[CRIU] [PATCH 0/2] security: check additional groups,v2
Ruslan Kuprieiev
kupruser at gmail.com
Fri Jul 4 06:38:29 PDT 2014
Currently, we only check if process gids match primary gid of user.
But process and user have additional groups too. So lets:
1) check that process rgid,egid and sgid are in the user's grouplist.
2) check that user has all groups from the process grouplist.
Ruslan Kuprieiev (2):
proc_parse: parse Groups field
security: restrict criu with groups
cr-service.c | 3 +-
crtools.c | 3 +-
include/crtools.h | 2 +-
include/proc_parse.h | 2 ++
proc_parse.c | 34 ++++++++++++++++++++--
security.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++----
6 files changed, 116 insertions(+), 10 deletions(-)
--
1.8.3.2
More information about the CRIU
mailing list