Subject: [RFC v2][PATCH 2/9] Remove CAP_SYS_ADMIN for checkpoint/restart
To: arnd@arndb.de
Cc: orenl@cs.columbia.edu, jeremy@goop.org,
       containers@lists.linux-foundation.org, linux-kernel@vger.kernel.org,
       Dave Hansen <dave@linux.vnet.ibm.com>
From: Dave Hansen <dave@linux.vnet.ibm.com>
Date: Wed, 20 Aug 2008 12:25:59 -0700
References: <20080820192557.98788FAB@nimitz>
In-Reply-To: <20080820192557.98788FAB@nimitz>
Message-Id: <20080820192559.32C52EA3@nimitz>
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1260
Lines: 40


We need to do this so that we think about the security concerns
as we add each and every bit of c/r functionality.  There's
nothing that we need privileges for, yet.  Let's keep it that
way as long as possible.

---

 oren-cr.git-dave/checkpoint/sys.c |    6 ------
 1 file changed, 6 deletions(-)

diff -puN checkpoint/sys.c~0003-Remove-CAP_SYS_ADMIN-for-checkpoint-restart checkpoint/sys.c
--- oren-cr.git/checkpoint/sys.c~0003-Remove-CAP_SYS_ADMIN-for-checkpoint-restart	2008-08-20 12:12:49.000000000 -0700
+++ oren-cr.git-dave/checkpoint/sys.c	2008-08-20 12:12:49.000000000 -0700
@@ -169,9 +169,6 @@ asmlinkage long sys_checkpoint(pid_t pid
 	int fput_needed;
 	int ret;
 
-	if (!capable(CAP_SYS_ADMIN))
-		return -EPERM;
-
 	file = fget_light(fd, &fput_needed);
 	if (!file)
 		return -EBADF;
@@ -207,9 +204,6 @@ asmlinkage long sys_restart(int crid, in
 	int fput_needed;
 	int ret;
 
-	if (!capable(CAP_SYS_ADMIN))
-		return -EPERM;
-
 	file = fget_light(fd, &fput_needed);
 	if (!file)
 		return -EBADF;
_
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/