[CRIU] [PATCH 1/3] prctl: reduce permissions to change boundaries of data, brk and stack

Pavel Emelyanov xemul at parallels.com
Fri Mar 7 05:51:03 PST 2014


Hi, Eric,

>>>> Why can't you have the process of interest do:
>>>> 	ptrace(PTRACE_ATTACHME);
>>>> 	execve(executable, args, ...);
>>>>         
>>>>         /* Have the ptracer inject the recovery/fixup code */
>>>> 	/* Fix up the mostly correct process to look like it has been
>>>>          * executing for a while.
>>>>          */

> 2. What you propose means we have to effectively strace and execve-ing task. As
> compared with plain prlctl this is up to ~600 times slower. I've made such an experiment.

Have you had time to think on the issue? If the prctl restrictions do not work,
what else can it be?

Thanks,
Pavel


More information about the CRIU mailing list