From: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
To: Oren Laadan <orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
Cc: Linux Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>
Subject: [PATCH user-cr] restart: accept the lsm_name field in header and add -k flag (v2)
Date: Mon, 19 Oct 2009 09:44:01 -0500 [thread overview]
Message-ID: <20091019144401.GB30566@us.ibm.com> (raw)
In-Reply-To: <20091019144315.GA30535-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
The checkpoint file header now has an 11-character string
containing the name of the active LSM, following the uts
info, and a variable length buffer type conaining LSM-specific
version information (for instance a sha1sum of policy).
Handle these.
Also add a -k (--keeplsm) flag to tell restart to set the
RESTART_KEEP_LSM flag to sys_restart().
Changelog:
oct 15: separate out from container config section patch
oct 05: 1. move keep_lsm into arg struct
2. read a separate container config section
3. use CHECKPOINT_LSM_NAME_MAX
Signed-off-by: Serge E. Hallyn <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
---
restart.c | 39 +++++++++++++++++++++++++++++++++++++--
1 files changed, 37 insertions(+), 2 deletions(-)
diff --git a/restart.c b/restart.c
index fbaab88..dd2dc12 100644
--- a/restart.c
+++ b/restart.c
@@ -68,6 +68,7 @@ static char usage_str[] =
" --signal=SIG send SIG to root task on SIGINT (default: SIGKILL\n"
" to container root, SIGINT otherwise)\n"
" -w,--wait wait for root task to termiate (default)\n"
+" -k,--keeplsm Try to recreate original LSM labels on all objects\n"
" --show-status show exit status of root task (implies -w)\n"
" --copy-status imitate exit status of root task (implies -w)\n"
" -W,--no-wait do not wait for root task to terminate\n"
@@ -352,6 +353,7 @@ struct args {
int copy_status;
char *freezer;
char *input;
+ int keep_lsm;
};
static void usage(char *str)
@@ -382,6 +384,7 @@ static void parse_args(struct args *args, int argc, char *argv[])
{ "self", no_argument, NULL, 6},
{ "signal", required_argument, NULL, 4 },
{ "inspect", no_argument, NULL, 5 },
+ { "keeplsm", no_argument, NULL, 'k' },
{ "input", required_argument, NULL, 'i' },
{ "root", required_argument, NULL, 'r' },
{ "wait", no_argument, NULL, 'w' },
@@ -393,7 +396,7 @@ static void parse_args(struct args *args, int argc, char *argv[])
{ "debug", no_argument, NULL, 'd' },
{ NULL, 0, NULL, 0 }
};
- static char optc[] = "hdvpPwWF:r:i:";
+ static char optc[] = "hdvpkPwWF:r:i:";
int sig;
@@ -448,6 +451,9 @@ static void parse_args(struct args *args, int argc, char *argv[])
case 'w':
args->wait = 1;
break;
+ case 'k':
+ args->keep_lsm = RESTART_KEEP_LSM;
+ break;
case 'W':
args->wait = 0;
break;
@@ -929,6 +935,7 @@ static int ckpt_coordinator(struct ckpt_ctx *ctx)
if (ctx->args->freezer)
flags |= RESTART_FROZEN;
+ flags |= ctx->args->keep_lsm;
ret = restart(root_pid, STDIN_FILENO, flags);
if (ret < 0) {
@@ -1588,6 +1595,8 @@ static int ckpt_make_tree(struct ckpt_ctx *ctx, struct task *task)
if (task->flags & (TASK_GHOST | TASK_DEAD))
flags |= RESTART_GHOST;
+ flags |= ctx->args->keep_lsm;
+
/* on success this doesn't return */
ckpt_dbg("about to call sys_restart(), flags %#lx\n", flags);
ret = restart(0, STDIN_FILENO, flags);
@@ -2134,10 +2143,23 @@ static int ckpt_read_header_arch(struct ckpt_ctx *ctx)
static int ckpt_read_container(struct ckpt_ctx *ctx)
{
+ int ret;
