[CRIU] [PATCH] cr-super: Initial commit

Pavel Emelyanov xemul at parallels.com
Wed Sep 16 06:42:22 PDT 2015


>> In this early commit I didn't add test for client uid/gid
>> but need to check the client belong to say "criu" group
>> which would be allowed to talk to cr-super.
> 
> In addition, we need to check that we are able to attache to a process
> by ptrace.
> 
> I think for that we need to drop CAP_SYS_PTRACE from the effective set,
> try to call PTRACE_SEIZE and if this operation was success, we can read
> map_files.

We can do better. We can open the victim's status and check the TracerPid:
value to be the one who requests us for the data ;)



More information about the CRIU mailing list