mirror of
https://github.com/checkpoint-restore/criu
synced 2025-08-22 09:58:09 +00:00
f79f4546cf
When in a userns, tasks can't write to certain sysctl files:
(00.009653) 1: Error (sysctl.c:142): Can't open sysctl kernel/hostname: Permission denied
See inline comments for details on affected namespaces.
Mostly for my own education in what is required to port something to be
userns restorable, I ported the sysctl stuff. A potential concern for this
patch is that copying structures with pointers around is kind of gory. I
did it ad-hoc here, but it may be worth inventing some mechanisms to make
it easier, although I'm not sure what exactly that would look like
(potentially re-using some of the protobuf bits; I'll investigate this more
if it looks helpful when doing the cgroup user namespaces port?).
Another issue is that there is not a great way to return non-fd stuff in
memory right now from userns_call; one of the little hacks in this code
would be "simplified" if we invented a way to do this.
v2: coalesce the individual struct sysctl_req requests into one big
sysctl_userns_req that is in a contiguous region of memory so that we
can pass it via userns_call. Hopefully nobody finds my little ascii
diagram too offensive :)
v3: use the fork/setns trick to change the syctl values in the right ns for
IPC/UTS nses; see inline comment for details
v4: only use sysctl_userns_req when actually doing a userns_call.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
72 lines
1.3 KiB
C
72 lines
1.3 KiB
C
#include <unistd.h>
|
|
#include <fcntl.h>
|
|
#include <sys/utsname.h>
|
|
#include <string.h>
|
|
|
|
#include "util.h"
|
|
#include "syscall.h"
|
|
#include "namespaces.h"
|
|
#include "sysctl.h"
|
|
#include "uts_ns.h"
|
|
|
|
#include "protobuf.h"
|
|
#include "protobuf/utsns.pb-c.h"
|
|
|
|
int dump_uts_ns(int ns_id)
|
|
{
|
|
int ret;
|
|
struct cr_img *img;
|
|
struct utsname ubuf;
|
|
UtsnsEntry ue = UTSNS_ENTRY__INIT;
|
|
|
|
img = open_image(CR_FD_UTSNS, O_DUMP, ns_id);
|
|
if (!img)
|
|
return -1;
|
|
|
|
ret = uname(&ubuf);
|
|
if (ret < 0) {
|
|
pr_perror("Error calling uname");
|
|
goto err;
|
|
}
|
|
|
|
ue.nodename = ubuf.nodename;
|
|
ue.domainname = ubuf.domainname;
|
|
|
|
ret = pb_write_one(img, &ue, PB_UTSNS);
|
|
err:
|
|
close_image(img);
|
|
return ret < 0 ? -1 : 0;
|
|
}
|
|
|
|
int prepare_utsns(int pid)
|
|
{
|
|
int ret;
|
|
struct cr_img *img;
|
|
UtsnsEntry *ue;
|
|
struct sysctl_req req[] = {
|
|
{ "kernel/hostname" },
|
|
{ "kernel/domainname" },
|
|
};
|
|
|
|
img = open_image(CR_FD_UTSNS, O_RSTR, pid);
|
|
if (!img)
|
|
return -1;
|
|
|
|
ret = pb_read_one(img, &ue, PB_UTSNS);
|
|
if (ret < 0)
|
|
goto out;
|
|
|
|
req[0].arg = ue->nodename;
|
|
req[0].type = CTL_STR(strlen(ue->nodename));
|
|
req[1].arg = ue->domainname;
|
|
req[1].type = CTL_STR(strlen(ue->domainname));
|
|
|
|
ret = sysctl_op(req, ARRAY_SIZE(req), CTL_WRITE, CLONE_NEWUTS);
|
|
utsns_entry__free_unpacked(ue, NULL);
|
|
out:
|
|
close_image(img);
|
|
return ret;
|
|
}
|
|
|
|
struct ns_desc uts_ns_desc = NS_DESC_ENTRY(CLONE_NEWUTS, "uts");
|