criu/security.c

#include <unistd.h>
#include "crtools.h"
#include "log.h"

static unsigned int dumper_uid = 0;

/*
 * Setup what user is requesting for dump (via rpc or using 
 * suid bit on crtools). Later we would deny to dump/restore 
 * a task, to which the original user doesn't have the direct 
 * access to. (Or implement some trickier security policy).
 */

void restrict_uid(unsigned int uid)
{
	pr_info("Restrict C/R with %u uid\n", uid);
	dumper_uid = uid;
}

bool may_dump_uid(unsigned int uid)
{
	if (dumper_uid == 0)
		return true;
	if (dumper_uid == uid)
		return true;

	pr_err("UID (%u) != dumper's UID(%u)\n", uid, dumper_uid);
	return false;
}
security: Introduce (rather basic) security restrictions for C/R Right now we have an ability to launch the C/R service from root and execure dump requests from unpriviledged users. Not to be bad guys, we deny dumping tasks belonging to user, that cannot be "watched" (traced, read /proc, etc.) by the dumper. In the future we will use this "engine" when launched with suid bit, and (probably) will have more sophisticated policy. Signed-off-by: Pavel Emelyanov <xemul@parallels.com> 2013-09-28 06:16:17 +04:00			`#include <unistd.h>`
			`#include "crtools.h"`
			`#include "log.h"`

			`static unsigned int dumper_uid = 0;`

			`/*`
			`* Setup what user is requesting for dump (via rpc or using`
			`* suid bit on crtools). Later we would deny to dump/restore`
			`* a task, to which the original user doesn't have the direct`
			`* access to. (Or implement some trickier security policy).`
			`*/`

			`void restrict_uid(unsigned int uid)`
			`{`
			`pr_info("Restrict C/R with %u uid\n", uid);`
			`dumper_uid = uid;`
			`}`

			`bool may_dump_uid(unsigned int uid)`
			`{`
			`if (dumper_uid == 0)`
			`return true;`
			`if (dumper_uid == uid)`
			`return true;`

			`pr_err("UID (%u) != dumper's UID(%u)\n", uid, dumper_uid);`
			`return false;`
			`}`