[CRIU] [PATCH 0/2] security: check additional groups,v2

Ruslan Kuprieiev kupruser at gmail.com
Fri Jul 4 06:38:29 PDT 2014


Currently, we only check if process gids match primary gid of user.
But process and user have additional groups too. So lets:
     1) check that process rgid,egid and sgid are in the user's grouplist.
     2) check that user has all groups from the process grouplist.

Ruslan Kuprieiev (2):
  proc_parse: parse Groups field
  security: restrict criu with groups

 cr-service.c         |  3 +-
 crtools.c            |  3 +-
 include/crtools.h    |  2 +-
 include/proc_parse.h |  2 ++
 proc_parse.c         | 34 ++++++++++++++++++++--
 security.c           | 82 ++++++++++++++++++++++++++++++++++++++++++++++++----
 6 files changed, 116 insertions(+), 10 deletions(-)

-- 
1.8.3.2



More information about the CRIU mailing list