From: "Serge E. Hallyn" <serue@us.ibm.com>
To: Oren Laadan <orenl@cs.columbia.edu>
Cc: Linux Containers <containers@lists.osdl.org>,
David Howells <dhowells@redhat.com>,
Alexey Dobriyan <adobriyan@gmail.com>,
linux-security-module@vger.kernel.org
Subject: [PATCH 0/8] a start to credentials c/r
Date: Tue, 26 May 2009 12:32:42 -0500 [thread overview]
Message-ID: <20090526173242.GA13757@us.ibm.com> (raw)
Following is the next version of the credentials c/r patchset,
on top of the c/r patchset at
git://git.ncl.cs.columbia.edu/pub/git/linux-cr.git
It implements checkpoint and restart of user, user namespaces,
groups, supplementary groups, and struct cred.
There is a question as to what to do about LSM data at
restart. Right now I'm ignoring it, which means that
prepare_creds() should ensure that the restart tasks get
the context of the task calling sys_restart(). I
suspect the right thing to do is to add two new LSM
hooks, one which checks current's authorization to
restart from the checkpoint file, and one which determines
the task->cred->security filed based upon any of:
1. current_security() of the task calling sys_restart()
2. the task->cred->security checkpointed in the ckpt file
3. the ->security of the checkpoint file
Oren, I think this version has all the changes you asked
for except for restoring cred info for sysvipc.
thanks,
-serge
next reply other threads:[~2009-05-26 17:32 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-26 17:32 Serge E. Hallyn [this message]
2009-05-26 17:33 ` [PATCH 1/8] cr: break out new_user_ns() Serge E. Hallyn
2009-05-26 17:33 ` [PATCH 2/8] cr: split core function out of some set*{u,g}id functions Serge E. Hallyn
2009-05-26 17:33 ` [PATCH 3/8] cr: capabilities: define checkpoint and restore fns Serge E. Hallyn
2009-05-26 17:33 ` [PATCH 4/8] groups: move code to kernel/groups.c Serge E. Hallyn
2009-05-26 17:33 ` [PATCH 5/8] groups: allow compilation on s390x Serge E. Hallyn
2009-05-26 23:17 ` Serge E. Hallyn
[not found] ` <20090526173242.GA13757-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-05-26 17:33 ` [PATCH 6/8] cr: checkpoint and restore task credentials Serge E. Hallyn
2009-05-27 18:36 ` Alexey Dobriyan
2009-05-28 14:01 ` Serge E. Hallyn
2009-05-28 14:36 ` Alexey Dobriyan
2009-05-26 17:34 ` [PATCH 7/8] cr: restore file->f_cred Serge E. Hallyn
2009-05-26 17:34 ` [PATCH 8/8] user namespaces: debug refcounts Serge E. Hallyn
2009-05-27 3:05 ` [PATCH 0/8] a start to credentials c/r Casey Schaufler
2009-05-27 12:37 ` Serge E. Hallyn
2009-05-27 16:03 ` Casey Schaufler
2009-05-27 18:24 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090526173242.GA13757@us.ibm.com \
--to=serue@us.ibm.com \
--cc=adobriyan@gmail.com \
--cc=containers@lists.osdl.org \
--cc=dhowells@redhat.com \
--cc=linux-security-module@vger.kernel.org \
--cc=orenl@cs.columbia.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.