[PATCH 1/1] restart: accept the lsm_name field in header and add -k flag (v2)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
To: Oren Laadan <orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
Cc: Linux Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>
Subject: [PATCH 1/1] restart: accept the lsm_name field in header and add -k flag (v2)
Date: Mon, 5 Oct 2009 16:58:52 -0500	[thread overview]
Message-ID: <20091005215852.GD26081@us.ibm.com> (raw)
In-Reply-To: <20091005215114.GA26052-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>

[ Oren: I added your ack since you sent it to the previous
patch, but this patch changed quite a bit - maybe I shouldn't
have put the ack in after all, but please take another look ]

The checkpoint file header now has an 11-character string
containing the name of the active LSM, following the uts
info, and a variable length buffer type conaining LSM-specific
version information (for instance a sha1sum of policy).
Handle these.

Also add a -k (--keeplsm) flag to tell restart to set the
RESTART_KEEP_LSM flag to sys_restart().

Changelog:
	oct 05: 1. move keep_lsm into arg struct
		2. read a separate container config section
		3. use CHECKPOINT_LSM_NAME_MAX

Signed-off-by: Serge E. Hallyn <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Acked-by: Oren Laadan <orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
---
 restart.c |   66 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 64 insertions(+), 2 deletions(-)

diff --git a/restart.c b/restart.c
index c3f4349..d8409c4 100644
--- a/restart.c
+++ b/restart.c
@@ -34,7 +34,6 @@
 #include <linux/checkpoint.h>
 #include <linux/checkpoint_hdr.h>
 
-
 /* this really belongs to some kernel header ! */
 struct pid_set {
 	int num_pids;
@@ -68,6 +67,7 @@ static char usage_str[] =
 "     --signal=SIG       send SIG to root task on SIGINT (default: SIGKILL\n"
 "                        to container root, SIGINT otherwise)\n"
 "  -w,--wait             wait for root task to termiate (default)\n"
+"  -k,--keeplsm          Try to recreate original LSM labels on all objects\n"
 "     --show-status      show exit status of root task (implies -w)\n"
 "     --copy-status      imitate exit status of root task (implies -w)\n"
 "  -W,--no-wait          do not wait for root task to terminate\n"
@@ -264,6 +264,7 @@ struct ckpt_ctx {
 	
 	char header[BUFSIZE];
 	char header_arch[BUFSIZE];
+	char container[BUFSIZE];
 	char tree[BUFSIZE];
 	char buf[BUFSIZE];
 	struct args *args;
@@ -303,6 +304,7 @@ static int ckpt_write_obj(struct ckpt_ctx *ctx, struct ckpt_hdr *h);
 
 static int ckpt_write_header(struct ckpt_ctx *ctx);
 static int ckpt_write_header_arch(struct ckpt_ctx *ctx);
+static int ckpt_write_container(struct ckpt_ctx *ctx);
 static int ckpt_write_tree(struct ckpt_ctx *ctx);
 
 static int _ckpt_read(int fd, void *buf, int count);
@@ -313,6 +315,7 @@ static int ckpt_read_obj_type(struct ckpt_ctx *ctx, void *b, int n, int type);
 
 static int ckpt_read_header(struct ckpt_ctx *ctx);
 static int ckpt_read_header_arch(struct ckpt_ctx *ctx);
+static int ckpt_read_container(struct ckpt_ctx *ctx);
 static int ckpt_read_tree(struct ckpt_ctx *ctx);
 
 static int hash_init(struct ckpt_ctx *ctx);
@@ -347,6 +350,7 @@ struct args {
 	int copy_status;
 	char *freezer;
 	char *input;
+	int keep_lsm;
 };
 
 static void usage(char *str)
@@ -377,6 +381,7 @@ static void parse_args(struct args *args, int argc, char *argv[])
 		{ "self",	no_argument,		NULL, 6},
 		{ "signal",	required_argument,	NULL, 4 },
 		{ "inspect",	no_argument,		NULL, 5 },
+		{ "keeplsm",	no_argument,		NULL, 'k' },
 		{ "input",	required_argument,	NULL, 'i' },
 		{ "root",	required_argument,	NULL, 'r' },
 		{ "wait",	no_argument,		NULL, 'w' },
@@ -388,7 +393,7 @@ static void parse_args(struct args *args, int argc, char *argv[])
 		{ "debug",	no_argument,		NULL, 'd' },
 		{ NULL,		0,			NULL, 0 }
 	};
-	static char optc[] = "hdvpPwWF:r:i:";
+	static char optc[] = "hdvpkPwWF:r:i:";
 
 	int sig;
 
@@ -443,6 +448,9 @@ static void parse_args(struct args *args, int argc, char *argv[])
 		case 'w':
 			args->wait = 1;
 			break;
+		case 'k':
+			args->keep_lsm = RESTART_KEEP_LSM;
+			break;
 		case 'W':
 			args->wait = 0;
 			break;
@@ -693,6 +701,12 @@ int main(int argc, char *argv[])
 		exit(1);
 	}
 
