|From:||"Serge E. Hallyn" <firstname.lastname@example.org>|
|To:||Oren Laadan <email@example.com>|
|Subject:||[PATCH 0/8] a start to credentials c/r|
|Date:||Tue, 26 May 2009 12:32:42 -0500|
|Cc:||Linux Containers <firstname.lastname@example.org>, David Howells <email@example.com>, Alexey Dobriyan <firstname.lastname@example.org>, email@example.com|
Following is the next version of the credentials c/r patchset, on top of the c/r patchset at git://git.ncl.cs.columbia.edu/pub/git/linux-cr.git It implements checkpoint and restart of user, user namespaces, groups, supplementary groups, and struct cred. There is a question as to what to do about LSM data at restart. Right now I'm ignoring it, which means that prepare_creds() should ensure that the restart tasks get the context of the task calling sys_restart(). I suspect the right thing to do is to add two new LSM hooks, one which checks current's authorization to restart from the checkpoint file, and one which determines the task->cred->security filed based upon any of: 1. current_security() of the task calling sys_restart() 2. the task->cred->security checkpointed in the ckpt file 3. the ->security of the checkpoint file Oren, I think this version has all the changes you asked for except for restoring cred info for sysvipc. thanks, -serge -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to firstname.lastname@example.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds