[CRIU] [PATCH] cr-super: Initial commit
Andrew Vagin
avagin at odin.com
Wed Sep 16 07:15:00 PDT 2015
On Wed, Sep 16, 2015 at 04:42:22PM +0300, Pavel Emelyanov wrote:
>
> >> In this early commit I didn't add test for client uid/gid
> >> but need to check the client belong to say "criu" group
> >> which would be allowed to talk to cr-super.
> >
> > In addition, we need to check that we are able to attache to a process
> > by ptrace.
> >
> > I think for that we need to drop CAP_SYS_PTRACE from the effective set,
> > try to call PTRACE_SEIZE and if this operation was success, we can read
> > map_files.
>
> We can do better. We can open the victim's status and check the TracerPid:
> value to be the one who requests us for the data ;)
>
Yes, you are right.
More information about the CRIU
mailing list