From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Serge E. Hallyn" Subject: Re: [PATCH 4/6] cr: checkpoint and restore task credentials Date: Tue, 19 May 2009 09:46:46 -0500 Message-ID: <20090519144646.GA2355@us.ibm.com> References: <20090519133526.GB32685@us.ibm.com> <20090519014538.GD28312@us.ibm.com> <20090519014446.GA28277@us.ibm.com> <16258.1242721606@redhat.com> <19394.1242743199@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: <19394.1242743199-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: David Howells Cc: Linux Containers , alexey-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org List-Id: containers.vger.kernel.org Quoting David Howells (dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org): > Serge E. Hallyn wrote: > > > Or did you mean something else by 'fix up' cred->security? > > cred->security is inherited from the current process by virtue of calling > prepare_creds() - as such, it is almost certainly going to be wrong. Can you > just ask the LSM for a set of textual security labels when saving, and then > set those back when restoring? That would be too easy a way for users (even privileged root users but constrained by selinux) to bypass selinux restrictions. All they'd have to do is checkpoint their shell, and rewrite the ->security field in the checkpoint image with 'shadow_t', to get a shell that can write to the shadow file, for instance. -serge