user_ns: Prepare creds of newly created task

Sockets are sent via SCM_CREDENTIALS, and this kernel interface needs to have uid and gid mapped (see __scm_send() in kernel). So, set them before send_fds() use. Also, move prep_usernsd_transport() below to be after this for uniformity. Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com> Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>

user_ns: Prepare creds of newly created task
Sockets are sent via SCM_CREDENTIALS, and this kernel interface needs to have uid and gid mapped (see __scm_send() in kernel). So, set them before send_fds() use. Also, move prep_usernsd_transport() below to be after this for uniformity. Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com> Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
36ad24a1 · Kirill Tkhai · Andrei Vagin · 8fadf2b3 · 36ad24a1
Commit 36ad24a1 authored Jun 07, 2017 by Kirill Tkhai Committed by Andrei Vagin May 12, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

cr-restore.c criu/cr-restore.c +8 -0

No files found.
--- a/criu/cr-restore.c
+++ b/criu/cr-restore.c
@@ -1242,6 +1242,11 @@ static void maybe_clone_parent(struct pstree_item *item,
 	}
 }

+static bool needs_prep_creds(struct pstree_item *item)
+{
+	return (!item->parent && (root_ns_mask & CLONE_NEWUSER));
+}
+
 static inline int fork_with_pid(struct pstree_item *item)
 {
 	struct cr_clone_arg ca;
@@ -1637,6 +1642,9 @@ static int restore_task_with_children(void *_arg)
 			goto err;
 	}

+	if (needs_prep_creds(current) && (prepare_userns_creds()))
+		goto err;
+
 	/*
 	 * Call this _before_ forking to optimize cgroups
 	 * restore -- if all tasks live in one set of cgroups