[CRIU] [PATCH 1/3] security: check additional groups,v5
Ruslan Kuprieiev
kupruser at gmail.com
Wed Aug 6 07:04:59 PDT 2014
06.08.2014 17:03, Christopher Covington пишет:
> Hi Ruslan,
>
> On 08/06/2014 09:56 AM, Ruslan Kuprieiev wrote:
>> 06.08.2014 16:43, Christopher Covington пишет:
>>> On 08/06/2014 09:22 AM, Ruslan Kuprieiev wrote:
>>>> Hi Christopher,
>>>>
>>>> this is a bit unexpected issue for me=).
>>>> Could you provide more info about your case?
>>>> Are you using something like /etc/nsswitch.conf?
>>> I'm running simulators for various architectures such as x86_64, ARM, and
>>> AArch64. I've cross-compiled root filesystems with pretty much just what's
>>> necessary to boot, run a benchmark, use perf and other tools to profile it,
>>> and dump and restore checkpoints with CRIU (I also keep around debug tools
>>> like strace, but if everything worked all the time I wouldn't need them ;).
>>> When someone attaches to the serial console they simply get a shell, no
>>> password required. In /etc/inittab I have:
>>>
>>> console::respawn:-getty -n -l mylogin -L console 115200 xterm
>>>
>>> Where mylogin is simply:
>>>
>>> sh -l
>>>
>>> (Because I want /etc/profile to be sourced.)
>> Wow, cool!
>>
>>> /tmp # whoami
>>> whoami: unknown uid 0
>>> /tmp # groups
>>> 0groups: unknown ID 0
>> So you are running criu only as uid 0, gid 0 , right?
> Yes.
>
>> If so, I can create patch to just skip getting groups for root(uid=0,gid=0),
>> additional groups don't matter for uid 0, gid 0.
> Sounds good.
Great! Will send patch ASAP.
>
> Thanks,
> Christopher
>
More information about the CRIU
mailing list