[CRIU] [PATCH] cr-super: Initial commit

Andrew Vagin avagin at odin.com
Wed Sep 16 07:15:00 PDT 2015


On Wed, Sep 16, 2015 at 04:42:22PM +0300, Pavel Emelyanov wrote:
> 
> >> In this early commit I didn't add test for client uid/gid
> >> but need to check the client belong to say "criu" group
> >> which would be allowed to talk to cr-super.
> > 
> > In addition, we need to check that we are able to attache to a process
> > by ptrace.
> > 
> > I think for that we need to drop CAP_SYS_PTRACE from the effective set,
> > try to call PTRACE_SEIZE and if this operation was success, we can read
> > map_files.
> 
> We can do better. We can open the victim's status and check the TracerPid:
> value to be the one who requests us for the data ;)
>

Yes, you are right. 


More information about the CRIU mailing list