[3/3] criu: Restore anonymized images(file paths)

Submitted by Harshavardhan Unnibhavi on Sept. 20, 2019, 8:15 a.m.

Details

Message ID 20190920081522.9591-4-hvubfoss@gmail.com
State New
Series "Issue 360: Anonymize image files"
Headers show

Commit Message

Harshavardhan Unnibhavi Sept. 20, 2019, 8:15 a.m.
This commit restores anonymized images containing their file paths
maximized.

This commit introduces the following:
  - anon option for the restore action.

This commit modifies the following:
  - pretend anonymized files in question are opened.

Resolve Issue #360.

Signed-off-by: Harshavardhan Unnibhavi <hvubfoss@gmail.com>
---
 criu/config.c             |  5 +++++
 criu/cr-restore.c         |  5 +++++
 criu/files-reg.c          | 12 ++++++++++--
 criu/files.c              |  4 ++--
 criu/include/cr_options.h |  1 +
 criu/include/restorer.h   |  1 +
 criu/pie/restorer.c       |  4 ++--
 7 files changed, 26 insertions(+), 6 deletions(-)

Patch hide | download patch | download mbox

diff --git a/criu/config.c b/criu/config.c
index c9332203..7881f70d 100644
--- a/criu/config.c
+++ b/criu/config.c
@@ -276,6 +276,7 @@  void init_opts(void)
 	opts.empty_ns = 0;
 	opts.status_fd = -1;
 	opts.log_level = DEFAULT_LOGLEVEL;
+	opts.anonymize = false;
 }
 
 bool deprecated_ok(char *what)
@@ -455,6 +456,7 @@  int parse_options(int argc, char **argv, bool *usage_error,
 		{ "root",			required_argument,	0, 'r'	},
 		{ USK_EXT_PARAM,		optional_argument,	0, 'x'	},
 		{ "help",			no_argument,		0, 'h'	},
+		{ "anon",                       no_argument,            0, 'a'  },
 		BOOL_OPT(SK_EST_PARAM, &opts.tcp_established_ok),
 		{ "close",			required_argument,	0, 1043	},
 		BOOL_OPT("log-pid", &opts.log_file_per_pid),
@@ -575,6 +577,9 @@  int parse_options(int argc, char **argv, bool *usage_error,
 			continue;
 
 		switch (opt) {
+		case 'a':
+			opts.anonymize = true;
+			break;
 		case 's':
 			opts.final_state = TASK_STOPPED;
 			break;
diff --git a/criu/cr-restore.c b/criu/cr-restore.c
index de0b2cb4..05896ab0 100644
--- a/criu/cr-restore.c
+++ b/criu/cr-restore.c
@@ -882,6 +882,9 @@  static int restore_one_alive_task(int pid, CoreEntry *core)
 
 	memzero(ta, args_len);
 
+	if(opts.anonymize)
+		ta->anonymize = true;
+
 	if (prepare_fds(current))
 		return -1;
 
@@ -2268,6 +2271,8 @@  skip_ns_bouncing:
 		goto out_kill;
 
 	pr_info("Restore finished successfully. Resuming tasks.\n");
+	if(opts.anonymize)
+		return 0;
 	__restore_switch_stage(CR_STATE_COMPLETE);
 
 	if (ret == 0)
diff --git a/criu/files-reg.c b/criu/files-reg.c
index 1b51d108..a3a2396d 100644
--- a/criu/files-reg.c
+++ b/criu/files-reg.c
@@ -1745,14 +1745,14 @@  ext:
 			return -1;
 		}
 
-		if (rfi->rfe->has_size && (st.st_size != rfi->rfe->size)) {
+		if (rfi->rfe->has_size && (st.st_size != rfi->rfe->size) && (!opts.anonymize)) {
 			pr_err("File %s has bad size %"PRIu64" (expect %"PRIu64")\n",
 					rfi->path, st.st_size,
 					rfi->rfe->size);
 			return -1;
 		}
 
