diff options
| author | Adrian Reber <areber@redhat.com> | 2020-07-24 19:03:45 +0300 |
|---|---|---|
| committer | Andrei Vagin <avagin@gmail.com> | 2022-10-25 17:26:42 +0300 |
| commit | 294aedcc417f77850df12a7a99198335b851fe29 (patch) | |
| tree | 5200cdfd0b9629e883eaa982b6a56aaf0ccda2f6 | |
| parent | 4cd295b9bbe850dd7e07f8160bd559e1a4f2e620 (diff) | |
non-root: add infrastructure to run as non-root
The idea behind the rootless CRIU code is, that CRIU reads out its
effective capabilities and stores that in the global opts structure.
Different parts of CRIU can then, based on the existing capabilities,
automatically enable or disable certain code paths.
Currently at least CAP_CHECKPOINT_RESTORE is required. CRIU will not
start without this capability.
Signed-off-by: Adrian Reber <areber@redhat.com>
| -rw-r--r-- | criu/config.c | 3 | ||||
| -rw-r--r-- | criu/cr-restore.c | 4 | ||||
| -rw-r--r-- | criu/include/cr_options.h | 17 | ||||
| -rw-r--r-- | criu/include/restorer.h | 3 |
4 files changed, 26 insertions, 1 deletions
diff --git a/criu/config.c b/criu/config.c index 24c445c8b..c078848ec 100644 --- a/criu/config.c +++ b/criu/config.c @@ -705,6 +705,9 @@ int parse_options(int argc, char **argv, bool *usage_error, bool *has_exec_cmd, #undef BOOL_OPT + if (argv && argv[0]) + SET_CHAR_OPTS(argv_0, argv[0]); + ret = pre_parse(argc, argv, usage_error, &no_default_config, &cfg_file); if (ret) diff --git a/criu/cr-restore.c b/criu/cr-restore.c index 9c480be78..cd8705822 100644 --- a/criu/cr-restore.c +++ b/criu/cr-restore.c @@ -3748,6 +3748,10 @@ static int sigreturn_restore(pid_t pid, struct task_restore_args *task_args, uns prep_libc_rseq_info(&task_args->libc_rseq); + task_args->uid = opts.uid; + for (i = 0; i < CR_CAP_SIZE; i++) + task_args->cap_eff[i] = opts.cap_eff[i]; + /* * Fill up per-thread data. */ diff --git a/criu/include/cr_options.h b/criu/include/cr_options.h index e544a2d9a..6e85dff0a 100644 --- a/criu/include/cr_options.h +++ b/criu/include/cr_options.h @@ -1,10 +1,11 @@ #ifndef __CR_OPTIONS_H__ #define __CR_OPTIONS_H__ -#include <sys/types.h> #include <stdbool.h> #include "common/config.h" #include "common/list.h" +#include "int.h" +#include "image.h" /* Configuration and CLI parsing order defines */ #define PARSING_GLOBAL_CONF 1 @@ -210,6 +211,20 @@ struct cr_options { enum criu_mode mode; int mntns_compat_mode; + + /* Remember the program name passed to main() so we can use it in + * error messages elsewhere. + */ + char *argv_0; + /* + * This contains the eUID of the current CRIU user. It + * will only be set to a non-zero value if CRIU has + * the necessary capabilities to run as non root. + * CAP_CHECKPOINT_RESTORE or CAP_SYS_ADMIN + */ + uid_t uid; + /* This contains the value from /proc/pid/status: CapEff */ + u32 cap_eff[CR_CAP_SIZE]; }; extern struct cr_options opts; diff --git a/criu/include/restorer.h b/criu/include/restorer.h index 325804e44..d642765e3 100644 --- a/criu/include/restorer.h +++ b/criu/include/restorer.h @@ -235,6 +235,9 @@ struct task_restore_args { * unregister it before memory restoration procedure */ struct rst_rseq_param libc_rseq; + + uid_t uid; + u32 cap_eff[CR_CAP_SIZE]; } __aligned(64); /* |