struct ckpt_hdr_container *h;
+ char *ptr;
h = (struct ckpt_hdr_container *) ctx->container;
- return ckpt_read_obj_type(ctx, h, sizeof(*h), CKPT_HDR_CONTAINER);
+ ret = ckpt_read_obj_type(ctx, h, sizeof(*h), CKPT_HDR_CONTAINER);
+ if (ret < 0)
+ return ret;
+
+ ptr = (char *) h;
+ ptr += ((struct ckpt_hdr *) ptr)->len;
+ ret = ckpt_read_obj_buffer(ctx, ptr, CHECKPOINT_LSM_NAME_MAX + 1);
+ if (ret < 0)
+ return ret;
+
+ ptr += ((struct ckpt_hdr *) ptr)->len;
+ return ckpt_read_obj_type(ctx, ptr, 200, CKPT_HDR_LSM_INFO);
}
static int ckpt_read_tree(struct ckpt_ctx *ctx)
@@ -2215,9 +2237,22 @@ static int ckpt_write_header_arch(struct ckpt_ctx *ctx)
static int ckpt_write_container(struct ckpt_ctx *ctx)
{
char *ptr;
+ int ret;
ptr = (char *) ctx->container;
/* write the container info section */
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) ptr);
+ if (ret < 0)
+ return ret;
+
+ /* write the lsm name buffer */
+ ptr += ((struct ckpt_hdr *) ptr)->len;
+ ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) ptr);
+ if (ret < 0)
+ return ret;
+
+ /* write the lsm policy section */
+ ptr += ((struct ckpt_hdr *) ptr)->len;
return ckpt_write_obj(ctx, (struct ckpt_hdr *) ptr);
}
--
1.6.1.1
next prev parent reply other threads:[~2009-10-19 14:44 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-19 14:43 [PATCH 1/4] add lsm name and lsm_info (policy header) to container info Serge E. Hallyn
[not found] ` <20091019144315.GA30535-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-19 14:43 ` [PATCH 2/4] cr: add generic LSM c/r support (v6) Serge E. Hallyn
[not found] ` <20091019144341.GA30566-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-19 18:13 ` Oren Laadan
[not found] ` <4ADCAC5B.9080205-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org>
2009-10-19 19:02 ` Serge E. Hallyn
[not found] ` <20091019190227.GA7201-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-21 1:03 ` Oren Laadan
[not found] ` <4ADE5DEA.2000606-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org>
2009-10-21 1:18 ` Serge E. Hallyn
[not found] ` <20091021011846.GA26728-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-21 1:21 ` Oren Laadan
[not found] ` <4ADE621E.2080603-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org>
2009-10-21 5:01 ` Serge E. Hallyn
2009-10-20 1:16 ` Serge E. Hallyn
2009-10-19 14:44 ` Serge E. Hallyn [this message]
2009-10-19 14:44 ` [PATCH 3/4] cr: add smack support to lsm c/r (v6) Serge E. Hallyn
2009-10-19 14:44 ` [PATCH 4/4] cr: add selinux support (v6) Serge E. Hallyn
-- strict thread matches above, loose matches on Subject: below --
2009-11-11 15:58 [PATCH 0/4] Introduction: LSM c/r patchset serue-r/Jw6+rmf7HQT0dZR+AlfA
[not found] ` <1257955132-8398-1-git-send-email-serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-11-11 15:58 ` [PATCH user-cr] restart: accept the lsm_name field in header and add -k flag (v2) serue-r/Jw6+rmf7HQT0dZR+AlfA
2009-10-15 20:37 [PATCH] add lsm name and lsm_info (policy header) to container info Serge E. Hallyn
[not found] ` <20091015203721.GA5030-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-15 20:38 ` [PATCH user-cr] restart: accept the lsm_name field in header and add -k flag (v2) Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091019144401.GB30566@us.ibm.com \
--to=serue-r/jw6+rmf7hqt0dzr+alfa@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox