mir/criu
2
0
Fork 0
mirror of https://github.com/checkpoint-restore/criu synced 2025-08-30 05:48:05 +00:00
Code Issues Releases Wiki Activity
3,450 Commits 12 Branches 70 Tags
Commit Graph

4 Commits

Author SHA1 Message Date
Pavel Emelyanov
b4c8c5ae32 security: Also save gid of user requesting for C/R 
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
 2013-09-28 15:51:09 +04:00
Pavel Emelyanov
6bf63b3f01 security: Push full creds info into may_xxx checks 
It's not enough to check only uids on dump and restore -- we need to
check e-ids and s-ids now (and caps in the future).

Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
 2013-09-28 15:48:44 +04:00
Ruslan Kuprieiev
547d9bf959 v2 security: set suid flag on crtools and check real uid on dump/restore 
v2: remove redundant functions and variables.

Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
 2013-10-02 17:11:17 +04:00
Pavel Emelyanov
91389f8782 security: Introduce (rather basic) security restrictions for C/R 
Right now we have an ability to launch the C/R service from root
and execure dump requests from unpriviledged users. Not to be bad
guys, we deny dumping tasks belonging to user, that cannot be
"watched" (traced, read /proc, etc.) by the dumper.

In the future we will use this "engine" when launched with suid
bit, and (probably) will have more sophisticated policy.

Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
 2013-09-28 06:16:17 +04:00