-		if (rfi->rfe->has_mode && (st.st_mode != rfi->rfe->mode)) {
+		if (rfi->rfe->has_mode && (st.st_mode != rfi->rfe->mode) && (!opts.anonymize)) {
 			pr_err("File %s has bad mode 0%o (expect 0%o)\n",
 			       rfi->path, (int)st.st_mode,
 			       rfi->rfe->mode);
@@ -1793,6 +1793,14 @@  int do_open_reg_noseek_flags(int ns_root_fd, struct reg_file_info *rfi, void *ar
 	flags &= ~O_TMPFILE;
 
 	fd = openat(ns_root_fd, rfi->path, flags);
+	if(opts.anonymize){
+		fd = openat(ns_root_fd, "/dev/zero", flags);
+		if(fd < 0){
+			pr_perror("Unable to create a fake file descriptor");
+			return fd;
+		}
+		pr_info("Restoring anonymized file paths.\n");
+	}
 	if (fd < 0) {
 		pr_perror("Can't open file %s on restore", rfi->path);
 		return fd;
diff --git a/criu/files.c b/criu/files.c
index ffdaa459..a7e76247 100644
--- a/criu/files.c
+++ b/criu/files.c
@@ -1313,7 +1313,7 @@  static int fchroot(int fd)
 	 * it using fchdir()
 	 */
 
-	if (fchdir(fd) < 0) {
+	if (fchdir(fd) < 0 && !(opts.anonymize)) {
 		pr_perror("Can't chdir to proc");
 		return -1;
 	}
@@ -1356,7 +1356,7 @@  int restore_fs(struct pstree_item *me)
 	}
 
 	ret = fchdir(dd_cwd);
-	if (ret < 0) {
+	if (ret < 0 && !(opts.anonymize)) {
 		pr_perror("Can't change cwd");
 		goto out;
 	}
diff --git a/criu/include/cr_options.h b/criu/include/cr_options.h
index 5cbc56f9..516624a3 100644
--- a/criu/include/cr_options.h
+++ b/criu/include/cr_options.h
@@ -112,6 +112,7 @@  struct cr_options {
 	int			enable_external_masters;
 	bool			aufs;		/* auto-detected, not via cli */
 	bool			overlayfs;
+	bool                    anonymize;
 #ifdef CONFIG_BINFMT_MISC_VIRTUALIZED
 	bool			has_binfmt_misc; /* auto-detected */
 #endif
diff --git a/criu/include/restorer.h b/criu/include/restorer.h
index b93807f5..203b1153 100644
--- a/criu/include/restorer.h
+++ b/criu/include/restorer.h
@@ -136,6 +136,7 @@  struct task_restore_args {
 
 	int				uffd;
 	bool				has_thp_enabled;
+	bool                            anonymize;
 
 	/* threads restoration */
 	int				nr_threads;		/* number of threads */
diff --git a/criu/pie/restorer.c b/criu/pie/restorer.c
index 390c0e1a..87c8ed4a 100644
--- a/criu/pie/restorer.c
+++ b/criu/pie/restorer.c
@@ -1719,12 +1719,12 @@  long __export_restore_task(struct task_restore_args *args)
 		 */
 		ret |= restore_self_exe_late(args);
 	} else {
-		if (ret)
+		if (ret && !(args->anonymize))
 			pr_err("sys_prctl(PR_SET_MM, PR_SET_MM_MAP) failed with %d\n", (int)ret);
 		sys_close(args->fd_exe_link);
 	}
 
-	if (ret)
+	if (ret && !(args->anonymize))
 		goto core_restore_end;
 
 	/* SELinux (1) process context needs to be set before creating threads. */

Comments

Pavel Emelianov Sept. 23, 2019, 10:09 a.m.
On 20.09.2019 11:15, Harshavardhan Unnibhavi wrote:
> This commit restores anonymized images containing their file paths
> maximized.
> 
> This commit introduces the following:
>    - anon option for the restore action.
> 
> This commit modifies the following:
>    - pretend anonymized files in question are opened.
> 
> Resolve Issue #360.
> 
> Signed-off-by: Harshavardhan Unnibhavi <hvubfoss@gmail.com>
> ---
>   criu/config.c             |  5 +++++
>   criu/cr-restore.c         |  5 +++++
>   criu/files-reg.c          | 12 ++++++++++--
>   criu/files.c              |  4 ++--
>   criu/include/cr_options.h |  1 +
>   criu/include/restorer.h   |  1 +
>   criu/pie/restorer.c       |  4 ++--
>   7 files changed, 26 insertions(+), 6 deletions(-)
> 
> diff --git a/criu/config.c b/criu/config.c
> index c9332203..7881f70d 100644
> --- a/criu/config.c
> +++ b/criu/config.c
> @@ -276,6 +276,7 @@ void init_opts(void)
>   	opts.empty_ns = 0;
>   	opts.status_fd = -1;
>   	opts.log_level = DEFAULT_LOGLEVEL;
> +	opts.anonymize = false;
>   }
>   
>   bool deprecated_ok(char *what)
> @@ -455,6 +456,7 @@ int parse_options(int argc, char **argv, bool *usage_error,
>   		{ "root",			required_argument,	0, 'r'	},
>   		{ USK_EXT_PARAM,		optional_argument,	0, 'x'	},
>   		{ "help",			no_argument,		0, 'h'	},
> +		{ "anon",                       no_argument,            0, 'a'  },
>   		BOOL_OPT(SK_EST_PARAM, &opts.tcp_established_ok),
>   		{ "close",			required_argument,	0, 1043	},
>   		BOOL_OPT("log-pid", &opts.log_file_per_pid),
> @@ -575,6 +577,9 @@ int parse_options(int argc, char **argv, bool *usage_error,
>   			continue;
>   
>   		switch (opt) {
> +		case 'a':
> +			opts.anonymize = true;
> +			break;
>   		case 's':
>   			opts.final_state = TASK_STOPPED;
>   			break;
> diff --git a/criu/cr-restore.c b/criu/cr-restore.c
> index de0b2cb4..05896ab0 100644
> --- a/criu/cr-restore.c
> +++ b/criu/cr-restore.c
> @@ -882,6 +882,9 @@ static int restore_one_alive_task(int pid, CoreEntry *core)
>   
>   	memzero(ta, args_len);
>   
> +	if(opts.anonymize)
> +		ta->anonymize = true;
> +
>   	if (prepare_fds(current))
>   		return -1;
>   
> @@ -2268,6 +2271,8 @@ skip_ns_bouncing:
>   		goto out_kill;
>   
>   	pr_info("Restore finished successfully. Resuming tasks.\n");
> +	if(opts.anonymize)
> +		return 0;

Presumably you should abort the stage so that "restored" tasks die?
Also, a message about "aborting restore due to --anon given" is also needed.

>   	__restore_switch_stage(CR_STATE_COMPLETE);
>   
>   	if (ret == 0)
> diff --git a/criu/files-reg.c b/criu/files-reg.c
> index 1b51d108..a3a2396d 100644
> --- a/criu/files-reg.c
> +++ b/criu/files-reg.c
> @@ -1745,14 +1745,14 @@ ext:
>   			return -1;
>   		}
>   
> -		if (rfi->rfe->has_size && (st.st_size != rfi->rfe->size)) {
> +		if (rfi->rfe->has_size && (st.st_size != rfi->rfe->size) && (!opts.anonymize)) {
>   			pr_err("File %s has bad size %"PRIu64" (expect %"PRIu64")\n",
>   					rfi->path, st.st_size,
>   					rfi->rfe->size);
>   			return -1;
>   		}
>   
> -		if (rfi->rfe->has_mode && (st.st_mode != rfi->rfe->mode)) {
> +		if (rfi->rfe->has_mode && (st.st_mode != rfi->rfe->mode) && (!opts.anonymize)) {
>   			pr_err("File %s has bad mode 0%o (expect 0%o)\n",
>   			       rfi->path, (int)st.st_mode,
>   			       rfi->rfe->mode);

The whole block with stat()-ing and size/mode checking can be skipped if opts.anonymize.

