[CRIU] Re: [PATCH] proc: don't show nonexistent capabilities
Cyrill Gorcunov
gorcunov at openvz.org
Mon Oct 1 06:34:12 EDT 2012
On Mon, Oct 01, 2012 at 01:10:43PM +0400, Cyrill Gorcunov wrote:
> On Mon, Oct 01, 2012 at 12:21:07PM +0400, Andrew Vagin wrote:
> > Without this patch it is really hard to interpret a bounding set,
> > if CAP_LAST_CAP is unknown for a current kernel.
> >
> > Non-existant capabilities can not be deleted from a bounding set
> > with help of prctl.
> >
> > E.g.: Here are two examples without/with this patch.
> > CapBnd: ffffffe0fdecffff
> > CapBnd: 00000000fdecffff
> >
> > I suggest to hide non-existent capabilities. Here is two reasons.
> > * It's logically and easier for using.
> > * It helps to checkpoint-restore capabilities of tasks, because tasks
> > can be restored on another kernel, where CAP_LAST_CAP is bigger.
>
> This seems to me really dangerous. The caps may be set on newer kernel where
> CAP_LAST_CAP < CAP_LAST_CAP from old kernel (suppose you've set all caps
> on vfs while you've been on new kernel), then you reboot into older kernel
> and if I've not missed something cap_bprm_set_creds may fail.
OK, false alarm, sorry ;)
More information about the CRIU
mailing list