[CRIU] Security issues
Matthias Neuer
matthias.neuer at uni-ulm.de
Wed Dec 14 06:25:30 PST 2016
Hi,
>
> Well, yes :( this piece of documentation is quite outdated...
>
it would be nice if you could update this. But I know that it's more fun
to write code than documentation :)
>
> Well, making criu daemon run as root serve requests from non-root users in
> secure manner turned out to be almost impossible task, so we stopped this
> effort. The current plan is to teach criu work in user-mode. Dump works in
> many cases, the next thing to do is fix restore with user namespaces.
>
Ok, I suppose this could take a while.
We now try to separate the dump (with user permissions) from the restore
(with root permissions) in order to minimize security issues.
Thanks for your answer.
--
Matthias Neuer
Universität Ulm
kiz / Abteilung Infrastruktur
More information about the CRIU
mailing list