lsm: Move host lsmtype on kerndat

Currently this is lsm.c's static variable, but since kdat is now cached (and uncached) this value stays zero (no lsm) if the cache file gets loaded, which is obviously wrong and breaks the restore all the time on lsm-enabled hosts. https://github.com/xemul/criu/issues/323Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com> Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>

lsm: Move host lsmtype on kerndat
Currently this is lsm.c's static variable, but since kdat is now cached (and uncached) this value stays zero (no lsm) if the cache file gets loaded, which is obviously wrong and breaks the restore all the time on lsm-enabled hosts. https://github.com/xemul/criu/issues/323Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com> Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
e6302380 · Pavel Emelyanov · Andrei Vagin · 171acca8 · e6302380 · e6302380
Commit e6302380 authored Jun 26, 2017 by Pavel Emelyanov Committed by Andrei Vagin Jun 27, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 11 deletions

kerndat.h criu/include/kerndat.h +3 -0

lsm.c criu/lsm.c +10 -11

No files found.
--- a/criu/include/kerndat.h
+++ b/criu/include/kerndat.h
 #ifndef __CR_KERNDAT_H__
 #define __CR_KERNDAT_H__
+#include <stdbool.h>
 #include "int.h"
 struct stat;
@@ -45,6 +47,7 @@ struct kerndat_s {
 	unsigned long mmap_min_addr;
 	bool has_tcp_half_closed;
 	bool stack_guard_gap_hidden;
+	int lsm;
 };
 extern struct kerndat_s kdat;

--- a/criu/lsm.c
+++ b/criu/lsm.c
@@ -5,6 +5,7 @@
 #include <sys/types.h>
 #include <unistd.h>
+#include "kerndat.h"
 #include "config.h"
 #include "pstree.h"
 #include "util.h"
@@ -19,8 +20,6 @@
 #include <selinux/selinux.h>
 #endif
-static Lsmtype	lsmtype;
 static int apparmor_get_label(pid_t pid, char **profile_name)
 {
 	FILE *f;
@@ -108,7 +107,7 @@ static int selinux_get_label(pid_t pid, char **output)
 void kerndat_lsm(void)
 {
 	if (access(AA_SECURITYFS_PATH, F_OK) == 0) {
-		lsmtype = LSMTYPE__APPARMOR;
+		kdat.lsm = LSMTYPE__APPARMOR;
 		return;
 	}
@@ -119,17 +118,17 @@ void kerndat_lsm(void)
 	 * well.
 	 */
 	if (access("/sys/fs/selinux", F_OK) == 0) {
-		lsmtype = LSMTYPE__SELINUX;
+		kdat.lsm = LSMTYPE__SELINUX;
 		return;
 	}
 #endif
-	lsmtype = LSMTYPE__NO_LSM;
+	kdat.lsm = LSMTYPE__NO_LSM;
 }
 Lsmtype host_lsm_type(void)
 {
-	return lsmtype;
+	return kdat.lsm;
 }
 int collect_lsm_profile(pid_t pid, CredsEntry *ce)
@@ -138,7 +137,7 @@ int collect_lsm_profile(pid_t pid, CredsEntry *ce)
 	ce->lsm_profile = NULL;
-	switch (lsmtype) {
+	switch (kdat.lsm) {
 	case LSMTYPE__NO_LSM:
 		ret = 0;
 		break;
@@ -167,7 +166,7 @@ extern Lsmtype image_lsm;
 int validate_lsm(char *lsm_profile)
 {
-	if (image_lsm == LSMTYPE__NO_LSM || image_lsm == lsmtype)
+	if (image_lsm == LSMTYPE__NO_LSM || image_lsm == kdat.lsm)
 		return 0;
 	/*
@@ -187,7 +186,7 @@ int render_lsm_profile(char *profile, char **val)
 {
 	*val = NULL;
-	switch (lsmtype) {
+	switch (kdat.lsm) {
 	case LSMTYPE__APPARMOR:
 		if (strcmp(profile, "unconfined") != 0 && asprintf(val, "changeprofile %s", profile) < 0) {
 			pr_err("allocating lsm profile failed\n");
@@ -226,14 +225,14 @@ int lsm_check_opts(void)
 	aux++;
 	if (strcmp(opts.lsm_profile, "apparmor") == 0) {
-		if (lsmtype != LSMTYPE__APPARMOR) {
+		if (kdat.lsm != LSMTYPE__APPARMOR) {
 			pr_err("apparmor LSM specified but apparmor not supported by kernel\n");
 			return -1;
 		}
 		opts.lsm_profile = aux;
 	} else if (strcmp(opts.lsm_profile, "selinux") == 0) {
-		if (lsmtype != LSMTYPE__SELINUX) {
+		if (kdat.lsm != LSMTYPE__SELINUX) {
 			pr_err("selinux LSM specified but selinux not supported by kernel\n");
 			return -1;
 		}