[CRIU] [PATCH] cr-super: Initial commit
Pavel Emelyanov
xemul at parallels.com
Wed Sep 16 07:24:25 PDT 2015
On 09/16/2015 05:19 PM, Florian Weimer wrote:
> On 09/16/2015 04:13 PM, Pavel Emelyanov wrote:
>
>> It would be great if Florian could check whether we're on the right
>> track from the security POV.
>
> I don't understand why the kernel restricts access to
> /proc/PID/map_files to root.
It's for historical reasons :) We tried to go with the same policy
as existed for /proc/pid/fdinfo/ files, but people on the mailing
list wanted "someone from security camp" to review it.
> It may have its reasons for that. If it does not, then the kernel should
> be fixed and simply provide access (if the process is dumpable, a check
> which is much safer to implement inside the kernel).
Of course, but we still have to work on older kernels without the fix.
-- Pavel
More information about the CRIU
mailing list