User: Password:
Subscribe / Log in / New account

a start to credentials c/r

From:  "Serge E. Hallyn" <>
To:  Oren Laadan <>
Subject:  [PATCH 0/8] a start to credentials c/r
Date:  Tue, 26 May 2009 12:32:42 -0500
Message-ID:  <>
Cc:  Linux Containers <>, David Howells <>, Alexey Dobriyan <>,
Archive-link:  Article

Following is the next version of the credentials c/r patchset,
on top of the c/r patchset at

It implements checkpoint and restart of user, user namespaces,
groups, supplementary groups, and struct cred.

There is a question as to what to do about LSM data at
restart.  Right now I'm ignoring it, which means that
prepare_creds() should ensure that the restart tasks get
the context of the task calling sys_restart().  I
suspect the right thing to do is to add two new LSM
hooks, one which checks current's authorization to
restart from the checkpoint file, and one which determines
the task->cred->security filed based upon any of:
	1. current_security() of the task calling sys_restart()
	2. the task->cred->security checkpointed in the ckpt file
	3. the ->security of the checkpoint file

Oren, I think this version has all the changes you asked
for except for restoring cred info for sysvipc.

To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to
More majordomo info at

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds