We need to do this so that we think about the security concerns
as we add each and every bit of c/r functionality. There's
nothing that we need privileges for, yet. Let's keep it that
way as long as possible.
---
oren-cr.git-dave/checkpoint/sys.c | 6 ------
1 file changed, 6 deletions(-)
diff -puN checkpoint/sys.c~0003-Remove-CAP_SYS_ADMIN-for-checkpoint-restart
checkpoint/sys.c
---
oren-cr.git/checkpoint/sys.c~0003-Remove-CAP_SYS_ADMIN-for-checkpoint-restart
2008-08-20 12:12:49.000000000 -0700
+++ oren-cr.git-dave/checkpoint/sys.c 2008-08-20 12:12:49.000000000 -0700
@@ -169,9 +169,6 @@ asmlinkage long sys_checkpoint(pid_t pid
int fput_needed;
int ret;
- if (!capable(CAP_SYS_ADMIN))
- return -EPERM;
-
file = fget_light(fd, &fput_needed);
if (!file)
return -EBADF;
@@ -207,9 +204,6 @@ asmlinkage long sys_restart(int crid, in
int fput_needed;
int ret;
- if (!capable(CAP_SYS_ADMIN))
- return -EPERM;
-
file = fget_light(fd, &fput_needed);
if (!file)
return -EBADF;
_
_______________________________________________
Containers mailing list
[EMAIL PROTECTED]
https://lists.linux-foundation.org/mailman/listinfo/containers
_______________________________________________
Devel mailing list
[email protected]
https://openvz.org/mailman/listinfo/devel
