STRLCPY/criu

lsm: Move host lsmtype on kerndat

Currently this is lsm.c's static variable, but since kdat
is now cached (and uncached) this value stays zero (no lsm)
if the cache file gets loaded, which is obviously wrong and
breaks the restore all the time on lsm-enabled hosts.

https://github.com/xemul/criu/issues/323

Signed-off-by: Pavel Emelyanov <[email protected]>
Signed-off-by: Andrei Vagin <[email protected]>

Pavel Emelyanov committed with Andrei Vagin 7 years ago

e6302380

1 parent 171acca8

Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)

Total 2 files Show one by one

■ ■ ■ ■ ■ ■

criu/include/kerndat.h

1	1		#ifndef __CR_KERNDAT_H__
2	2		#define __CR_KERNDAT_H__
3	3
	4	+	#include <stdbool.h>
	5	+
4	6		#include "int.h"
5	7
6	8		struct stat;
		skipped 38 lines
45	47		unsigned long mmap_min_addr;
46	48		bool has_tcp_half_closed;
47	49		bool stack_guard_gap_hidden;
	50	+	int lsm;
48	51		};
49	52
50	53		extern struct kerndat_s kdat;
		skipped 21 lines

■ ■ ■ ■ ■ ■

criu/lsm.c

		skipped 4 lines
5	5		#include <sys/types.h>
6	6		#include <unistd.h>
7	7
	8	+	#include "kerndat.h"
8	9		#include "config.h"
9	10		#include "pstree.h"
10	11		#include "util.h"
		skipped 7 lines
18	19		#ifdef CONFIG_HAS_SELINUX
19	20		#include <selinux/selinux.h>
20	21		#endif
21		-
22		-	static Lsmtype lsmtype;
23	22
24	23		static int apparmor_get_label(pid_t pid, char **profile_name)
25	24		{
		skipped 82 lines
108	107		void kerndat_lsm(void)
109	108		{
110	109		if (access(AA_SECURITYFS_PATH, F_OK) == 0) {
111		-	lsmtype = LSMTYPE__APPARMOR;
	110	+	kdat.lsm = LSMTYPE__APPARMOR;
112	111		return;
113	112		}
114	113
		skipped 4 lines
119	118		* well.
120	119		*/
121	120		if (access("/sys/fs/selinux", F_OK) == 0) {
122		-	lsmtype = LSMTYPE__SELINUX;
	121	+	kdat.lsm = LSMTYPE__SELINUX;
123	122		return;
124	123		}
125	124		#endif
126	125
127		-	lsmtype = LSMTYPE__NO_LSM;
	126	+	kdat.lsm = LSMTYPE__NO_LSM;
128	127		}
129	128
130	129		Lsmtype host_lsm_type(void)
131	130		{
132		-	return lsmtype;
	131	+	return kdat.lsm;
133	132		}
134	133
135	134		int collect_lsm_profile(pid_t pid, CredsEntry *ce)
		skipped 2 lines
138	137
139	138		ce->lsm_profile = NULL;
140	139
141		-	switch (lsmtype) {
	140	+	switch (kdat.lsm) {
142	141		case LSMTYPE__NO_LSM:
143	142		ret = 0;
144	143		break;
		skipped 22 lines
167	166
168	167		int validate_lsm(char *lsm_profile)
169	168		{
170		-	if (image_lsm == LSMTYPE__NO_LSM \|\| image_lsm == lsmtype)
	169	+	if (image_lsm == LSMTYPE__NO_LSM \|\| image_lsm == kdat.lsm)
171	170		return 0;
172	171
173	172		/*
		skipped 13 lines
187	186		{
188	187		*val = NULL;
189	188
190		-	switch (lsmtype) {
	189	+	switch (kdat.lsm) {
191	190		case LSMTYPE__APPARMOR:
192	191		if (strcmp(profile, "unconfined") != 0 && asprintf(val, "changeprofile %s", profile) < 0) {
193	192		pr_err("allocating lsm profile failed\n");
		skipped 32 lines
226	225		aux++;
227	226
228	227		if (strcmp(opts.lsm_profile, "apparmor") == 0) {
229		-	if (lsmtype != LSMTYPE__APPARMOR) {
	228	+	if (kdat.lsm != LSMTYPE__APPARMOR) {
230	229		pr_err("apparmor LSM specified but apparmor not supported by kernel\n");
231	230		return -1;
232	231		}
233	232
234	233		opts.lsm_profile = aux;
235	234		} else if (strcmp(opts.lsm_profile, "selinux") == 0) {
236		-	if (lsmtype != LSMTYPE__SELINUX) {
	235	+	if (kdat.lsm != LSMTYPE__SELINUX) {
237	236		pr_err("selinux LSM specified but selinux not supported by kernel\n");
238	237		return -1;
239	238		}
		skipped 12 lines