Revert "seccomp: add a --no-seccomp option to disable dumping seccomp"

This reverts commit a98014f3. As per Saied Kazemi, actually dump works without seccomp support from the kernel on non-seccomped tasks. The only problem was with criu check, but this would be addressed separately. Reverting the commit not to burden the API with (yet) unneeded stuff. Conflicts: lib/c/criu.h

Revert "seccomp: add a --no-seccomp option to disable dumping seccomp"
This reverts commit a98014f3. As per Saied Kazemi, actually dump works without seccomp support from the kernel on non-seccomped tasks. The only problem was with criu check, but this would be addressed separately. Reverting the commit not to burden the API with (yet) unneeded stuff. Conflicts: lib/c/criu.h
3cffd523 · Pavel Emelyanov · 4a14b324 · 3cffd523 · 3cffd523 · 3cffd523
Commit 3cffd523 authored Feb 20, 2016 by Pavel Emelyanov
8 changed files
--- a/Documentation/criu.txt
+++ b/Documentation/criu.txt
@@ -205,11 +205,6 @@ In other words, do not use it until really needed.
    information into image file. If the option is omitted or set to *none*
    then image will not be written. By default *criu* do not write this image.

-*--no-seccomp*::
-    Disable the dumping of seccomp state; this is useful for c/r of tasks using
-    seccomp running on old kernels which do not have support for dump and
-    restore of seccomp state.
-
 *restore*
 ~~~~~~~~~
 Restores previously checkpointed processes.

--- a/criu/cr-service.c
+++ b/criu/cr-service.c
@@ -473,9 +473,6 @@ static int setup_opts_from_req(int sk, CriuOpts *req)
 		}
 	}

-	if (req->has_no_seccomp)
-		opts.no_seccomp = req->no_seccomp;
-
 	return 0;

 err:

--- a/criu/crtools.c
+++ b/criu/crtools.c
@@ -274,7 +274,6 @@ int main(int argc, char *argv[], char *envp[])
 		{ "timeout",			required_argument,	0, 1072 },
 		{ "external",			required_argument,	0, 1073	},
 		{ "empty-ns",			required_argument,	0, 1074	},
-		{ "no-seccomp",			no_argument,		0, 1075 },
 		{ },
 	};

@@ -554,9 +553,6 @@ int main(int argc, char *argv[], char *envp[])
 				return 1;
 			}
 			break;
-		case 1075:
-			opts.no_seccomp = true;
-			break;
 		case 'V':
 			pr_msg("Version: %s\n", CRIU_VERSION);
 			if (strcmp(CRIU_GITID, "0"))
@@ -811,10 +807,6 @@ usage:
 "  --empty-ns {net}\n"
 "			Create a namespace, but don't restore its properies.\n"
 "			An user will retore them from action scripts.\n"
-"  --no-seccomp          Disable the dumping of seccomp state; this is useful\n"
-"                        for c/r of tasks using seccomp running on old kernels\n"
-"                        which do not have support for dump and restore\n"
-"                        of seccomp state.\n"
 "\n"
 "* Logging:\n"
 "  -o|--log-file FILE    log file name\n"

--- a/criu/include/cr_options.h
+++ b/criu/include/cr_options.h
@@ -107,7 +107,6 @@ struct cr_options {
 	char			*lsm_profile;
 	unsigned int		timeout;
 	unsigned int		empty_ns;
-	bool			no_seccomp;
 };

 extern struct cr_options opts;

--- a/criu/proc_parse.c
+++ b/criu/proc_parse.c
@@ -1004,11 +1004,6 @@ int parse_pid_status(pid_t pid, struct proc_status_creds *cr)
 				goto err_parse;
 			}

-			if (opts.no_seccomp && cr->seccomp_mode != SECCOMP_MODE_DISABLED) {
-				pr_warn("task %d has seccomp, not disabling, dump may fail\n", pid);
-				cr->seccomp_mode = SECCOMP_MODE_DISABLED;
-			}
-
 			parsed_seccomp = true;
 			done++;
 			continue;

--- a/images/rpc.proto
+++ b/images/rpc.proto
@@ -90,7 +90,6 @@ message criu_opts {
 	repeated string			irmap_scan_paths = 36;
 	repeated string			external	= 37;
 	optional uint32			empty_ns	= 38;
-	optional bool			no_seccomp	= 39;
 }

 message criu_dump_resp {

--- a/lib/c/criu.c
+++ b/lib/c/criu.c
@@ -700,12 +700,6 @@ err:
 	return -ENOMEM;
 }

-void criu_local_set_no_seccomp(criu_opts *opts, bool val)
-{
-	opts->rpc->has_no_seccomp = true;
-	opts->rpc->no_seccomp = val;
-}
-
 int criu_add_skip_mnt(char *mnt)
 {
 	return criu_local_add_skip_mnt(global_opts, mnt);
@@ -727,11 +721,6 @@ int criu_add_irmap_path(char *path)
 	return criu_local_add_irmap_path(global_opts, path);
 }

-void criu_set_no_seccomp(bool val)
-{
-	return criu_local_set_no_seccomp(global_opts, val);
-}
-
 static CriuResp *recv_resp(int socket_fd)
 {
 	unsigned char *buf = NULL;

--- a/lib/c/criu.h
+++ b/lib/c/criu.h
@@ -89,7 +89,6 @@ int criu_add_enable_fs(char *fs);
 int criu_add_skip_mnt(char *mnt);
 void criu_set_ghost_limit(unsigned int limit);
 int criu_add_irmap_path(char *path);
-void criu_set_no_seccomp(bool no_seccomp);

 /*
 * The criu_notify_arg_t na argument is an opaque
@@ -192,7 +191,6 @@ int criu_local_add_enable_fs(criu_opts *opts, char *fs);
 int criu_local_add_skip_mnt(criu_opts *opts, char *mnt);
 void criu_local_set_ghost_limit(criu_opts *opts, unsigned int limit);
 int criu_local_add_irmap_path(criu_opts *opts, char *path);
-void criu_local_set_no_seccomp(criu_opts *opts, bool val);

 void criu_local_set_notify_cb(criu_opts *opts, int (*cb)(char *action, criu_notify_arg_t na));