[CRIU] [PATCH] cr-super: Initial commit

Pavel Emelyanov xemul at parallels.com
Wed Sep 16 07:24:25 PDT 2015


On 09/16/2015 05:19 PM, Florian Weimer wrote:
> On 09/16/2015 04:13 PM, Pavel Emelyanov wrote:
> 
>> It would be great if Florian could check whether we're on the right
>> track from the security POV.
> 
> I don't understand why the kernel restricts access to
> /proc/PID/map_files to root.

It's for historical reasons :) We tried to go with the same policy
as existed for /proc/pid/fdinfo/ files, but people on the mailing
list wanted "someone from security camp" to review it.

> It may have its reasons for that.  If it does not, then the kernel should
> be fixed and simply provide access (if the process is dumpable, a check
> which is much safer to implement inside the kernel).

Of course, but we still have to work on older kernels without the fix.

-- Pavel



More information about the CRIU mailing list