mirror of
https://github.com/checkpoint-restore/criu
synced 2025-08-30 05:48:05 +00:00
6cf2906b0a
This confirms that the fix to handle dumpable flag set to 2 still works after restore. To force dumpable flag set to 0 or 2 (whatever the fs.suid_dumpable is set to), chmod the test binary to 0111 (executable, but not readable) and execv() it while running as non-root. The kernel will unset the dumpable flag to prevent a core dump or ptrace to giving the user access to the pages of the binary (which are supposedly not readable by that user.) Tested: - # test/zdtm.sh static/dumpable02 Test: zdtm/live/static/dumpable02, Result: PASS - # test/zdtm.sh ns/static/dumpable02 Test: zdtm/live/static/dumpable02, Result: PASS - Used -DDEBUG to confirm the value of the dumpable flag was 0 or 2 to match the fs.suid_dumpable sysctl in the tests (both in and out of namespaces.) - Confirmed that the test fails if the commit that fixes handling of dumpable flag with value 2 is reverted and the fs.suid_dumpable sysctl is set to 2. Signed-off-by: Filipe Brandenburger <filbranden@google.com> Acked-by: Andrew Vagin <avagin@parallels.com> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
criu ==== An utility to checkpoint/restore tasks. Using this tool, you can freeze a running application (or part of it) and checkpoint it to a hard drive as a collection of files. You can then use the files to restore and run the application from the point it was frozen at. The distinctive feature of the CRIU project is that it is mainly implemented in user space. The project home is at http://criu.org Pages worth starting with are * Kernel configuration, compilation, etc: http://criu.org/Installation * A simple example of usage: http://criu.org/Simple_loop * More sophisticated example with graphical app: http://criu.org/VNC