From: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
To: Oren Laadan <orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
Cc: Linux Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>
Subject: [PATCH user-cr] restart: accept the lsm_name field in header and add -k flag (v2)
Date: Mon, 19 Oct 2009 09:44:01 -0500 [thread overview]
Message-ID: <20091019144401.GB30566@us.ibm.com> (raw)
In-Reply-To: <20091019144315.GA30535-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
The checkpoint file header now has an 11-character string
containing the name of the active LSM, following the uts
info, and a variable length buffer type conaining LSM-specific
version information (for instance a sha1sum of policy).
Handle these.
Also add a -k (--keeplsm) flag to tell restart to set the
RESTART_KEEP_LSM flag to sys_restart().
Changelog:
oct 15: separate out from container config section patch
oct 05: 1. move keep_lsm into arg struct
2. read a separate container config section
3. use CHECKPOINT_LSM_NAME_MAX
Signed-off-by: Serge E. Hallyn <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
---
restart.c | 39 +++++++++++++++++++++++++++++++++++++--
1 files changed, 37 insertions(+), 2 deletions(-)
diff --git a/restart.c b/restart.c
index fbaab88..dd2dc12 100644
--- a/restart.c
+++ b/restart.c
@@ -68,6 +68,7 @@ static char usage_str[] =
" --signal=SIG send SIG to root task on SIGINT (default: SIGKILL\n"
" to container root, SIGINT otherwise)\n"
" -w,--wait wait for root task to termiate (default)\n"
+" -k,--keeplsm Try to recreate original LSM labels on all objects\n"
" --show-status show exit status of root task (implies -w)\n"
" --copy-status imitate exit status of root task (implies -w)\n"
" -W,--no-wait do not wait for root task to terminate\n"
@@ -352,6 +353,7 @@ struct args {
int copy_status;
char *freezer;
char *input;
+ int keep_lsm;
};
static void usage(char *str)
@@ -382,6 +384,7 @@ static void parse_args(struct args *args, int argc, char *argv[])
{ "self", no_argument, NULL, 6},
{ "signal", required_argument, NULL, 4 },
{ "inspect", no_argument, NULL, 5 },
+ { "keeplsm", no_argument, NULL, 'k' },
{ "input", required_argument, NULL, 'i' },
{ "root", required_argument, NULL, 'r' },
{ "wait", no_argument, NULL, 'w' },
@@ -393,7 +396,7 @@ static void parse_args(struct args *args, int argc, char *argv[])
{ "debug", no_argument, NULL, 'd' },
{ NULL, 0, NULL, 0 }
};
- static char optc[] = "hdvpPwWF:r:i:";
+ static char optc[] = "hdvpkPwWF:r:i:";
int sig;
@@ -448,6 +451,9 @@ static void parse_args(struct args *args, int argc, char *argv[])
case 'w':
args->wait = 1;
break;
+ case 'k':
+ args->keep_lsm = RESTART_KEEP_LSM;
+ break;
case 'W':
args->wait = 0;
break;
@@ -929,6 +935,7 @@ static int ckpt_coordinator(struct ckpt_ctx *ctx)
if (ctx->args->freezer)
flags |= RESTART_FROZEN;
+ flags |= ctx->args->keep_lsm;
ret = restart(root_pid, STDIN_FILENO, flags);
if (ret < 0) {
@@ -1588,6 +1595,8 @@ static int ckpt_make_tree(struct ckpt_ctx *ctx, struct task *task)
if (task->flags & (TASK_GHOST | TASK_DEAD))
flags |= RESTART_GHOST;
+ flags |= ctx->args->keep_lsm;
+
/* on success this doesn't return */
ckpt_dbg("about to call sys_restart(), flags %#lx\n", flags);
ret = restart(0, STDIN_FILENO, flags);
@@ -2134,10 +2143,23 @@ static int ckpt_read_header_arch(struct ckpt_ctx *ctx)
static int ckpt_read_container(struct ckpt_ctx *ctx)
{
+ int ret;
