Oren == Oren Laadan [EMAIL PROTECTED] writes:
Oren Nope, since we will fail to restart in many cases. We will need
Oren a way to move from caller's credentials to saved credentials,
Oren and even from caller's credentials to privileged credentials
Oren (e.g. to reopen a file that was created by
Peter Chubb wrote:
Oren == Oren Laadan [EMAIL PROTECTED] writes:
Oren Nope, since we will fail to restart in many cases. We will need
Oren a way to move from caller's credentials to saved credentials,
Oren and even from caller's credentials to privileged credentials
Oren (e.g. to reopen
On Mon, 2008-10-27 at 07:03 -0400, Oren Laadan wrote:
In our implementation, we simply refused to checkpoint setid
programs.
True. And this works very well for HPC applications.
However, it doesn't work so well for server applications, for
instance.
Also, you could use file system
Quoting Oren Laadan ([EMAIL PROTECTED]):
Serge E. Hallyn wrote:
Quoting Andrew Morton ([EMAIL PROTECTED]):
On Mon, 20 Oct 2008 01:40:30 -0400
Oren Laadan [EMAIL PROTECTED] wrote:
asmlinkage long sys_checkpoint(pid_t pid, int fd, unsigned long flags)
{
- pr_debug(sys_checkpoint
Serge E. Hallyn wrote:
Quoting Oren Laadan ([EMAIL PROTECTED]):
Serge E. Hallyn wrote:
Quoting Andrew Morton ([EMAIL PROTECTED]):
On Mon, 20 Oct 2008 01:40:30 -0400
Oren Laadan [EMAIL PROTECTED] wrote:
asmlinkage long sys_checkpoint(pid_t pid, int fd, unsigned long flags)
{
-
Serge E. Hallyn wrote:
Quoting Oren Laadan ([EMAIL PROTECTED]):
Serge E. Hallyn wrote:
Quoting Oren Laadan ([EMAIL PROTECTED]):
Just thinking aloud...
Is read mode appropriate? The user can edit the statefile and restart
it. Admittedly the restart code should then do all the
On Tue, 21 Oct 2008 15:24:10 -0500
Serge E. Hallyn [EMAIL PROTECTED] wrote:
I'd like to see the security guys take a real close look at all of
this, and for them to do that effectively they should be provided with
a full description of the security design of this feature.
Right, some of
On Tue, 2008-10-21 at 22:55 -0400, Daniel Jacobowitz wrote:
I haven't been following - but why this whole container restriction?
Checkpoint/restart of individual processes is very useful too.
There are issues with e.g. IPC, but I'm not convinced they're
substantially different than the issues