2
0
mirror of https://github.com/checkpoint-restore/criu synced 2025-08-31 06:15:24 +00:00
Commit Graph

5069 Commits

Author SHA1 Message Date
Andrey Vagin
55a7c7a79d test: check descriptors and maps for static tests
tname doesn't contain a test type.

Reported-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-02-13 15:14:56 +03:00
Andrey Vagin
3f23bde548 criu: print correct errno messages from pr_perror()
"%m" can't be used to print strerror(errno), because print_on_level()
calls gettimeofday() which can overwrite errno.

For example:
13486 connect(4, {sa_family=AF_INET, sin_port=htons(8880), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 ENETUNREACH (Network is unreachable)
13486 gettimeofday({1423756664, 717423}, NULL) = 0
13486 open("/etc/localtime", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
13486 write(2, "15:57:44.717:     4: ERR: socket_udp.c:73: Can't connect (errno = 101 (Permission denied))\n", 91) = 91

Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-02-13 15:14:44 +03:00
Pavel Emelyanov
9a392dff3a reg-files: Do not try to linkat with wrong user
We link files to each other at restore time to restore
unlinked paths. Kernel has strange secutiry restrictions
about linkat we use. If the fsuid of the caller doesn't
equals the uid of the file and the file is not "safe"
one, then only global CAP_CHOWN will be allowed to link().

This brings problems in user namespaces -- uns root is
not allowed to linkat any file, unlike global root.

Fortunately, we can change the fsuid temporarily and
still linkat the file we want. Hopefully this hack will
go away some day soon, when the kernel will have saner
checks for linkat capabilities.

Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Andrew Vagin <avagin@parallels.com>
2015-02-13 16:11:38 +04:00
Pavel Emelyanov
ba66b14b9a packet: Get packet_sock_mmap test work in userns
The test uses map_files dir to check for mapping being restored,
while this proc directory is only available for CAP_SYS_ADMIN.

Fix this by checking less strict /proc/pid/maps.

Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-02-13 16:11:38 +04:00
Pavel Emelyanov
364979159f zdtm: Run "ip link set up" after becoming userns root
This allows excluding more userns tests from blacklist.

Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Andrew Vagin <avagin@parallels.com>
2015-02-13 16:11:38 +04:00
Pavel Emelyanov
cdb3684834 zdtm: Exclude from blacklist some tests that now work in userns
The rest partially need more userns_call-s but mostly just don't
work in userns themselves. Need further investigation.

Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Andrew Vagin <avagin@parallels.com>
2015-02-13 16:11:38 +04:00
Pavel Emelyanov
7d482de1ca tty: Restore locked termios with usernsd call
Locked termios require global CAP_SYS_ADMIN. But let's
restore everything for tty in one call since regular
termios depend on locked and it's not nice to do sync
usernsd call for locked only.

Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Andrew Vagin <avagin@parallels.com>
2015-02-13 16:11:38 +04:00
Pavel Emelyanov
26ef786770 fsnotify: Open by handle via userns_call
The syscall in question requires global CAP_DAC_READ_SEARCH.

Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Andrew Vagin <avagin@parallels.com>
2015-02-13 16:11:38 +04:00
Pavel Emelyanov
b63b361c1a sk: Restore sockets bufs via usernsd
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Andrew Vagin <avagin@parallels.com>
2015-02-13 16:11:38 +04:00
Pavel Emelyanov
b8556e8084 usernsd: The way to restore priviledged stuff in userns
We have collected a good set of calls that cannot be done inside
user namespaces, but we need to [1]. Some of them has already
being addressed, like prctl mm bits restore, but some are not.

I'm pretty sceptical about the ability to relax the security
checks on quite a lot of them (e.g. open-by-handle is indeed a
very dangerous operation if allowed to unpriviledged user), so
we need some way to call those things even in user namespaces.

The good news about it its that all the calls I've found operate
on file descriptors this way or another. So if we had a process,
that lived outside of user namespace, we could ask one to do the
high priority operation we need and exchange the affected file
descriptor via unix socket.

So the usernsd is the one doing exactly this. It starts before we
create the user namespace and accepts requests via unix socket.
Clients (the processes we restore) send him the functions they
want to call, the descriptor they want to operate on and the
arguments blob. Optionally, they can request some file descriptor
back after the call.

In non usernamespace case the daemon is not started and the calls
are done right in the requestor's process environment.

In the next patch there's an example of how to use this daemon
to do the priviledged SO_SNDBUFFORCE/_RCVBUFFORCE sockopt on
a socket.

[1] http://criu.org/UserNamespace

Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Andrew Vagin <avagin@openvz.org>
2015-02-13 16:11:38 +04:00
Ruslan Kuprieiev
bb0a6f0cb6 log: chown log to current criu user
User is already able to see it in stdout, so there is no
reason why we should protect it.

Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-02-10 16:54:33 +03:00
Ruslan Kuprieiev
e2c3ad3791 log: chown pidfile to current criu user
If criu run with suid bit set, user should be able
to read pidfiles(i.e. service pidfile).

Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-02-10 16:54:32 +03:00
Ruslan Kuprieiev
09c3f5d0c7 security: add cr_fchown
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-02-10 16:54:31 +03:00
Ruslan Kuprieiev
df301b7eb7 security: create separate security.h header
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-02-10 16:53:54 +03:00
Ruslan Kuprieiev
0b08bcfcad crit: gather and parse arguments in a proper way
This will allow us to easily extend commands that crit
supports, avoiding "--help" confusion.

Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-02-09 14:08:22 +03:00
Saied Kazemi
e3fec5f8eb Ignore mnt_id value for AUFS file descriptors.
Starting with version 3.15, the kernel provides a mnt_id field in
/proc/<pid>/fdinfo/<fd>.  However, the value provided by the kernel for
AUFS file descriptors obtained by opening a file in /proc/<pid>/map_files
is incorrect.

Below is an example for a Docker container running Nginx.  The mntid
program below mimics CRIU by opening a file in /proc/1/map_files and
using the descriptor to obtain its mnt_id.  As shown below, mnt_id is
set to 22 by the kernel but it does not exist in the mount namespace of
the container.  Therefore, CRIU fails with the error:

	"Unable to look up the 22 mount"

In the global namespace, 22 is the root of AUFS (/var/lib/docker/aufs).

This patch sets the mnt_id of these AUFS descriptors to -1, mimicing
pre-3.15 kernel behavior.

	$ docker ps
	CONTAINER ID        IMAGE                    ...
	3850a63ee857        nginx-streaming:latest   ...
	$ docker exec -it 38 bash -i
	root@3850a63ee857:/# ps -e
	  PID TTY          TIME CMD
	    1 ?        00:00:00 nginx
	    7 ?        00:00:00 nginx
	   31 ?        00:00:00 bash
	   46 ?        00:00:00 ps
	root@3850a63ee857:/# ./mntid 1
	open("/proc/1/map_files/400000-4b8000") = 3
	cat /proc/49/fdinfo/3
	pos:	0
	flags:	0100000
	mnt_id:	22
	root@3850a63ee857:/# awk '{print $1 " " $2}' /proc/1/mountinfo
	87 58
	103 87
	104 87
	105 104
	106 104
	107 104
	108 87
	109 87
	110 87
	111 87
	root@3850a63ee857:/# exit
	$ grep 22 /proc/self/mountinfo
	22 21 8:1 /var/lib/docker/aufs /var/lib/docker/aufs ...
	44 22 0:35 / /var/lib/docker/aufs/mnt/<ID> ...
	$

Signed-off-by: Saied Kazemi <saied@google.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-02-09 14:07:40 +03:00
Ruslan Kuprieiev
29673d42a9 travis: add python-ipaddr as a dep
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-02-09 14:07:07 +03:00
Ruslan Kuprieiev
1842e1e0ea test: crit: use --pretty instead of dropped --format
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-02-09 14:06:38 +03:00
Andrey Vagin
aa2d920824 files: use PROC_SELF when a process accesses its /proc/PID
If a process is executed in another pidns, a /proc/PID doesn't link with
the proper process.

This patch fixes a problem like this:
   1: Error (util.c:106): Unable to close fd 33: Bad file descriptor

Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-02-09 14:06:13 +03:00
Pavel Emelyanov
9ebb3738b2 crit: Print IP addresses in pretty mode
There are two places where we store IP addresses (both IPv4 and IPv6).
Mark them with custom option and print them in compressed form for
--pretty output.

Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Ruslan Kuprieiev <kupruser@gmail.com>
2015-01-29 18:47:30 +03:00
Pavel Emelyanov
0d2aeb3581 crit: Get rid of --format option
I plan to mark some fields as IP address and print them respectively.
The --format hex is not nice switch for this and introducing one more
(--format hex ipadd) is too bad.

So let's fix the cirt API to be simple and stupid. By default crit
generates canonical one-line JSON. With --pretty option it splits the
output into lines, adds indentation and prints hex as hex and IP as
IP.

Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Ruslan Kuprieiev <kupruser@gmail.com>
2015-01-29 18:47:13 +03:00
Pavel Emelyanov
46b7f13cf2 zdtm: Ability to run tests starting from a specified one
Can be useful to re-run some tests in case smth failed in the middle

Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Acked-by: Andrew Vagin <avagin@parallels.com>
2015-01-29 18:45:24 +03:00
Ruslan Kuprieiev
b0f40a2726 pycriu: images: treat tcp_stream image extra properly
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-29 18:43:36 +03:00
Ruslan Kuprieiev
90b56c882e travis: add libprotobuf-dev and protobuf-compiler packages for arm
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Acked-by: Andrew Vagin <avagin@parallels.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-28 13:51:49 +03:00
Pavel Emelyanov
1bbc994ccf sysctl: Remove dead CTL_PRINT|_SHOW code
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-27 16:18:27 +03:00
Cyrill Gorcunov
58b3ef0e6f Fix --cpu-cap option parsing, v2
Manage to forgot to increase pointer by length
of the words parsed.

Reported-by: Mark O'Neill <mao@tumblingdice.co.uk>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-27 16:17:12 +03:00
Pavel Emelyanov
8076c4580b check: Do not print "Looks good" message regardless of loglevel
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-27 16:16:01 +03:00
Pavel Emelyanov
efad09285a netlink: Lower collection log level
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-27 16:15:51 +03:00
Pavel Emelyanov
89d9578730 proc: Print parsed fstype for unsupported mounts
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-27 16:15:22 +03:00
Ruslan Kuprieiev
d1d4c018e0 test: rpc: run test as a non-root user
It is nice to have non-root user case covered with tests.

Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Reported-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-27 16:08:14 +03:00
Ruslan Kuprieiev
4d705e7200 test: crit: enhance test process
Use mature technics to organize test process.

Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Reported-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-27 16:07:49 +03:00
Andrey Vagin
692ed6e1f4 protobuf: add [(criu).hex = true] for masks, flags, etc (v2)
v2: fix mm.proto too
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Acked-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-27 16:06:59 +03:00
Ruslan Kuprieiev
fe6255c2c6 test:rpc: add generated files to gitignore
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-27 16:06:19 +03:00
Ruslan Kuprieiev
bb96d80fde test:crit: do cleanup before generating new images
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-27 16:05:43 +03:00
Andrey Vagin
7352e104de zdtm/maps007: wait MAX_DELTA operations before daemonizing
We suppose that the test is not able to exit before this moment.

Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-27 16:05:06 +03:00
Konstantin Khorenko
1f3b76b07a test/*/Makefile: remove bash-isms in loops
Need to make it working in Debian where "dash" is default.

Signed-off-by: Konstantin Khorenko <khorenko@parallels.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-26 20:13:20 +03:00
Pavel Emelyanov
c9b6614eef proc: Remove now pointless debug
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-26 15:05:32 +03:00
Pavel Emelyanov
9ffc19b307 kerndat: Mark get_last_cap static
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-23 20:19:09 +03:00
Andrey Vagin
71f5542e00 test/Makefile: clean zdtm-tst-list
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-23 15:40:25 +03:00
Andrey Vagin
34cb2d23f2 zdtm: define _GNU_SOURCE for zdtm_ct
zdtm_ct.c:19:14: error: ‘CLONE_NEWNS’ undeclared (first use in this function)
  if (unshare(CLONE_NEWNS | CLONE_NEWPID | CLONE_NEWNET | CLONE_NEWIPC))

Reported-by: Mr Jenkins
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-23 15:40:12 +03:00
Andrey Vagin
4dbc3f093a sockets: define NETLINK_SOCK_DIAG in sockets.h
sockets.c: In function ‘preload_socket_modules’:
sockets.c:153:36: error: ‘NETLINK_SOCK_DIAG’ undeclared (first use in this function)
sockets.c:153:36: note: each undeclared identifier is reported only once for each function it appears in

Reported-by: Mr Travis
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-23 15:40:02 +03:00
Andrey Vagin
cb3984844b zdtm.sh: don't generate a test list if a test is specified
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-23 14:47:33 +03:00
Andrey Vagin
e636a226c8 zdtm.sh: add ns/static/aio00, ns/static/timerfd
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-23 14:47:32 +03:00
Andrey Vagin
ca97fed57b zdtm: generate a test list only once
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-23 14:46:29 +03:00
Andrey Vagin
2a8ab28924 zdtm.sh: don't add static/aio00 twice
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-23 14:44:59 +03:00
Andrey Vagin
ba4713d383 zdtm.sh: don't allow anyone to print on stdout
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-23 14:44:53 +03:00
Andrey Vagin
b9466e8114 image: fix compilation
inlcude util.h

Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-22 20:31:39 +03:00
Andrey Vagin
f3bf749b2b test: add the crit test in the test list
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Acked-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-22 18:59:11 +03:00
Ruslan Kuprieiev
85089ed359 travis: add protobuf-compiler
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-22 18:58:38 +03:00
Ruslan Kuprieiev
0dc9c9837f pycriu: images: pb2dict: don't forget to throw an exception, if field has unsupported type
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-01-22 18:58:06 +03:00