Re: [PATCH 4/6] cr: checkpoint and restore task credentials

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Serge E. Hallyn wrote:
> Quoting Oren Laadan (orenl@xxxxxxxxxxxxxxx):
>>>  /* read the entire state of the current task */
>>>  int restore_task(struct ckpt_ctx *ctx)
>>>  {
>>>  	int ret;
>>> +	struct cred *realcred, *ecred;
>>>  
>>> -	ret = restore_task_struct(ctx);
>>> +	ret = restore_task_struct(ctx, &realcred, &ecred);
>> Actually, this is one of several cases where we need to restore some
>> resources but only apply it to a process at the end of its restart.
>>
>> Another example would be restoring pending signals and the blocked
>> signal mask in the future.
>>
>> I suggest that we keep a pointer on the task_struct to a structure
>> that will hold all that do-later work. The structure can encapsulate
>> the pending work either explicitly - e.g. a struct with fields like
>> realcred, ecred, signal mask, etc... - or implicitly, by reusing the
>> deferqueue framework, per task.
>>
>> Actually, that pointer can be kept on the ckpt_ctx structure, to be
>> used by the current-restarting-task only.
>>
>>>  	ckpt_debug("ret %d\n", ret);
>>>  	if (ret < 0)
>>>  		goto out;
>>> @@ -671,6 +1120,10 @@ int restore_task(struct ckpt_ctx *ctx)
>>>  		goto out;
>>>  	ret = restore_cpu(ctx);
>>>  	ckpt_debug("cpu: ret %d\n", ret);
>>> +	if (ret < 0)
>>> +		goto out;
>>> +	ret = restore_creds(ctx, realcred, ecred);
>> ... and this would then be called from a restore_task_finalize()
>> function explicitly or implicitly by deferqueue_run().
> 
> deferqueue_run() won't do, since that's done only once for the
> whole container, and we (as you say above) want to reuse one
> set of fields in the ckpt_ctx for each task's sys_restart() run.

I meant to add another deferqueue (either per task or on the
ckpt_ctx), for this specific purpose.

Oren.

> 
> I'll go ahead and put fields in the ckpt_ctx this time around
> and use those, but won't go further right now as I'd be
> overgeneralizing before we have the signals and such work
> done.  When we do that, we can move the restore_creds() fn
> if appropriate.
> 
> -serge
> 
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
[Index of Archives]     [Cgroups]     [Netdev]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux