[CRIU] [PATCH RFC 0/3] c/r: add ability to restore mm attributes in a non-root userns
Pavel Emelyanov
xemul at parallels.com
Thu Feb 13 09:31:57 PST 2014
On 02/13/2014 08:56 PM, Andrey Vagin wrote:
> Currently PR_SET_MM_* requires the global CAP_SYS_RESOURCE,
> which is absent in a non-root userns.
>
> Here are three goups of attribues:
> 1. PR_SET_MM_START_*_DATA, PR_SET_MM_*BRK, PR_SET_MM_*_STACK
> These attributes can affect resource limits, so here is no sense
> to restrict them if a proper limit is unlimited.
> 2. PR_MM_SET_EXE_FILE. We have not found other way than add
> a secure bit. This bit is set from a root userns and inhereted by
> children. Thanks to Pavel Emelyanov for the idea.
> 3. All other attributes don't affect other tasks or limits, so
> can be changed without special permissions.
>
> Andrey Vagin (3):
> prctl: reduce permissions to change boundaries of data, brk and stack
> capabilities: add a secure bit to allow changing a task exe link
> prctl: allow to use PR_MM_SET_* which affect only a current task
>
> include/uapi/linux/securebits.h | 9 ++++++++-
> kernel/sys.c | 21 +++++++++++++++++++--
> kernel/user_namespace.c | 3 ++-
> security/commoncap.c | 7 +++++++
> 4 files changed, 36 insertions(+), 4 deletions(-)
>
Looks OK to me. Try to discuss this with the kernel community.
More information about the CRIU
mailing list