvpPwWF:r:i:";
> +	static char optc[] = "hdvpkPwWF:r:i:";
>  
>  	int sig;
>  
> @@ -443,6 +447,9 @@ static void parse_args(struct args *args, int argc, char *argv[])
>  		case 'w':
>  			args->wait = 1;
>  			break;
> +		case 'k':
> +			keep_lsm = RESTART_KEEP_LSM;
> +			break;
>  		case 'W':
>  			args->wait = 0;
>  			break;
> @@ -927,6 +934,7 @@ static int ckpt_coordinator(struct ckpt_ctx *ctx)
>  	if (ctx->args->freezer)
>  		flags |= RESTART_FROZEN;
>  
> +	flags |= keep_lsm;
>  	ret = restart(root_pid, STDIN_FILENO, flags);
>  
>  	if (ret < 0) {
> @@ -1581,6 +1589,7 @@ static int ckpt_make_tree(struct ckpt_ctx *ctx, struct task *task)
>  	if (task->flags & (TASK_GHOST | TASK_DEAD))
>  		flags |= RESTART_GHOST;
>  
> +	flags |= keep_lsm;
>  	/* on success this doesn't return */
>  	ckpt_dbg("about to call sys_restart(), flags %#lx\n", flags);
>  	ret = restart(0, STDIN_FILENO, flags);
> @@ -2057,6 +2066,7 @@ static int ckpt_read_obj_buffer(struct ckpt_ctx *ctx, void *buf, int n)
>   * read/write the checkpoint image: similar to in-kernel code
>   */
>  
> +#define SECURITY_NAME_MAX 20

Why is this ?  if it's kernel ABI then define in checkpoint_hdr.h,
or include suitable header.

>  static int ckpt_read_header(struct ckpt_ctx *ctx)
>  {
>  	struct ckpt_hdr_header *h;
> @@ -2090,6 +2100,16 @@ static int ckpt_read_header(struct ckpt_ctx *ctx)
>  	if (ret < 0)
>  		return ret;
>  
> +	ptr += ((struct ckpt_hdr *) ptr)->len;
> +	ret = ckpt_read_obj_buffer(ctx, ptr, SECURITY_NAME_MAX + 1);
> +	if (ret < 0)
> +		return ret;
> +
> +	ptr += ((struct ckpt_hdr *) ptr)->len;
> +	ret = ckpt_read_obj_type(ctx, ptr, 200, CKPT_HDR_LSM_INFO);
> +	if (ret < 0)
> +		return ret;
> +
>  	/* FIXME: skip version validation for now */
>  
>  	return 0;
> @@ -2169,6 +2189,16 @@ static int ckpt_write_header(struct ckpt_ctx *ctx)
>  	ptr += ((struct ckpt_hdr *) ptr)->len;
>  	ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) ptr);
>  
> +	if (ret < 0)
> +		return ret;
> +	ptr += ((struct ckpt_hdr *) ptr)->len;
> +	ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) ptr);
> +	if (ret < 0)
> +		return ret;
> +
> +	ptr += ((struct ckpt_hdr *) ptr)->len;
> +	ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) ptr);
> +
>  	return ret;
>  }
>  
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers

More information about the Devel mailing list