Quoting Oren Laadan (orenl@xxxxxxxxxxxxxxx):
> +int checkpoint_ipc_shm(int id, void *p, void *data)
> +{
> + struct ckpt_hdr_ipc_shm *h;
> + struct ckpt_ctx *ctx = (struct ckpt_ctx *) data;
> + struct kern_ipc_perm *perm = (struct kern_ipc_perm *) p;
> + struct shmid_kernel *shp;
> + struct inode *inode;
> + int first, objref;
> + int ret;
> +
> + shp = container_of(perm, struct shmid_kernel, shm_perm);
> + inode = shp->shm_file->f_dentry->d_inode;
> +
> + objref = ckpt_obj_lookup_add(ctx, inode, CKPT_OBJ_INODE, &first);
> + if (objref < 0)
> + return objref;
> + /* this must be the first time we see this region */
> + BUG_ON(!first);
> +
> + h = ckpt_hdr_get_type(ctx, sizeof(*h), CKPT_HDR_IPC_SHM);
> + if (!h)
> + return -ENOMEM;
> +
> + ret = fill_ipc_shm_hdr(ctx, h, shp);
> + if (ret < 0)
> + goto out;
> +
> + h->objref = objref;
> + ckpt_debug("shm: objref %d\n", h->objref);
> +
> + ret = ckpt_write_obj(ctx, (struct ckpt_hdr *) h);
> + if (ret < 0)
> + goto out;
> +
> + ret = checkpoint_memory_contents(ctx, NULL, inode);
Of course all of the ipc checkpointing will have to actually
use ipc_perms() to check access rights. Until that's done
we might need to just disable unprivileged checkpoints...
-serge
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