+	ret = ckpt_read_container(&ctx);
+	if (ret < 0) {
+		perror("read c/r container section");
+		exit(1);
+	}
+
 	ret = ckpt_read_tree(&ctx);
 	if (ret < 0) {
 		perror("read c/r tree");
@@ -927,6 +941,7 @@ static int ckpt_coordinator(struct ckpt_ctx *ctx)
 	if (ctx->args->freezer)
 		flags |= RESTART_FROZEN;
 
+	flags |= ctx->args->keep_lsm;
 	ret = restart(root_pid, STDIN_FILENO, flags);
 
 	if (ret < 0) {
@@ -1575,6 +1590,7 @@ static int ckpt_make_tree(struct ckpt_ctx *ctx, struct task *task)
 	if (task->flags & (TASK_GHOST | TASK_DEAD))
 		flags |= RESTART_GHOST;
 
+	flags |= ctx->args->keep_lsm;
 	/* on success this doesn't return */
 	ckpt_dbg("about to call sys_restart(), flags %#lx\n", flags);
 	ret = restart(0, STDIN_FILENO, flags);
@@ -1850,6 +1866,9 @@ static int ckpt_do_feeder(void *data)
 	if (ckpt_write_header_arch(ctx) < 0)
 		ckpt_abort(ctx, "write c/r header arch");
 
+	if (ckpt_write_container(ctx) < 0)
+		ckpt_abort(ctx, "write container section");
+
 	if (ckpt_write_tree(ctx) < 0)
 		ckpt_abort(ctx, "write c/r tree");
 
@@ -2102,6 +2121,27 @@ static int ckpt_read_header_arch(struct ckpt_ctx *ctx)
 	return 0;
 }
 
+static int ckpt_read_container(struct ckpt_ctx *ctx)
+{
+	int ret;
+	struct ckpt_hdr_container *h;
+	char *ptr;
+
+	h = (struct ckpt_hdr_container *) ctx->container;
+	ret = ckpt_read_obj_type(ctx, h, sizeof(*h), CKPT_HDR_CONTAINER);
+	if (ret < 0)
+		return ret;
+
+	ptr = (char *) h;
+	ptr += ((struct ckpt_hdr *) ptr)->len;
+	ret = ckpt_read_obj_buffer(ctx, ptr, CHECKPOINT_LSM_NAME_MAX + 1);
+	if (ret < 0)
+		return ret;
+
+	ptr += ((struct ckpt_hdr *) ptr)->len;
+	return ckpt_read_obj_type(ctx, ptr, 200, CKPT_HDR_LSM_INFO);
+}
+
 static int ckpt_read_tree(struct ckpt_ctx *ctx)
 {
 	struct ckpt_hdr_tree *h;
@@ -2174,6 +2214,28 @@ static int ckpt_write_header_arch(struct ckpt_ctx *ctx)
 	return ckpt_write_obj(ctx, (struct ckpt_hdr *) h);
 }
 
+static int ckpt_write_container(struct ckpt_ctx *ctx)
+{
+	char *ptr;
+	int ret;
+
+	ptr = (char *) ctx->container;
+	/* write the container info section */
+	ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) ptr);
+	if (ret < 0)
+		return ret;
+
+	/* write the lsm name buffer */
+	ptr += ((struct ckpt_hdr *) ptr)->len;
+	ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) ptr);
+	if (ret < 0)
+		return ret;
+
+	/* write the lsm policy section */
+	ptr += ((struct ckpt_hdr *) ptr)->len;
+	return ckpt_write_obj(ctx, (struct ckpt_hdr *) ptr);
+}
+
 static int ckpt_write_tree(struct ckpt_ctx *ctx)
 {
 	struct ckpt_hdr_tree *h;
-- 
1.6.1.1

     prev parent reply	other threads:[~2009-10-05 21:58 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-10-05 21:51 [PATCH 1/4] debug: add a few ckpt_debugs Serge E. Hallyn
     [not found] ` <20091005215114.GA26052-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-05 21:53   ` [PATCH 2/4] cr: add generic LSM c/r support (v4) Serge E. Hallyn
2009-10-05 21:54   ` [PATCH 3/4] cr: add smack support to lsm c/r (v4) Serge E. Hallyn
     [not found]     ` <20091005215410.GB26081-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-09  4:18       ` Casey Schaufler
2009-10-05 21:56   ` [PATCH 4/4] cr: add selinux support (v5.1) Serge E. Hallyn
2009-10-05 21:56     ` Serge E. Hallyn
2009-10-05 21:58   ` Serge E. Hallyn [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:c3f4349 dfblob:d8409c4 )
 OR (
bs:"[PATCH 1/1] restart: accept the lsm_name field in header and add -k flag (v2)" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20091005215852.GD26081@us.ibm.com \
    --to=serue-r/jw6+rmf7hqt0dzr+alfa@public.gmane.org \
    --cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
    --cc=orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.