[Devel] Re: [PATCH 5/9] cr: capabilities: define checkpoint and restore fns

Serge E. Hallyn serue at us.ibm.com
Tue Jun 2 10:15:35 PDT 2009


Quoting Andrew G. Morgan (morgan at kernel.org):
> > with a BUILD_BUG_ON to ensure that sizeof(r)==sizeof(d).  Ugly, but
> > should suit everyone?
> 
> could the checkpointing code check the return value for
> cap_checkpoint_restore() and fail the restore if it returned an error?

Sorry things seem mixed up here.  Let's stick to the naming Oren
suggested (and i used in the latest set):

	checkpoint_capabilities() saves the credential's caps to the
		checkpoint image
	restore_capabilities() takes state from checkpoint file and
		sets a credential's caps accordingly if allowed.

restore_capabilities() returns an error now on failure (-EPERM or
-ENOMEM).  We might talk about it returning -EINVAL if capability
sets aren't valid, but then the kernel currently allows invalid
capabilities to be set anyway (hence CapPrm for root tasks is
generally 0xffffffffffffffff, not just filled with valid bits).

checkpoint_capabilities() doesn't need to return an error - if it
is called at all, it is called with enough space for the struct
it expects to write out.

So I don't understand what it is you're asking for above?

thanks,
-serge
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers




More information about the Devel mailing list