- 24 Dec, 2015 23 commits
-
-
Cyrill Gorcunov authored
We use page frame number to detect vDSO which has been remapped in-place from runtime vDSO during restore. In such case if the kernel is younger than 3.16 the "[vdso]" mark won't be reported in procfs output. Still to address recently reported CVEs and be able to run CRIU in unprivileged mode we need to handle vDSO without pagemap access and here is the deal -- when we find VMA which "looks like" vDSO we try to scan it for vDSO symbols and if it matches we restore its status without PFN access. Here is some details on @pagemap access in-kernel history: - @pagemap introduced in commit 85863e475e59 where anyone which can attach to a task via ptrace is allowed to read data from @pagemap (Feb 4 2008, v2.6.25-rc1) - in commit 006ebb40d3d65 ptrace attach rule has been changed into ptrace read permission (May 19 2008, v2.6.27-rc1) - in commit ab676b7d6fbf4 opening of @pagemap become guarded with CAP_SYS_ADMIN because of leak of physical addresses into userspace (Mar 9 2015, v4.0-rc5) - in commit 1c90308e7a77a opening of @pagemap become available for regular users again (with ptrace read permission) but physical addresses of pages are hidden from non-privileged userd (Sep 8 2015, v4.3-rc1) Signed-off-by:
Cyrill Gorcunov <gorcunov@openvz.org> Looks-good-to-me: Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
-
Pavel Emelyanov authored
In particular, we won't be able to do memory tracking and zero page detection. Signed-off-by: -
Pavel Emelyanov authored
Kernel doesn't allow to read /proc/pid/map_files. This file is used to get pseudo device for anon shmem mappings, but this info can be get by scanning /proc/self/maps file. This works slower, but still. Signed-off-by: -
Pavel Emelyanov authored
When run from regular user criu will get EACCES/EPERM from opening proc, but in some situations criu will now how to deal with it. So this patch makes it possible not to print error message in logs for such cases. Signed-off-by: -
Cyrill Gorcunov authored
We will need an extra space for memfd based syscall (without poking the stack since it's not that safe without additional tests). So add @pad argument which will be used to find proper memory for seized syscall execution. Signed-off-by:
-
Pavel Emelyanov authored
Right now we only get first 31 symbols of it, but in the next patches full path would be required. Signed-off-by: -
Pavel Emelyanov authored
We no longer support root-mode service and suid binaries, so any artificial restrictions no longer make sense. Signed-off-by: -
Cyrill Gorcunov authored
To test c/r of creds we need more precise way, so lets add a few additional creds to test. Signed-off-by:
-
Cyrill Gorcunov authored
Suitable macro. Signed-off-by:
-
Andrew Vagin authored
Otherwise we will not able to access /proc/pid/* for the process. v2: s/__NR_WAIT4/__NR_setresuid Cc: Tycho Andersen <tycho.andersen@canonical.com> Acked-by:
Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by:
Andrew Vagin <avagin@virtuozzo.com> Signed-off-by:
-
Andrew Vagin authored
Signed-off-by:
-
Andrew Vagin authored
Signed-off-by:
-
Pavel Tikhomirov authored
Modification time changes after cpt/rst file_attr test in VZ7CT: CT-102 criu# cat test/zdtm/live/static/file_attr.out 15:05:05.315: 146: FAIL: file_attr.c:101: modification time has changed (errno = 11 (Resource temporarily unavailable)) https://jira.sw.ru/browse/PSBM-41401 v2: add timeval message, test seem to pass now - remove noauto Signed-off-by:
Pavel Tikhomirov <ptikhomirov@virtuozzo.com> Reviewed-by:
-
Cyrill Gorcunov authored
