[CRIU] [PATCH] cr-super: Initial commit

Florian Weimer fweimer at redhat.com
Wed Sep 16 07:19:00 PDT 2015


On 09/16/2015 04:13 PM, Pavel Emelyanov wrote:

> It would be great if Florian could check whether we're on the right
> track from the security POV.

I don't understand why the kernel restricts access to
/proc/PID/map_files to root.  It may have its reasons for that.  If it
does not, then the kernel should be fixed and simply provide access (if
the process is dumpable, a check which is much safer to implement inside
the kernel).

-- 
Florian Weimer / Red Hat Product Security


More information about the CRIU mailing list