[CRIU] [PATCH] seccomp: add a --no-seccomp option to disable dumping seccomp
Tycho Andersen
tycho.andersen at canonical.com
Wed Feb 17 06:50:16 PST 2016
On Wed, Feb 17, 2016 at 05:41:28PM +0300, Pavel Emelyanov wrote:
> On 02/17/2016 05:15 PM, Tycho Andersen wrote:
> > On Wed, Feb 17, 2016 at 01:48:37PM +0300, Pavel Emelyanov wrote:
> >> Applied.
> >>
> >> Am I right, that the current behavior of criu is -- no seccomp configured
> >> on a process means no attempt to dump one is performed?
> >
> > I think so, just to restate: if no seccomp is configured on the
> > process than no attempt to dump the /seccomp/ stuff is made (since
> > there's nothing to dump). The task itself is still dumped as usual.
>
> OK :) Then Saied is potentially doing a dangerous thing with this option :)
> since tasks will be restored without seccomp stuff configured in.
Yes, exactly. It does a pr_warn when it encounters this, at least.
Tycho
More information about the CRIU
mailing list