Received: by 2002:a25:2c96:0:0:0:0:0 with SMTP id s144csp1389424ybs; Mon, 25 May 2020 15:00:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx+QUxo+oc0SOIS0sQZNHAdsJmIWDG8MQMazHHcEUecE0S0m46KHV9klFxL5V8FFEFXRG7h X-Received: by 2002:a17:906:c005:: with SMTP id e5mr19772360ejz.481.1590444054124; Mon, 25 May 2020 15:00:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590444054; cv=none; d=google.com; s=arc-20160816; b=l7MxzrYEx6a5te5GjB9zA2qQy5KWtv/OW7Xzra8vh2TXzRUfk+0pFPGOxjjvl73hAi sLe4xYFJ+ps7bBcRIoObE0WHNCJ/GLlJfSaHu55g8/9KM7NXFaHl34JR81B7+83p8BEL Htvsg5rEbuR8QMYu4hlPmkagVoKAZWq0jVY/SSRY+wTCw9oDdlCmawp4AbLakFNliTem rk6sj0kHp2U44mgua5KEvyjpgwQUFFPkbDckDGY+bosiQUD0xtLB1a0UpyvQL5pOG1xj icKk0t9s/wzFytLVtkNGB/YdibxklP2WROpxd5eOvYMNg5jJfxrj7VOh00O87PP0da+8 3jxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=3v101aASCPTejbg2jVfRLiyg4GeM0gg8VBZ5PDSH1ag=; b=qMQIC+9VYlU8aUz9BN8tJ+y3C6GbWAl7H9PjD/MMAusmwYg1ufKIbo1a03CAg1JbHX aB5rtzs9Yv92lijnD/M56oxnXlDhQ05NvcmQyWmx8OwinyL80XSxy8dMmZUO8WsYth80 dIjuIObzXYGzCM12uvJI0rJPMaxVBYwVZzQufiv3/USqQhLrgmyRNM8lkWNJA4mhUd6e hLopY9a2zXBTfDDnP+9cwXf/s753o4xg3mecAYKf0rZ0hsBZm/Uwz7F0dHrmfjKx74Hh wAQeV9oGPSz3hF6Cwhw7jSASi+TpSYjqht0h9GWgBFIKH8FMw+ro03GF4oGJNiWTI8lu pgGg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=iY2tvaDk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dm20si12364454ejc.159.2020.05.25.15.00.31; Mon, 25 May 2020 15:00:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=iY2tvaDk; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389301AbgEYVxj (ORCPT + 99 others); Mon, 25 May 2020 17:53:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60652 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388826AbgEYVxi (ORCPT ); Mon, 25 May 2020 17:53:38 -0400 Received: from mail-lj1-x243.google.com (mail-lj1-x243.google.com [IPv6:2a00:1450:4864:20::243]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 67F59C061A0E for ; Mon, 25 May 2020 14:53:38 -0700 (PDT) Received: by mail-lj1-x243.google.com with SMTP id m18so22161158ljo.5 for ; Mon, 25 May 2020 14:53:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3v101aASCPTejbg2jVfRLiyg4GeM0gg8VBZ5PDSH1ag=; b=iY2tvaDk5p5YH0iGs/a+wJsGtGT8KQPYOcxHmPLgAU+qx+6O5I1SNr/jyAMm1ptXcs xB2MhF2XN8ymMN9NU6RqOYL/nI4prBnS1vmF+82k4BLMwvUR52gZ+UZp7b0cY4BonHyO gRuXV1eHfIMukPkHZeKrfWm6c9UlUSn/xs5bz5Bxb4RQ3HwEcPWS1oKeh0PVT0L7NFNT +N+PVSjfZj+VOxFegAc8rIHKmBEdKt0LQVlwRP2nOjsyiiOCiV3fXky+4n8lQ6FCeMLv qbkkqo1rA9z49AODENtIvaT2c6gHV7EXS0TVRHz5BbstuWtgWAPRxmMCBUow6rRHEK0q B7UA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3v101aASCPTejbg2jVfRLiyg4GeM0gg8VBZ5PDSH1ag=; b=P9wRCVmY1fQDgNi/TTdBK+AOTyQm8SJ39o5Bf699GXcmUPeurrP4Y7+uAQsQhnaMFY i25u6FRQtvK60uS8SyV+82J3ZWY1MZhIfCvHbMO69+42T3LFnd8FaLmCNrltPVCuEJRp hIHYAbnjhyNYtNtaiqXLWnBrLKqScLWAkcn6IWPYVatWMBGkYwbalLHmx0nyOgcuvgrS 62TGu6dcovC1vMygx0rA8NtgwDX534MPeg0DBVVcsnH/X/G9uWjIYX/yhkKbCO07PZRi XIZTelLUzFlkTKG8rOsh/7tj0R6ghwkAvV6KLNQPwdpUcZ75GICMyEzpf5kUtSySug2r LKrQ== X-Gm-Message-State: AOAM531geaphh2iLlTLCvYSsRE9cWqzBjc70or1wbyOLJ5phzd2nBGdH 23oO1VFdaNK8uevSMHAGC3BulfcvV8egzqj8XqYCXw== X-Received: by 2002:a2e:9455:: with SMTP id o21mr2832190ljh.415.1590443616555; Mon, 25 May 2020 14:53:36 -0700 (PDT) MIME-Version: 1.0 References: <20200522055350.806609-1-areber@redhat.com> In-Reply-To: <20200522055350.806609-1-areber@redhat.com> From: Jann Horn Date: Mon, 25 May 2020 23:53:10 +0200 Message-ID: Subject: Re: [PATCH] capabilities: Introduce CAP_RESTORE To: Adrian Reber Cc: Christian Brauner , Eric Biederman , Pavel Emelyanov , Oleg Nesterov , Dmitry Safonov <0x7f454c46@gmail.com>, Andrei Vagin , Nicolas Viennot , =?UTF-8?B?TWljaGHFgiBDxYJhcGnFhHNraQ==?= , Kamil Yurtsever , Dirk Petersen , Christine Flood , Mike Rapoport , Radostin Stoyanov , Cyrill Gorcunov , Serge Hallyn , Stephen Smalley , Sargun Dhillon , Arnd Bergmann , Aaron Goidel , linux-security-module , kernel list , SElinux list , Eric Paris Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, May 22, 2020 at 7:55 AM Adrian Reber wrote: > This enables CRIU to checkpoint and restore a process as non-root. > > Over the last years CRIU upstream has been asked a couple of time if it > is possible to checkpoint and restore a process as non-root. The answer > usually was: 'almost'. > > The main blocker to restore a process was that selecting the PID of the > restored process, which is necessary for CRIU, is guarded by CAP_SYS_ADMIN. And if you were restoring the process into your own PID namespace, so that you actually have a guarantee that this isn't going to blow up in your face because one of your PIDs is allocated for a different process, this part of the problem could be simplified. I don't get why your users are fine with a "oh it kinda works 99% of the time but sometimes it randomly doesn't and then you have to go reboot or whatever" model.