tcp: Restore creds after turning off tcp repair mode

The tcp repair manipulations require CAP_SYS_NET_ADMIN on a calling task. Thus, if the task to restore is run from non-root user, the tcp socket repair off will fail, but restoration wouldn't abort. Fix this by moving creds restore after tcp restore finish. Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

tcp: Restore creds after turning off tcp repair mode
The tcp repair manipulations require CAP_SYS_NET_ADMIN on a calling task. Thus, if the task to restore is run from non-root user, the tcp socket repair off will fail, but restoration wouldn't abort. Fix this by moving creds restore after tcp restore finish. Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
18dee445 · Pavel Emelyanov · 2ab06c9c · 18dee445
Commit 18dee445 authored Apr 11, 2013 by Pavel Emelyanov
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 7 deletions

restorer.c pie/restorer.c +8 -7

No files found.
--- a/pie/restorer.c
+++ b/pie/restorer.c
@@ -739,13 +739,6 @@ long __export_restore_task(struct task_restore_core_args *args)
 	restore_rlims(args);
-	/* 
-	 * Writing to last-pid is CAP_SYS_ADMIN protected, thus restore
-	 * creds _after_ all threads creation.
-	 */
-	restore_creds(&args->creds);
 	pr_info("%ld: Restored\n", sys_getpid());
 	futex_set(&zombies_inprogress, args->nr_zombies);
@@ -781,6 +774,14 @@ long __export_restore_task(struct task_restore_core_args *args)
 	rst_tcp_socks_all(args->rst_tcp_socks, args->rst_tcp_socks_size);
+	/* 
+	 * Writing to last-pid is CAP_SYS_ADMIN protected,
+	 * turning off TCP repair is CAP_SYS_NED_ADMIN protected,
+	 * thus restore* creds _after_ all of the above.
+	 */
+	restore_creds(&args->creds);
 	log_set_fd(-1);
 	/*