[CRIU] [PATCH 1/3] security: check additional groups,v5
Christopher Covington
cov at codeaurora.org
Wed Aug 6 07:03:29 PDT 2014
Hi Ruslan,
On 08/06/2014 09:56 AM, Ruslan Kuprieiev wrote:
> 06.08.2014 16:43, Christopher Covington пишет:
>> On 08/06/2014 09:22 AM, Ruslan Kuprieiev wrote:
>>> Hi Christopher,
>>>
>>> this is a bit unexpected issue for me=).
>>> Could you provide more info about your case?
>>> Are you using something like /etc/nsswitch.conf?
>> I'm running simulators for various architectures such as x86_64, ARM, and
>> AArch64. I've cross-compiled root filesystems with pretty much just what's
>> necessary to boot, run a benchmark, use perf and other tools to profile it,
>> and dump and restore checkpoints with CRIU (I also keep around debug tools
>> like strace, but if everything worked all the time I wouldn't need them ;).
>> When someone attaches to the serial console they simply get a shell, no
>> password required. In /etc/inittab I have:
>>
>> console::respawn:-getty -n -l mylogin -L console 115200 xterm
>>
>> Where mylogin is simply:
>>
>> sh -l
>>
>> (Because I want /etc/profile to be sourced.)
>
> Wow, cool!
>
>> /tmp # whoami
>> whoami: unknown uid 0
>> /tmp # groups
>> 0groups: unknown ID 0
>
> So you are running criu only as uid 0, gid 0 , right?
Yes.
> If so, I can create patch to just skip getting groups for root(uid=0,gid=0),
> additional groups don't matter for uid 0, gid 0.
Sounds good.
Thanks,
Christopher
--
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
hosted by the Linux Foundation.
More information about the CRIU
mailing list