-
Notifications
You must be signed in to change notification settings - Fork 584
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make some no-op permission changes not requiring privilege. #2207
Conversation
754abe3
to
6b78278
Compare
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## criu-dev #2207 +/- ##
============================================
+ Coverage 70.35% 70.38% +0.02%
============================================
Files 133 134 +1
Lines 34001 34024 +23
============================================
+ Hits 23923 23948 +25
+ Misses 10078 10076 -2
☔ View full report in Codecov by Sentry. |
82a716e
to
e665279
Compare
Add generic wrappers for fchown() and fchmod() that skip the calls if no changes are needed. This will allow to unify places where we can avoid errors when no-op requests are not permitted. Signed-off-by: Michał Mirosław <[email protected]>
Note: This removes the difference in calling convention of restore_file_perms() returning -errno that was the only call that did this in the caller. From: Radosław Burny <[email protected]> Signed-off-by: Michał Mirosław <[email protected]>
Signed-off-by: Michał Mirosław <[email protected]>
Signed-off-by: Michał Mirosław <[email protected]>
Signed-off-by: Michał Mirosław <[email protected]>
Signed-off-by: Michał Mirosław <[email protected]>
When CRIU is run with the task's credentials on restore, don't set uids and gids. This avoids the need to modify the SECURE_NO_SETUID_FIXUP flag which requires CAP_SETPCAP. From: Andy Tucker <[email protected]> Signed-off-by: Michał Mirosław <[email protected]>
Skip calling setgroups() when the list of auxiliary groups already has the values we want. This allows restoring into an unprivileged user namespace where setgroups() is disabled. From: Ambrose Feinstein <[email protected]> Signed-off-by: Michał Mirosław <[email protected]>
I have merged this series with one minor fix of the lint warning. We need to figure out how to test these new calls. |
No description provided.