> @@ -1793,6 +1793,14 @@ int do_open_reg_noseek_flags(int ns_root_fd, struct reg_file_info *rfi, void *ar
>   	flags &= ~O_TMPFILE;
>   
>   	fd = openat(ns_root_fd, rfi->path, flags);
> +	if(opts.anonymize){

Plz, check the patch with checkpatch.pl for coding style.

> +		fd = openat(ns_root_fd, "/dev/zero", flags);

Erm... The original fd has been opened, hasn't it? I think it's better to fix
the do_open_reg_noseek() to open /dev/zero in case of opts.anonymize, not this helper.

> +		if(fd < 0){
> +			pr_perror("Unable to create a fake file descriptor");
> +			return fd;
> +		}
> +		pr_info("Restoring anonymized file paths.\n");
> +	}
>   	if (fd < 0) {
>   		pr_perror("Can't open file %s on restore", rfi->path);
>   		return fd;
> diff --git a/criu/files.c b/criu/files.c
> index ffdaa459..a7e76247 100644
> --- a/criu/files.c
> +++ b/criu/files.c
> @@ -1313,7 +1313,7 @@ static int fchroot(int fd)
>   	 * it using fchdir()
>   	 */
>   
> -	if (fchdir(fd) < 0) {
> +	if (fchdir(fd) < 0 && !(opts.anonymize)) {
>   		pr_perror("Can't chdir to proc");
>   		return -1;
>   	}
> @@ -1356,7 +1356,7 @@ int restore_fs(struct pstree_item *me)
>   	}
>   
>   	ret = fchdir(dd_cwd);
> -	if (ret < 0) {
> +	if (ret < 0 && !(opts.anonymize)) {
>   		pr_perror("Can't change cwd");
>   		goto out;
>   	}
> diff --git a/criu/include/cr_options.h b/criu/include/cr_options.h
> index 5cbc56f9..516624a3 100644
> --- a/criu/include/cr_options.h
> +++ b/criu/include/cr_options.h
> @@ -112,6 +112,7 @@ struct cr_options {
>   	int			enable_external_masters;
>   	bool			aufs;		/* auto-detected, not via cli */
>   	bool			overlayfs;
> +	bool                    anonymize;
>   #ifdef CONFIG_BINFMT_MISC_VIRTUALIZED
>   	bool			has_binfmt_misc; /* auto-detected */
>   #endif
> diff --git a/criu/include/restorer.h b/criu/include/restorer.h
> index b93807f5..203b1153 100644
> --- a/criu/include/restorer.h
> +++ b/criu/include/restorer.h
> @@ -136,6 +136,7 @@ struct task_restore_args {
>   
>   	int				uffd;
>   	bool				has_thp_enabled;
> +	bool                            anonymize;
>   
>   	/* threads restoration */
>   	int				nr_threads;		/* number of threads */
> diff --git a/criu/pie/restorer.c b/criu/pie/restorer.c
> index 390c0e1a..87c8ed4a 100644
> --- a/criu/pie/restorer.c
> +++ b/criu/pie/restorer.c
> @@ -1719,12 +1719,12 @@ long __export_restore_task(struct task_restore_args *args)
>   		 */
>   		ret |= restore_self_exe_late(args);
>   	} else {
> -		if (ret)
> +		if (ret && !(args->anonymize))
>   			pr_err("sys_prctl(PR_SET_MM, PR_SET_MM_MAP) failed with %d\n", (int)ret);
>   		sys_close(args->fd_exe_link);
>   	}
>   
> -	if (ret)
> +	if (ret && !(args->anonymize))
>   		goto core_restore_end;
>   
>   	/* SELinux (1) process context needs to be set before creating threads. */
>
Harshavardhan Unnibhavi Sept. 23, 2019, 10:30 a.m.
On Mon, Sep 23, 2019 at 3:39 PM Pavel Emelianov <xemul@virtuozzo.com> wrote:

>
>
> On 20.09.2019 11:15, Harshavardhan Unnibhavi wrote:
> > This commit restores anonymized images containing their file paths
> > maximized.
> >
> > This commit introduces the following:
> >    - anon option for the restore action.
> >
> > This commit modifies the following:
> >    - pretend anonymized files in question are opened.
> >
> > Resolve Issue #360.
> >
> > Signed-off-by: Harshavardhan Unnibhavi <hvubfoss@gmail.com>
> > ---
> >   criu/config.c             |  5 +++++
> >   criu/cr-restore.c         |  5 +++++
> >   criu/files-reg.c          | 12 ++++++++++--
> >   criu/files.c              |  4 ++--
> >   criu/include/cr_options.h |  1 +
> >   criu/include/restorer.h   |  1 +
> >   criu/pie/restorer.c       |  4 ++--
> >   7 files changed, 26 insertions(+), 6 deletions(-)
> >
> > diff --git a/criu/config.c b/criu/config.c
> > index c9332203..7881f70d 100644
> > --- a/criu/config.c
> > +++ b/criu/config.c
> > @@ -276,6 +276,7 @@ void init_opts(void)
> >       opts.empty_ns = 0;
> >       opts.status_fd = -1;
> >       opts.log_level = DEFAULT_LOGLEVEL;
> > +     opts.anonymize = false;
> >   }
> >
> >   bool deprecated_ok(char *what)
> > @@ -455,6 +456,7 @@ int parse_options(int argc, char **argv, bool
> *usage_error,
> >               { "root",                       required_argument,      0,
> 'r'  },
> >               { USK_EXT_PARAM,                optional_argument,      0,
> 'x'  },
> >               { "help",                       no_argument,            0,
> 'h'  },
> > +             { "anon",                       no_argument,            0,
> 'a'  },
> >               BOOL_OPT(SK_EST_PARAM, &opts.tcp_established_ok),
> >               { "close",                      required_argument,      0,
> 1043 },
> >               BOOL_OPT("log-pid", &opts.log_file_per_pid),
> > @@ -575,6 +577,9 @@ int parse_options(int argc, char **argv, bool
> *usage_error,
> >                       continue;
> >
> >               switch (opt) {
> > +             case 'a':
> > +                     opts.anonymize = true;
> > +                     break;
> >               case 's':
> >                       opts.final_state = TASK_STOPPED;
> >                       break;
> > diff --git a/criu/cr-restore.c b/criu/cr-restore.c
> > index de0b2cb4..05896ab0 100644
> > --- a/criu/cr-restore.c
> > +++ b/criu/cr-restore.c
> > @@ -882,6 +882,9 @@ static int restore_one_alive_task(int pid, CoreEntry
> *core)
> >
> >       memzero(ta, args_len);
> >
> > +     if(opts.anonymize)
> > +             ta->anonymize = true;
> > +
> >       if (prepare_fds(current))
> >               return -1;
> >
> > @@ -2268,6 +2271,8 @@ skip_ns_bouncing:
> >               goto out_kill;
> >
> >       pr_info("Restore finished successfully. Resuming tasks.\n");
> > +     if(opts.anonymize)
> > +             return 0;
>
> Presumably you should abort the stage so that "restored" tasks die?
>
How would I do this? Using sigreturn( rst_sigreturn(new_sp, rt_sigframe) )
or a sys_exit()?

Also, a message about "aborting restore due to --anon given" is also needed.
>
Sure.

>
> >       __restore_switch_stage(CR_STATE_COMPLETE);
> >
> >       if (ret == 0)
> > diff --git a/criu/files-reg.c b/criu/files-reg.c
> > index 1b51d108..a3a2396d 100644
> > --- a/criu/files-reg.c
> > +++ b/criu/files-reg.c
> > @@ -1745,14 +1745,14 @@ ext:
> >                       return -1;
> >               }
> >
> > -             if (rfi->rfe->has_size && (st.st_size != rfi->rfe->size)) {
> > +             if (rfi->rfe->has_size && (st.st_size != rfi->rfe->size)
> && (!opts.anonymize)) {
> >                       pr_err("File %s has bad size %"PRIu64" (expect
> %"PRIu64")\n",
> >                                       rfi->path, st.st_size,
> >                                       rfi->rfe->size);
> >                       return -1;
> >               }
> >
> > -             if (rfi->rfe->has_mode && (st.st_mode != rfi->rfe->mode)) {
> > +             if (rfi->rfe->has_mode && (st.st_mode != rfi->rfe->mode)
> && (!opts.anonymize)) {
> >                       pr_err("File %s has bad mode 0%o (expect 0%o)\n",
> >                              rfi->path, (int)st.st_mode,
> >                              rfi->rfe->mode);
>
> The whole block with stat()-ing and size/mode checking can be skipped if
> opts.anonymize.
>
> > @@ -1793,6 +1793,14 @@ int do_open_reg_noseek_flags(int ns_root_fd,
> struct reg_file_info *rfi, void *ar
> >       flags &= ~O_TMPFILE;
> >
> >       fd = openat(ns_root_fd, rfi->path, flags);
> > +     if(opts.anonymize){
>
> Plz, check the patch with checkpatch.pl for coding style.
>
> > +             fd = openat(ns_root_fd, "/dev/zero", flags);
>
> Erm... The original fd has been opened, hasn't it? I think it's better to
> fix
> the do_open_reg_noseek() to open /dev/zero in case of opts.anonymize, not
> this helper.

Yes this makes more sense, I will change it.

