As it was reported, some systems don't use /etc/passwd.
On such systems getpwuid fails with undefined errno(see getpwuid(3))
not allowing criu to restrict ids with user additional groups.
Luckily, on such systems criu is run as root, so we can
just skip obtaining additional groups, as they don't matter
for root.
Reported-by: Christopher Covington <cov@codeaurora.org>
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Tested-by: Christopher Covington <cov@codeaurora.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Currently check_ids is used to check uids only. So lets rename it
and drop crid argument, as we can use cr_uid directly.
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Currently, we only check if process gids match primary gid of user.
But process and user have additional groups too. So lets:
1) check that process rgid,egid and sgid are in the user's grouplist.
2) on restore check that user has all groups from the images.
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
We have a mess of uintX_t and uX usage. Drop off uintX_t ones.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Acked-by: Andrew Vagin <avagin@parallels.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Remove whitespace at EOL (found by git grep ' $')
To people using vim, I'd suggest adding the following code to ~/.vimrc:
let c_space_errors = 1
highlight FormatError ctermbg=darkred guibg=darkred
match FormatError /\s\+$\|\ \+\t\|\%80v.\|\ \{8\}/
Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
There can be a more sophisticated security policy, but right now
generic non-root user doesn't have any bits in there, so requiring
them to be zero is a sane starting point.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
When dumping/restoring for unpriveledged user, check for all
sets of IDs to match, just like ptrace-may-attach in the kernel.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
It's not enough to check only uids on dump and restore -- we need to
check e-ids and s-ids now (and caps in the future).
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
v2: remove redundant functions and variables.
Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Right now we have an ability to launch the C/R service from root
and execure dump requests from unpriviledged users. Not to be bad
guys, we deny dumping tasks belonging to user, that cannot be
"watched" (traced, read /proc, etc.) by the dumper.
In the future we will use this "engine" when launched with suid
bit, and (probably) will have more sophisticated policy.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
