[Devel] Re: [PATCH 2/5] cr: checkpoint the active LSM and add RESTART_KEEP_LSM flag
Casey Schaufler
casey at schaufler-ca.com
Mon Aug 31 22:51:50 PDT 2009
Serge E. Hallyn wrote:
> Quoting Serge E. Hallyn (serue at us.ibm.com):
>
>> Quoting Casey Schaufler (casey at schaufler-ca.com):
>>
>>> Serge E. Hallyn wrote:
>>>
>>>> Quoting Casey Schaufler (casey at schaufler-ca.com):
>>>> So do you think that adding a policy version check in the kernel
>>>> at restart would help this?
>>>>
>> For the moment I intend to add a patch on top of these adding two
>> security calls:
>>
>> security_may_checkpoint(ctx) which will authorize the
>> ability to checkpoint at all, and
>>
>
> I meant:
>
> security_may_restore(ctx).
>
As much as I hate adding more hooks, you could argue for both.
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list