Re: [PATCH 1/1] restart: accept the lsm_name field in header and add -k flag

Linux Container Development
 help / color / mirror / Atom feed

From: Oren Laadan <orenl-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org>
To: "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Cc: Linux Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>
Subject: Re: [PATCH 1/1] restart: accept the lsm_name field in header and add	-k flag
Date: Fri, 02 Oct 2009 17:02:54 -0400	[thread overview]
Message-ID: <4AC66A7E.60609@librato.com> (raw)
In-Reply-To: <20091002035157.GA16920-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>



Serge E. Hallyn wrote:
> The checkpoint file header now has an 11-character string
> containing the name of the active LSM, following the uts
> info, and a variable length buffer type conaining LSM-specific
> version information (for instance a sha1sum of policy).
> Handle these.
> 
> Also add a -k (--keeplsm) flag to tell restart to set the
> RESTART_KEEP_LSM flag to sys_restart().
> 
> Signed-off-by: Serge E. Hallyn <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>

A couple of comments below. Otherwise:

Acked-by: Oren Laadan <orenl-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>


> ---
>  restart.c |   32 +++++++++++++++++++++++++++++++-
>  1 files changed, 31 insertions(+), 1 deletions(-)
> 
> diff --git a/restart.c b/restart.c
> index b810ca9..44ae252 100644
> --- a/restart.c
> +++ b/restart.c
> @@ -68,6 +68,7 @@ static char usage_str[] =
>  "     --signal=SIG       send SIG to root task on SIGINT (default: SIGKILL\n"
>  "                        to container root, SIGINT otherwise)\n"
>  "  -w,--wait             wait for root task to termiate (default)\n"
> +"  -k,--keeplsm          Try to recreate original LSM labels on all objects\n"
>  "     --show-status      show exit status of root task (implies -w)\n"
>  "     --copy-status      imitate exit status of root task (implies -w)\n"
>  "  -W,--no-wait          do not wait for root task to terminate\n"
> @@ -349,6 +350,8 @@ struct args {
>  	char *input;
>  };
>  
> +int keep_lsm;

Can you please use 'struct args' for this ?
	
> +
>  static void usage(char *str)
>  {
>  	fprintf(stderr, "%s", str);
> @@ -377,6 +380,7 @@ static void parse_args(struct args *args, int argc, char *argv[])
>  		{ "self",	no_argument,		NULL, 6},
>  		{ "signal",	required_argument,	NULL, 4 },
>  		{ "inspect",	no_argument,		NULL, 5 },
> +		{ "keeplsm",	no_argument,		NULL, 'k' },
>  		{ "input",	required_argument,	NULL, 'i' },
>  		{ "root",	required_argument,	NULL, 'r' },
>  		{ "wait",	no_argument,		NULL, 'w' },
> @@ -388,7 +392,7 @@ static void parse_args(struct args *args, int argc, char *argv[])
>  		{ "debug",	no_argument,		NULL, 'd' },
>  		{ NULL,		0,			NULL, 0 }
>  	};
> -	static char optc[] = "hdvpPwWF:r:i:";
> +	static char optc[] = "hdvpkPwWF:r:i:";
>  
>  	int sig;
>  
> @@ -443,6 +447,9 @@ static void parse_args(struct args *args, int argc, char *argv[])
>  		case 'w':
>  			args->wait = 1;
>  			break;
> +		case 'k':
> +			keep_lsm = RESTART_KEEP_LSM;
> +			break;
>  		case 'W':
>  			args->wait = 0;
>  			break;
> @@ -927,6 +934,7 @@ static int ckpt_coordinator(struct ckpt_ctx *ctx)
>  	if (ctx->args->freezer)
>  		flags |= RESTART_FROZEN;
>  
> +	flags |= keep_lsm;
>  	ret = restart(root_pid, STDIN_FILENO, flags);
>  
>  	if (ret < 0) {
> @@ -1581,6 +1589,7 @@ static int ckpt_make_tree(struct ckpt_ctx *ctx, struct task *task)
>  	if (task->flags & (TASK_GHOST | TASK_DEAD))
>  		flags |= RESTART_GHOST;
>  
> +	flags |= keep_lsm;
>  	/* on success this doesn't return */
>  	ckpt_dbg("about to call sys_restart(), flags %#lx\n", flags);
>  	ret = restart(0, STDIN_FILENO, flags);
> @@ -2057,6 +2066,7 @@ static int ckpt_read_obj_buffer(struct ckpt_ctx *ctx, void *buf, int n)
>   * read/write the checkpoint image: similar to in-kernel code
>   */
>  
> +#define SECURITY_NAME_MAX 20

Why is this ?  if it's kernel ABI then define in checkpoint_hdr.h,
or include suitable header.

>  static int ckpt_read_header(struct ckpt_ctx *ctx)
>  {
>  	struct ckpt_hdr_header *h;
> @@ -2090,6 +2100,16 @@ static int ckpt_read_header(struct ckpt_ctx *ctx)
>  	if (ret < 0)
>  		return ret;
>  
> +	ptr += ((struct ckpt_hdr *) ptr)->len;
> +	ret = ckpt_read_obj_buffer(ctx, ptr, SECURITY_NAME_MAX + 1);
> +	if (ret < 0)
> +		return ret;
> +
> +	ptr += ((struct ckpt_hdr *) ptr)->len;
> +	ret = ckpt_read_obj_type(ctx, ptr, 200, CKPT_HDR_LSM_INFO);
> +	if (ret < 0)
> +		return ret;
> +
>  	/* FIXME: skip version validation for now */
>  
>  	return 0;
> @@ -2169,6 +2189,16 @@ static int ckpt_write_header(struct ckpt_ctx *ctx)
>  	ptr += ((struct ckpt_hdr *) ptr)->len;
>  	ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) ptr);
>  
> +	if (ret < 0)
> +		return ret;
> +	ptr += ((struct ckpt_hdr *) ptr)->len;
> +	ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) ptr);
> +	if (ret < 0)
> +		return ret;
> +
> +	ptr += ((struct ckpt_hdr *) ptr)->len;
> +	ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) ptr);
> +
>  	return ret;
>  }
>

next prev parent reply	other threads:[~2009-10-02 21:02 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-10-02  3:49 [PATCH 1/3] cr: add generic LSM c/r support (v4) Serge E. Hallyn
     [not found] ` <20091002034916.GA16871-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-02  3:51   ` [PATCH 1/1] restart: accept the lsm_name field in header and add -k flag Serge E. Hallyn
     [not found]     ` <20091002035157.GA16920-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-10-02 21:02       ` Oren Laadan [this message]
2009-10-02 20:57   ` [PATCH 1/3] cr: add generic LSM c/r support (v4) Oren Laadan
2009-10-02 22:13     ` Serge E. Hallyn
2009-10-02 22:23       ` Oren Laadan
2009-10-02 22:31         ` Serge E. Hallyn
2009-10-02  3:52 ` [PATCH 2/3] cr: add smack support to lsm c/r (v4) Serge E. Hallyn
2009-10-02  3:52 ` [PATCH 3/3] cr: add selinux support (v4) Serge E. Hallyn
2009-10-02 12:59   ` Stephen Smalley
2009-10-02 21:55     ` Serge E. Hallyn
2009-10-02 21:14   ` Oren Laadan
2009-10-02 22:05     ` Serge E. Hallyn
2009-10-02 22:14       ` Serge E. Hallyn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4AC66A7E.60609@librato.com \
    --to=orenl-rdfvbdnroixbdgjk7y7tuq@public.gmane.org \
    --cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
    --cc=serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox