[CRIU] [PATCH] cr-super: Initial commit
Pavel Emelyanov
xemul at parallels.com
Wed Sep 16 06:42:22 PDT 2015
>> In this early commit I didn't add test for client uid/gid
>> but need to check the client belong to say "criu" group
>> which would be allowed to talk to cr-super.
>
> In addition, we need to check that we are able to attache to a process
> by ptrace.
>
> I think for that we need to drop CAP_SYS_PTRACE from the effective set,
> try to call PTRACE_SEIZE and if this operation was success, we can read
> map_files.
We can do better. We can open the victim's status and check the TracerPid:
value to be the one who requests us for the data ;)
More information about the CRIU
mailing list