[3/3] rst: No creds restore for unpriviledged

Submitted by Pavel Emelianov on May 5, 2016, 8:31 p.m.

Details

Message ID 572BAD9E.7020507@virtuozzo.com
State Accepted
Series "unshare: Userns support"
Commit 2d748b43e64525d4df33e7c6c8ab911ce0dae074
Headers show

Commit Message

Pavel Emelianov May 5, 2016, 8:31 p.m.
When restoring in user mode no need in restoring the creds,
kernel won't allow.

Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
---
 criu/cr-restore.c   | 4 +++-
 criu/pie/restorer.c | 5 +++++
 2 files changed, 8 insertions(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/criu/cr-restore.c b/criu/cr-restore.c
index 797669d..b2367e0 100644
--- a/criu/cr-restore.c
+++ b/criu/cr-restore.c
@@ -3084,8 +3084,10 @@  static int rst_prep_creds(pid_t pid, CoreEntry *core, unsigned long *creds_pos)
 	 * present. It means we don't have
 	 * creds either, just ignore and exit
 	 * early.
+	 *
+	 * Or -- we're doing --unshare user restore from non-root context
 	 */
-	if (unlikely(!core->thread_core)) {
+	if (unlikely(!core->thread_core || (opts.unshare_flags & UNSHARE_UNPRIVILEDGED))) {
 		*creds_pos = 0;
 		return 0;
 	}
diff --git a/criu/pie/restorer.c b/criu/pie/restorer.c
index 1058dbf..c4fc1e5 100644
--- a/criu/pie/restorer.c
+++ b/criu/pie/restorer.c
@@ -132,6 +132,11 @@  static int restore_creds(struct thread_creds_args *args, int procfd)
 	struct cap_header hdr;
 	struct cap_data data[_LINUX_CAPABILITY_U32S_3];
 
+	if (!args) {
+		pr_info("No creds to restore\n");
+		return 0;
+	}
+
 	/*
 	 * We're still root here and thus can do it without failures.
 	 */