- 10 Nov, 2014 1 commit
-
-
Andrey Vagin authored
We do the same for other features. Here is an exception in case of the --ms option. Signed-off-by:
Andrey Vagin <avagin@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
- 09 Nov, 2014 1 commit
-
-
Pavel Emelyanov authored
ispathsub("/foo", "/") reports false. This is a corner case, as 2nd argument is not expected to end with /. Fix this and add comment about ispathsub() arguments assumptions. Reported-by:Andrey Vagin <avagin@parallels.com> Signed-off-by:
-
- 07 Nov, 2014 20 commits
-
-
Andrey Vagin authored
Restoring mount namespaces requires to create temporary directories in a test root. When tests execute in a new userns, they have non-zero gid and uid, so we need to grant permissions for them. v2: add +rx as well Reported-by: Mr Jenkins Signed-off-by:
-
Pavel Emelyanov authored
When we validate the mount tree not to have overmounts we need to check one path to be the sub-path of another. Here's a helper for this. Signed-off-by:
-
Pavel Emelyanov authored
Signed-off-by: -
Andrey Vagin authored
We enter into the target userns and try to enter in other namespaces. The "enter" operation requires CAP_SYS_ADMIN in a user namespace, where a taget namespace was created. Now if one or more namespaces were created in another userns, criu stops dumping and return an error. I want to find someone, who uses this configuration. In this case restore will be more complicated. Current version covers containers needs. Signed-off-by:
-
Andrey Vagin authored
Sockets tests are excluded, because SO_RCVBUFFORCE and SO_SNDBUFFORCE are protected by CAP_NET_ADMIN tty*, pty* are excluded, because TIOCSLCKTRMIOS protected by CAP_SYS_ADMIN *ghost, *notify, *unlink* are excluded, because linkat(AT_EMPTY_PATH) are protected by CAP_DAC_READ_SEARCH v2: use a blacklist Signed-off-by:
-
Andrey Vagin authored
v2: don't forget to initialize groups Signed-off-by:
-
Andrey Vagin authored
Here are two issues: 1. All mounts in a new user namespace are locked, so we need to create a new root mount. We need to bind-mount root to itself. 2. /proc and /sys must be mounted before umounting /proc and /sys which were inhereted. It's a security policy. """ Author: Eric W. Biederman <ebiederm@xmission.com> Date: Sun Mar 24 14:28:27 2013 -0700 userns: Restrict when proc and sysfs can be mounted Only allow unprivileged mounts of proc and sysfs if they are already mounted when the user namespace is created. """ Signed-off-by: -
Andrey Vagin authored
Devices can not be created in a new user namespace. Signed-off-by:
-
Andrey Vagin authored
It is cleared when a process is forked in a new userns. Signed-off-by:
-
Andrey Vagin authored
In this patch we fill /proc/PID/uid_map and /proc/PID/gid_map for the root task. v2: initialize groups in a new namespace. Acked-by:
Serge E. Hallyn <serge.hallyn@ubuntu.com> v3: add a helper to initialize creds in a new userns v4: initialize userns creds in prepare_namespaces() Signed-off-by:
-
Andrey Vagin authored
For that we need to save per-namespace mappings of user and group IDs. And all id-s for tasks and files are saved from the target user namespace. v2: move code into collect_namespaces() Signed-off-by:
-
Andrey Vagin authored
We are going to support user namespaces and uid-s will be converted accoding with userns mappings. v2: conver id-s for sockets too Signed-off-by:
-
Andrey Vagin authored
It's unused now. v2: remove the proc_pid_stat_small struct too. Signed-off-by:
-
Andrey Vagin authored
It's a bad idea to a group of processes and only then check rights for this operation. We need to check permissions a soon as posible to reduce impacts in case of wrong permissions. In addtion criu doesn't to parse /proc/pid/state and gets all required infromation from /proc/pid/status. Signed-off-by:
-
Andrey Vagin authored
v2: don't leak FILE CID 73423 (#1 of 1): Resource leak (RESOURCE_LEAK) 15. leaked_storage: Variable f going out of scope leaks the storage it points to. Signed-off-by:
-
Andrey Vagin authored
We get sig and pgid from a parasite, because we need to get them from a target pid namespace. Signed-off-by:
-
Andrey Vagin authored
We have two reason for that: * parsing of /proc/pid/status is slow * parasite returns ids from a target userns Signed-off-by:
-
Andrey Vagin authored
Signed-off-by:
-
Andrey Vagin authored
