[CRIU] [PATCH RFC 0/3] c/r: add ability to restore mm attributes in a non-root userns

Pavel Emelyanov xemul at parallels.com
Thu Feb 13 09:31:57 PST 2014


On 02/13/2014 08:56 PM, Andrey Vagin wrote:
> Currently PR_SET_MM_* requires the global CAP_SYS_RESOURCE,
> which is absent in a non-root userns.
> 
> Here are three goups of attribues:
> 1. PR_SET_MM_START_*_DATA, PR_SET_MM_*BRK, PR_SET_MM_*_STACK
> These attributes can affect resource limits, so here is no sense
> to restrict them if a proper limit is unlimited.
> 2. PR_MM_SET_EXE_FILE. We have not found other way than add
> a secure bit. This bit is set from a root userns and inhereted by
> children. Thanks to Pavel Emelyanov for the idea.
> 3. All other attributes don't affect other tasks or limits, so
> can be changed without special permissions.
> 
> Andrey Vagin (3):
>   prctl: reduce permissions to change boundaries of data, brk and stack
>   capabilities: add a secure bit to allow changing a task exe link
>   prctl: allow to use PR_MM_SET_* which affect only a current task
> 
>  include/uapi/linux/securebits.h |  9 ++++++++-
>  kernel/sys.c                    | 21 +++++++++++++++++++--
>  kernel/user_namespace.c         |  3 ++-
>  security/commoncap.c            |  7 +++++++
>  4 files changed, 36 insertions(+), 4 deletions(-)
> 


Looks OK to me. Try to discuss this with the kernel community.


More information about the CRIU mailing list