> On Wed, Jul 15, 2020 at 04:49:53PM +0200, Adrian Reber wrote:
> > From: Nicolas Viennot
> >
> > Allow CAP_CHECKPOINT_RESTORE capable users to change /proc/self/exe.
> >
> > This commit also changes the permission error code from -EINVAL to
> &g
> > This is scary. But I believe it is safe.
> >
> > Reviewed-by: Serge Hallyn
> >
> > I am a bit curious about the implications of the selinux patch.
> > IIUC you are using the permission of the tracing process to execute
> > the file without transition, so this is a way to work around the
> >
>> proc_map_files_get_link(struct dentry *dentry,
>> struct inode *inode,
>> struct delayed_call *done)
>> {
>> -if (!capable(CAP_SYS_ADMIN))
>> +if (!(capable(CAP_SYS_ADMIN) || capable(CAP_CHECKPOINT_RESTORE)))
>> return
> > Also in this thread Kamil mentioned that they also need calling prctl
> > with PR_SET_MM during restore in their production setup.
>
> We're using that as well but it really feels like this:
>
> prctl_map = (struct prctl_mm_map){
> .start_code = start_code,
>
> > If I understand part of CRIU correctly, then we only need read-access
> > for the current user. I am sure Andrei, Pavel or Cyrill will correct
> > me if I am wrong concerning map_files.
> If I do "ls -l /proc/self/map_files" I get the link name and link content.
> While I can't open
Dear hackers,
I built scribe, a record/replay engine implemented in the kernel.
If you want to explore the code,
here it is: git://github.com/nviennot/linux-2.6-scribe.git
most of it is in the ./scribe directory.
Warning: contains time-space continuum bending material
Additionally, here is a
Dear hackers,
I built scribe, a record/replay engine implemented in the kernel.
If you want to explore the code,
here it is: git://github.com/nviennot/linux-2.6-scribe.git
most of it is in the ./scribe directory.
Warning: contains time-space continuum bending material
Additionally, here is a
7 matches
Mail list logo