struct ckpt_hdr_container *h;
+ char *ptr;
h = (struct ckpt_hdr_container *) ctx->container;
- return ckpt_read_obj_type(ctx, h, sizeof(*h), CKPT_HDR_CONTAINER);
+ ret = ckpt_read_obj_type(ctx, h, sizeof(*h), CKPT_HDR_CONTAINER);
+ if (ret < 0)
+ return ret;
+
+ ptr = (char *) h;
+ ptr += ((struct ckpt_hdr *) ptr)->len;
+ ret = ckpt_read_obj_buffer(ctx, ptr, CHECKPOINT_LSM_NAME_MAX + 1);
+ if (ret < 0)
+ return ret;
+
+ ptr += ((struct ckpt_hdr *) ptr)->len;
+ return ckpt_read_obj_type(ctx, ptr, 200, CKPT_HDR_LSM_INFO);
}
static int ckpt_read_tree(struct ckpt_ctx *ctx)
@@ -2215,9 +2237,22 @@ static int ckpt_write_header_arch(struct ckpt_ctx *ctx)
static int ckpt_write_container(struct ckpt_ctx *ctx)
{
char *ptr;
+ int ret;
ptr = (char *) ctx->container;
/* write the container info section */
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) ptr);
+ if (ret < 0)
+ return ret;
+
+ /* write the lsm name buffer */
+ ptr += ((struct ckpt_hdr *) ptr)->len;
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) ptr);
+ if (ret < 0)
+ return ret;
+
+ /* write the lsm policy section */
+ ptr += ((struct ckpt_hdr *) ptr)->len;
return ckpt_write_obj(ctx, (struct ckpt_hdr *) ptr);
}
--
1.6.1.1
next prev parent reply other threads:[~2009-10-19 14:44 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-19 14:43 [PATCH 1/4] add lsm name and lsm_info (policy header) to container info Serge E. Hallyn
[not found] ` <20091019144315.GA30535-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-19 14:43 ` [PATCH 2/4] cr: add generic LSM c/r support (v6) Serge E. Hallyn
[not found] ` <20091019144341.GA30566-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-19 18:13 ` Oren Laadan
[not found] ` <4ADCAC5B.9080205-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org>
2009-10-19 19:02 ` Serge E. Hallyn
[not found] ` <20091019190227.GA7201-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-21 1:03 ` Oren Laadan
[not found] ` <4ADE5DEA.2000606-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org>
2009-10-21 1:18 ` Serge E. Hallyn
[not found] ` <20091021011846.GA26728-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-21 1:21 ` Oren Laadan
[not found] ` <4ADE621E.2080603-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org>
2009-10-21 5:01 ` Serge E. Hallyn
2009-10-20 1:16 ` Serge E. Hallyn
2009-10-19 14:44 ` Serge E. Hallyn [this message]
2009-10-19 14:44 ` [PATCH 3/4] cr: add smack support to lsm c/r (v6) Serge E. Hallyn
2009-10-19 14:44 ` [PATCH 4/4] cr: add selinux support (v6) Serge E. Hallyn
-- strict thread matches above, loose matches on Subject: below --
2009-11-11 15:58 [PATCH 0/4] Introduction: LSM c/r patchset serue-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <1257955132-8398-1-git-send-email-serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-11-11 15:58 ` [PATCH user-cr] restart: accept the lsm_name field in header and add -k flag (v2) serue-r/Jw6+rmf7HQT0dZR+AlfA
2009-10-15 20:37 [PATCH] add lsm name and lsm_info (policy header) to container info Serge E. Hallyn
[not found] ` <20091015203721.GA5030-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-15 20:38 ` [PATCH user-cr] restart: accept the lsm_name field in header and add -k flag (v2) Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091019144401.GB30566@us.ibm.com \
--to=serue-r/jw6+rmf7hqt0dzr+alfa@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.