security: Also save gid of user requesting for C/R

Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

cr-service.c

@@ -87,7 +87,7 @@ static int setup_dump_from_req(int sk, CriuOpts *req)
 		return -1;
 	}
 
-	restrict_uid(ids.uid);
+	restrict_uid(ids.uid, ids.gid);
 
 	if (fstat(sk, &st)) {
 		pr_perror("Can't get socket stat");

crtools.c

@@ -72,7 +72,7 @@ int main(int argc, char *argv[])
 	BUILD_BUG_ON(PAGE_SIZE != PAGE_IMAGE_SIZE);
 
 	cr_pb_init();
-	restrict_uid(getuid());
+	restrict_uid(getuid(), getgid());
 
 	if (argc < 2)
 		goto usage;

include/crtools.h

@@ -208,7 +208,7 @@ static inline bool pid_rst_prio(unsigned pid_a, unsigned pid_b)
 	return pid_a < pid_b;
 }
 
-void restrict_uid(unsigned int uid);
+void restrict_uid(unsigned int uid, unsigned int gid);
 struct proc_status_creds;
 bool may_dump(struct proc_status_creds *);
 struct _CredsEntry;

security.c

@@ -3,7 +3,10 @@
 #include "proc_parse.h"
 #include "log.h"
 
-static unsigned int cr_uid; /* UID which user can C/R */
+/*
+ * UID and GID of user requesting for C/R
+ */
+static unsigned int cr_uid, cr_gid;
 
 /*
  * Setup what user is requesting for dump (via rpc or using 
@@ -12,10 +15,11 @@ static unsigned int cr_uid; /* UID which user can C/R */
  * access to. (Or implement some trickier security policy).
  */
 
-void restrict_uid(unsigned int uid)
+void restrict_uid(unsigned int uid, unsigned int gid)
 {
-	pr_info("Restrict C/R with %u uid\n", uid);
+	pr_info("Restrict C/R with %u:%u uid\n", uid, gid);
 	cr_uid = uid;
+	cr_gid = gid;
 }
 
 static bool check_uid(unsigned int uid)