restore: set uid and git onto zero otherwise PR_SET_MM_EXE_FILE can fail

When a non-root user runs "criu restore" and criu has the suid bit, a process will run with non-zero uid and gid. Before the 4.13 kernel (4d28df6152aa "prctl: Allow local CAP_SYS_ADMIN changing exe_file"), PR_SET_MM_EXE_FILE fails if uid or gid isn't zero. Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>

restore: set uid and git onto zero otherwise PR_SET_MM_EXE_FILE can fail
When a non-root user runs "criu restore" and criu has the suid bit, a process will run with non-zero uid and gid. Before the 4.13 kernel (4d28df6152aa "prctl: Allow local CAP_SYS_ADMIN changing exe_file"), PR_SET_MM_EXE_FILE fails if uid or gid isn't zero. Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
4d164327 · Andrei Vagin · Andrei Vagin · ae55a6cc · 4d164327
Commit 4d164327 authored Jul 10, 2018 by Andrei Vagin Committed by Andrei Vagin Oct 30, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 1 deletion

cr-restore.c criu/cr-restore.c +5 -1

No files found.
--- a/criu/cr-restore.c
+++ b/criu/cr-restore.c
@@ -1286,7 +1286,11 @@ static void maybe_clone_parent(struct pstree_item *item,

 static bool needs_prep_creds(struct pstree_item *item)
 {
-	return (!item->parent && (root_ns_mask & CLONE_NEWUSER));
+	/*
+	 * Before the 4.13 kernel, it was impossible to set
+	 * an exe_file if uid or gid isn't zero.
+	 */
+	return (!item->parent && ((root_ns_mask & CLONE_NEWUSER) || getuid()));
 }

 static inline int fork_with_pid(struct pstree_item *item)