From 5a19c34322c9fe212dfd0b94bdbf19e44fd24eeb Mon Sep 17 00:00:00 2001 From: Younes Manton Date: Mon, 21 Nov 2022 11:14:20 -0800 Subject: [PATCH] non-root: Don't dump socket option SO_MARK if 0 Restoring SO_MARK requires root or CAP_NET_ADMIN. If the value is 0 we will avoid dumping it so that we don't need to do a privileged call on restore. Signed-off-by: Younes Manton --- criu/sockets.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/criu/sockets.c b/criu/sockets.c index 7708344d6..c99fc7b50 100644 --- a/criu/sockets.c +++ b/criu/sockets.c @@ -647,8 +647,13 @@ int dump_socket_opts(int sk, SkOptsEntry *soe) ret |= dump_opt(sk, SOL_SOCKET, SO_PRIORITY, &soe->so_priority); soe->has_so_rcvlowat = true; ret |= dump_opt(sk, SOL_SOCKET, SO_RCVLOWAT, &soe->so_rcvlowat); - soe->has_so_mark = true; + /* + * Restoring SO_MARK requires root or CAP_NET_ADMIN. Avoid saving it + * in unprivileged mode if still has its default value. + */ ret |= dump_opt(sk, SOL_SOCKET, SO_MARK, &soe->so_mark); + if (soe->so_mark != 0) + soe->has_so_mark = true; ret |= dump_opt(sk, SOL_SOCKET, SO_SNDTIMEO, &tv); soe->so_snd_tmo_sec = tv.tv_sec;