This as well as restore requires several steps to reach per-thread support during dump stage - @creds area to be fetched from the parasite is embedded into parasite_dump_structure - when test for task to be dumpable we no longer compare caps because we now allow them to be different (and I renamed proc_status_creds_eq to proc_status_creds_dumpable for this sake) - have to extend dump_thread_common to support dumping of creds (we call for dump_thread_common in several places, in particular when we need to fetch misc params we don't need creds, here @creds option comes into the play) - after this patch no creds-X.img file be generated anymore, I guess we might drop it off with time from descriptors https://jira.sw.ru/browse/PSBM-41416 v2: - In dump_task_creds() don't mangle the call for parasite_dump_creds and collect_lsm_profile - PARASITE_MAX_GROUPS takes parasite_dump_thread into account because dump_thread_common now serves two cases: for plain misc parameters fetching and for creds as well (depending on the context) - when test for dumpable we still require the seccomp filters to match, they can be different and we need to support such configuration too but not in this series v3: - Rip off dump_task_creds completely, together with PARASITE_CMD_DUMP_CREDS, we dump creds unconditionally in dump_thread_common - the group leader thread data is fetched via new parasite_dump_thread_leader_seized helper Signed-off-by:
-
Cyrill Gorcunov authored
Because the creds parameters are to be passed inside pie/restorer code but read before thread_restore_args and task_restore_args structures are allocated we need a small trick and prepare creds int several stages - collect all creds data into separate private memory blobs - once all memory needed for restorer is allocated we relocate pointers in this blocks and setup thread_restore_args::thread_creds_args to appropriate address - restorer works as usual and setup creds parameters as before v2: - fix addressing in positioning of rst_ memory (I've occasionally zap pointers and when been sending patches forgot to merge changes back, so while I've the series successfully restoring containers with different creds, if been merged the series won't work. So all changes are merged as appropriate) - drop module's global @cap_last_cap from pie/restorer.c Signed-off-by:
-
Cyrill Gorcunov authored
For easier comparision which gonna be addressed in next patch. https://jira.sw.ru/PSBM-41416Signed-off-by:
-
Cyrill Gorcunov authored
Signed-off-by:
-
Cyrill Gorcunov authored
Creds are per-thread data, declare them appropriately. We will need this data to restore threads with different credentials. (In a scope of https://jira.sw.ru/browse/PSBM-41416) Signed-off-by:
-
Cyrill Gorcunov authored
Signed-off-by:
-
Cyrill Gorcunov authored
Signed-off-by:
-
Cyrill Gorcunov authored
Signed-off-by:
-
Cyrill Gorcunov authored
Signed-off-by:
-
MATSUMOTO, Ryosuke authored
Signed-off-by:
-
- 23 Dec, 2015 8 commits
-
-
Pavel Emelyanov authored
The mountpoints.c test creates such mount and criu will try to kerndat-check one, so this fs should be on "host". Signed-off-by: -
Pavel Emelyanov authored
The mountpoints.c test creates such mount and criu will try to kerndat-check one, so this fs should be on "host". Signed-off-by: -
Andrew Vagin authored
Signed-off-by:
-
Andrew Vagin authored
Signed-off-by:
-
Andrew Vagin authored
A static test should not change its state during C/R Signed-off-by:
-
Andrew Vagin authored
and call mknod with correct argumetns Signed-off-by:
-
Kirill Tkhai authored
Similar to devtmpfs and devpts, skip binfmt_misc mount if it's not virtual. Signed-off-by:
Kirill Tkhai <ktkhai@odin.com> Acked-by:
-
Pavel Emelyanov authored
V2: Fix the test/Makefile Signed-off-by:
-
- 22 Dec, 2015 9 commits
-
-
Andrei Vagin authored
Signed-off-by:
-
Andrei Vagin authored
Signed-off-by:
-
Andrei Vagin authored
Signed-off-by:
-
Andrew Vagin authored
Signed-off-by:
-
Andrew Vagin authored
A static test should not change its state during C/R. Signed-off-by:
-
Andrew Vagin authored
Signed-off-by:
-
Andrey Vagin authored
Cc: Kirill Tkhai <ktkhai@odin.com> Signed-off-by:
Andrey Vagin <avagin@openvz.org> Signed-off-by:
Kirill Tkhai <ktkhai@virtuozzo.com> Signed-off-by:
-
Cyrill Gorcunov authored
Signed-off-by:
-
Cyrill Gorcunov authored
Should be @child_fd instead of @fd Signed-off-by:
-
