Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753298AbYJ0I2t (ORCPT ); Mon, 27 Oct 2008 04:28:49 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752056AbYJ0I2m (ORCPT ); Mon, 27 Oct 2008 04:28:42 -0400 Received: from lemon.ertos.nicta.com.au ([203.143.174.143]:35658 "EHLO lemon.gelato.unsw.edu.au" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751116AbYJ0I2l (ORCPT ); Mon, 27 Oct 2008 04:28:41 -0400 Date: Mon, 27 Oct 2008 19:27:52 +1100 Message-ID: <87tzayh27r.wl%peter@chubb.wattle.id.au> From: Peter Chubb To: Oren Laadan Cc: "Serge E. Hallyn" , Andrew Morton , torvalds@linux-foundation.org, containers@lists.linux-foundation.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-api@vger.kernel.org, tglx@linutronix.de, dave@linux.vnet.ibm.com, mingo@elte.hu, hpa@zytor.com, viro@zeniv.linux.org.uk In-Reply-To: <48FF4EB2.5060206@cs.columbia.edu> References: <1224481237-4892-1-git-send-email-orenl@cs.columbia.edu> <1224481237-4892-3-git-send-email-orenl@cs.columbia.edu> <20081021124130.a002e838.akpm@linux-foundation.org> <20081021202410.GA10423@us.ibm.com> <48FE82DF.6030005@cs.columbia.edu> <20081022152804.GA23821@us.ibm.com> <48FF4EB2.5060206@cs.columbia.edu> User-Agent: Wanderlust/2.15.6 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.7 MULE XEmacs/21.4 (patch 21) (Educational Television) (i486-linux-gnu) Organization: Gelato@UNSW MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII X-SA-Exim-Connect-IP: 220.237.0.198 X-SA-Exim-Mail-From: peterc@gelato.unsw.edu.au Subject: Re: [RFC v7][PATCH 2/9] General infrastructure for checkpoint restart X-SA-Exim-Version: 4.2.1 (built Wed, 25 Jun 2008 17:20:11 +0000) X-SA-Exim-Scanned: Yes (on lemon.gelato.unsw.edu.au) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1047 Lines: 22 >>>>> "Oren" == Oren Laadan writes: Oren> Nope, since we will fail to restart in many cases. We will need Oren> a way to move from caller's credentials to saved credentials, Oren> and even from caller's credentials to privileged credentials Oren> (e.g. to reopen a file that was created by a setuid program Oren> prior to dropping privileges). You can't necessarily tell the difference between this and revocation of privilege. For most security models, it must be possible to change the permissions on the file, and then the restart should fail. In our implementation, we simply refused to checkpoint setid programs. -- Dr Peter Chubb http://www.gelato.unsw.edu.au peterc AT gelato.unsw.edu.au http://www.ertos.nicta.com.au ERTOS within National ICT Australia -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/