From: Dan Smith <danms@xxxxxxxxxx>
Signed-off-by: Dan Smith <danms@xxxxxxxxxx>
Signed-off-by: Oren Laadan <orenl@xxxxxxxxxxxxxxx>
Acked-by: Serge Hallyn <serue@xxxxxxxxxx>
---
checkpoint/checkpoint.c | 18 ++++++++++++++----
1 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/checkpoint/checkpoint.c b/checkpoint/checkpoint.c
index efd8109..630b52c 100644
--- a/checkpoint/checkpoint.c
+++ b/checkpoint/checkpoint.c
@@ -233,6 +233,7 @@ static int cr_write_all_tasks(struct cr_ctx *ctx)
static int cr_may_checkpoint_task(struct task_struct *t, struct cr_ctx *ctx)
{
struct pid_namespace *ns = ctx->root_nsproxy->pid_ns;
+ int ret = 0;
cr_debug("check %d\n", task_pid_nr_ns(t, ns));
@@ -256,11 +257,20 @@ static int cr_may_checkpoint_task(struct task_struct *t, struct cr_ctx *ctx)
t->real_parent == ctx->root_task->real_parent)
return -EINVAL;
- /* FIX: change this for nested containers */
- if (task_nsproxy(t) != ctx->root_nsproxy)
- return -EPERM;
+ rcu_read_lock();
+ if (task_nsproxy(t)->uts_ns != ctx->root_nsproxy->uts_ns)
+ ret = -EPERM;
+ if (task_nsproxy(t)->ipc_ns != ctx->root_nsproxy->ipc_ns)
+ ret = -EPERM;
+ if (task_nsproxy(t)->mnt_ns != ctx->root_nsproxy->mnt_ns)
+ ret = -EPERM;
+ if (task_nsproxy(t)->pid_ns != ctx->root_nsproxy->pid_ns)
+ ret = -EPERM;
+ if (task_nsproxy(t)->net_ns != ctx->root_nsproxy->net_ns)
+ ret = -EPERM;
+ rcu_read_unlock();
- return 0;
+ return ret;
}
#define CR_HDR_PIDS_CHUNK 256
--
1.5.4.3
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