>
>
> +             if(fd < 0){
> > +                     pr_perror("Unable to create a fake file
> descriptor");
> > +                     return fd;
> > +             }
> > +             pr_info("Restoring anonymized file paths.\n");
> > +     }
> >       if (fd < 0) {
> >               pr_perror("Can't open file %s on restore", rfi->path);
> >               return fd;
> > diff --git a/criu/files.c b/criu/files.c
> > index ffdaa459..a7e76247 100644
> > --- a/criu/files.c
> > +++ b/criu/files.c
> > @@ -1313,7 +1313,7 @@ static int fchroot(int fd)
> >        * it using fchdir()
> >        */
> >
> > -     if (fchdir(fd) < 0) {
> > +     if (fchdir(fd) < 0 && !(opts.anonymize)) {
> >               pr_perror("Can't chdir to proc");
> >               return -1;
> >       }
> > @@ -1356,7 +1356,7 @@ int restore_fs(struct pstree_item *me)
> >       }
> >
> >       ret = fchdir(dd_cwd);
> > -     if (ret < 0) {
> > +     if (ret < 0 && !(opts.anonymize)) {
> >               pr_perror("Can't change cwd");
> >               goto out;
> >       }
> > diff --git a/criu/include/cr_options.h b/criu/include/cr_options.h
> > index 5cbc56f9..516624a3 100644
> > --- a/criu/include/cr_options.h
> > +++ b/criu/include/cr_options.h
> > @@ -112,6 +112,7 @@ struct cr_options {
> >       int                     enable_external_masters;
> >       bool                    aufs;           /* auto-detected, not via
> cli */
> >       bool                    overlayfs;
> > +     bool                    anonymize;
> >   #ifdef CONFIG_BINFMT_MISC_VIRTUALIZED
> >       bool                    has_binfmt_misc; /* auto-detected */
> >   #endif
> > diff --git a/criu/include/restorer.h b/criu/include/restorer.h
> > index b93807f5..203b1153 100644
> > --- a/criu/include/restorer.h
> > +++ b/criu/include/restorer.h
> > @@ -136,6 +136,7 @@ struct task_restore_args {
> >
> >       int                             uffd;
> >       bool                            has_thp_enabled;
> > +     bool                            anonymize;
> >
> >       /* threads restoration */
> >       int                             nr_threads;             /* number
> of threads */
> > diff --git a/criu/pie/restorer.c b/criu/pie/restorer.c
> > index 390c0e1a..87c8ed4a 100644
> > --- a/criu/pie/restorer.c
> > +++ b/criu/pie/restorer.c
> > @@ -1719,12 +1719,12 @@ long __export_restore_task(struct
> task_restore_args *args)
> >                */
> >               ret |= restore_self_exe_late(args);
> >       } else {
> > -             if (ret)
> > +             if (ret && !(args->anonymize))
> >                       pr_err("sys_prctl(PR_SET_MM, PR_SET_MM_MAP) failed
> with %d\n", (int)ret);
> >               sys_close(args->fd_exe_link);
> >       }
> >
> > -     if (ret)
> > +     if (ret && !(args->anonymize))
> >               goto core_restore_end;
> >
> >       /* SELinux (1) process context needs to be set before creating
> threads. */
> >
>
Pavel Emelianov Sept. 23, 2019, 10:32 a.m.
On 23.09.2019 13:30, Harshavardhan Unnibhavi wrote:
> 
> 
> On Mon, Sep 23, 2019 at 3:39 PM Pavel Emelianov <xemul@virtuozzo.com <mailto:xemul@virtuozzo.com>> wrote:
> 
> 
> 
>     On 20.09.2019 11:15, Harshavardhan Unnibhavi wrote:
>      > This commit restores anonymized images containing their file paths
>      > maximized.
>      >
>      > This commit introduces the following:
>      >    - anon option for the restore action.
>      >
>      > This commit modifies the following:
>      >    - pretend anonymized files in question are opened.
>      >
>      > Resolve Issue #360.
>      >
>      > Signed-off-by: Harshavardhan Unnibhavi <hvubfoss@gmail.com <mailto:hvubfoss@gmail.com>>
>      > ---
>      >   criu/config.c             |  5 +++++
>      >   criu/cr-restore.c         |  5 +++++
>      >   criu/files-reg.c          | 12 ++++++++++--
>      >   criu/files.c              |  4 ++--
>      >   criu/include/cr_options.h |  1 +
>      >   criu/include/restorer.h   |  1 +
>      >   criu/pie/restorer.c       |  4 ++--
>      >   7 files changed, 26 insertions(+), 6 deletions(-)
>      >
>      > diff --git a/criu/config.c b/criu/config.c
>      > index c9332203..7881f70d 100644
>      > --- a/criu/config.c
>      > +++ b/criu/config.c
>      > @@ -276,6 +276,7 @@ void init_opts(void)
>      >       opts.empty_ns = 0;
>      >       opts.status_fd = -1;
>      >       opts.log_level = DEFAULT_LOGLEVEL;
>      > +     opts.anonymize = false;
>      >   }
>      >
>      >   bool deprecated_ok(char *what)
>      > @@ -455,6 +456,7 @@ int parse_options(int argc, char **argv, bool *usage_error,
>      >               { "root",                       required_argument,      0, 'r'  },
>      >               { USK_EXT_PARAM,                optional_argument,      0, 'x'  },
>      >               { "help",                       no_argument,            0, 'h'  },
>      > +             { "anon",                       no_argument,            0, 'a'  },
>      >               BOOL_OPT(SK_EST_PARAM, &opts.tcp_established_ok),
>      >               { "close",                      required_argument,      0, 1043 },
>      >               BOOL_OPT("log-pid", &opts.log_file_per_pid),
>      > @@ -575,6 +577,9 @@ int parse_options(int argc, char **argv, bool *usage_error,
>      >                       continue;
>      >
>      >               switch (opt) {
>      > +             case 'a':
>      > +                     opts.anonymize = true;
>      > +                     break;
>      >               case 's':
>      >                       opts.final_state = TASK_STOPPED;
>      >                       break;
>      > diff --git a/criu/cr-restore.c b/criu/cr-restore.c
>      > index de0b2cb4..05896ab0 100644
>      > --- a/criu/cr-restore.c
>      > +++ b/criu/cr-restore.c
>      > @@ -882,6 +882,9 @@ static int restore_one_alive_task(int pid, CoreEntry *core)
>      >
>      >       memzero(ta, args_len);
>      >
>      > +     if(opts.anonymize)
>      > +             ta->anonymize = true;
>      > +
>      >       if (prepare_fds(current))
>      >               return -1;
>      >
>      > @@ -2268,6 +2271,8 @@ skip_ns_bouncing:
>      >               goto out_kill;
>      >
>      >       pr_info("Restore finished successfully. Resuming tasks.\n");
>      > +     if(opts.anonymize)
>      > +             return 0;
> 
>     Presumably you should abort the stage so that "restored" tasks die?
> 
> How would I do this? Using sigreturn( rst_sigreturn(new_sp, rt_sigframe) ) or a sys_exit()?

