[Devel] Re: [PATCH 4/6] cr: checkpoint and restore task credentials
Serge E. Hallyn
serue at us.ibm.com
Tue May 19 06:35:26 PDT 2009
Quoting David Howells (dhowells at redhat.com):
> Serge E. Hallyn <serue at us.ibm.com> wrote:
>
> > +/* move this code into kernel/cred.c and do proper perms checking of course */
> > +struct cred *restore_read_cred(struct ckpt_ctx *ctx)
> > +{
>
> This function needs to fix up cred->security.
Yup -it's not at all clear to me yet how to go about that, so I'll
need to have a discussion on the LSM list about whether a pair
of new security_ops hook is called for. One to authorize restart,
based on the current domain and the type of the mm->exe_file being
executed (and maybe the type of the checkpoint image file), and
one to calculate the new domain to enter at the end of restart.
Or did you mean something else by 'fix up' cred->security?
thanks,
-serge
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list