Normally, one of the first steps after creating a new user namespace is to define the mappings used for the user and group IDs of the processes that will be created in that namespace. This is done by writing mapping information to the /proc/PID/uid_map and /proc/PID/gid_map files corresponding to one of the processes in the user namespace. Signed-off-by:
-
Andrey Vagin authored
When we create a new mntns in a userns, all inhereted mounts are marked as locked. pivot_root() returns EINVAL if a new root is locked. Signed-off-by:
-
- 06 Nov, 2014 1 commit
-
-
Andrey Vagin authored
page-server are not tested now. I suggest to add it in the pre-dump job. v2: execute all tests with and without page server Signed-off-by:
-
- 05 Nov, 2014 17 commits
-
-
Andrey Vagin authored
All out processes are stopped in a moment, when file locks are collected, so they can't to wait any locks. Here is a proof of this theory: [root@avagin-fc19-cr ~]# flock xxx sleep 1000 & [1] 23278 [root@avagin-fc19-cr ~]# flock xxx sleep 1000 & [2] 23280 [root@avagin-fc19-cr ~]# cat /proc/locks 1: FLOCK ADVISORY WRITE 23278 08:03:280001 0 EOF 1: -> FLOCK ADVISORY WRITE 23280 08:03:280001 0 EOF [root@avagin-fc19-cr ~]# gdb -p 23280 (gdb) ^Z [3]+ Stopped gdb -p 23280 [root@avagin-fc19-cr ~]# cat /proc/locks 1: FLOCK ADVISORY WRITE 23278 08:03:280001 0 EOF Currently criu can dump nothing, if we have one process which is waiting a lock. I don't see any reason to do this. v2: typo fix Cc: Qiang Huang <h.huangqiang@huawei.com> Reported-by: Mr Jenkins Signed-off-by:
-
Andrey Vagin authored
Fixes: e47eccb1 ("page-server: don't forget to close a sever socket") Signed-off-by:
-
Andrey Vagin authored
CID 73370: Resource leak (RESOURCE_LEAK) 13. leaked_storage: Variable timer going out of scope leaks the storage it points to. Signed-off-by:
-
Andrey Vagin authored
CID 73377: Resource leak (RESOURCE_LEAK) 10. leaked_storage: Variable values going out of scope leaks the storage it points to. Signed-off-by:
-
Andrey Vagin authored
CID 73347 (#7-4 of 7): Resource leak (RESOURCE_LEAK) 21. leaked_handle: Handle variable sk going out of scope leaks the handle. Signed-off-by:
-
Andrey Vagin authored
I think this version of code is a bit more readable. It doesn't do memcpy and doesn't allocate FILE. Everyone knows arguments for read(), but only a few of us know arguments for fread(). CID 73345 (#1 of 1): String not null terminated (STRING_NULL) 2. string_null_argument: Function fread does not terminate string *buf. [Note: The source code implementation of the function has been overridden by a builtin model.] Cc: Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
-
Andrey Vagin authored
CID 73354 (#1 of 1): Resource leak (RESOURCE_LEAK) 9. leaked_handle: Handle variable sock going out of scope leaks the handle Signed-off-by:
-
Andrey Vagin authored
list_for_each_entry_safe() should be used, you we are going to delete something from a list. CID 73383 (#1 of 1): Read from pointer after free (USE_AFTER_FREE) 4. deref_after_free: Dereferencing freed pointer prop. Cc: Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
-
Andrey Vagin authored
This function doesn't allocate memory, so it should not release it. CID 73380 (#1 of 1): Use after free (USE_AFTER_FREE) 14. deref_arg: Calling munmap dereferences freed pointer addr. Signed-off-by:
-
Andrey Vagin authored
CID 73379 (#1 of 1): Use after free (USE_AFTER_FREE) 31. deref_arg: Calling fclose dereferences freed pointer fp. Signed-off-by:
-
Andrey Vagin authored
CID 73348 (#1 of 1): Resource leak (RESOURCE_LEAK) 19. leaked_handle: Handle variable sk going out of scope leaks the handle. Signed-off-by:
-
Andrey Vagin authored
When a process, which starts a service, exits, we know that we can connect to the page server and we expect to find pidfile. If we create pidfile from a page server process, we have a race window. Signed-off-by:
-
Andrey Vagin authored
CID 73381 (#1 of 1): Out-of-bounds write (OVERRUN) 15. overrun-local: Overrunning array loc_buf of 4096 bytes at byte offset 4096 using index len (which evaluates to 4096). CID 73355 (#1 of 1): Out-of-bounds write (OVERRUN) 6. overrun-local: Overrunning array loc_buf of 4096 bytes at byte offset 4096 using index ret (which evaluates to 4096) Signed-off-by:
-
Pavel Emelyanov authored
Signed-off-by:
-
Pavel Emelyanov authored
Introduced by eb214be2, the empty mnt_share list cannot produce the list_first_entry element :) Signed-off-by:
-
Pavel Emelyanov authored
Signed-off-by: -
Pavel Emelyanov authored
Signed-off-by:
-