         __restore_switch_stage(CR_STATE_FAIL);

>     Also, a message about "aborting restore due to --anon given" is also needed.
> 
> Sure.
> 
> 
>      >       __restore_switch_stage(CR_STATE_COMPLETE);
>      >
>      >       if (ret == 0)
>      > diff --git a/criu/files-reg.c b/criu/files-reg.c
>      > index 1b51d108..a3a2396d 100644
>      > --- a/criu/files-reg.c
>      > +++ b/criu/files-reg.c
>      > @@ -1745,14 +1745,14 @@ ext:
>      >                       return -1;
>      >               }
>      >
>      > -             if (rfi->rfe->has_size && (st.st_size != rfi->rfe->size)) {
>      > +             if (rfi->rfe->has_size && (st.st_size != rfi->rfe->size) && (!opts.anonymize)) {
>      >                       pr_err("File %s has bad size %"PRIu64" (expect %"PRIu64")\n",
>      >                                       rfi->path, st.st_size,
>      >                                       rfi->rfe->size);
>      >                       return -1;
>      >               }
>      >
>      > -             if (rfi->rfe->has_mode && (st.st_mode != rfi->rfe->mode)) {
>      > +             if (rfi->rfe->has_mode && (st.st_mode != rfi->rfe->mode) && (!opts.anonymize)) {
>      >                       pr_err("File %s has bad mode 0%o (expect 0%o)\n",
>      >                              rfi->path, (int)st.st_mode,
>      >                              rfi->rfe->mode);
> 
>     The whole block with stat()-ing and size/mode checking can be skipped if opts.anonymize.
> 
>      > @@ -1793,6 +1793,14 @@ int do_open_reg_noseek_flags(int ns_root_fd, struct reg_file_info *rfi, void *ar
>      >       flags &= ~O_TMPFILE;
>      >
>      >       fd = openat(ns_root_fd, rfi->path, flags);
>      > +     if(opts.anonymize){
> 
>     Plz, check the patch with checkpatch.pl <http://checkpatch.pl> for coding style.
> 
>      > +             fd = openat(ns_root_fd, "/dev/zero", flags);
> 
>     Erm... The original fd has been opened, hasn't it? I think it's better to fix
>     the do_open_reg_noseek() to open /dev/zero in case of opts.anonymize, not this helper.
> 
> Yes this makes more sense, I will change it.

Awesome!

-- Pavel