From: "Serge E. Hallyn" <serge-A9i7LUbDfNHQT0dZR+AlfA@public.gmane.org>
To: Sukadev Bhattiprolu
<sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
Cc: Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>
Subject: Re: [RFC][PATCH 2/4][cr]: Define __f_setown_uid()
Date: Wed, 12 May 2010 12:54:26 -0500 [thread overview]
Message-ID: <20100512175426.GA4839@hallyn.com> (raw)
In-Reply-To: <20100512165922.GA11144-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Quoting Sukadev Bhattiprolu (sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org):
> The process P1 that called fcntl(F_SETOWN) may have exited and hence
> may not in the checkpoint-image. So during restart, some other process
> will need to act for P1. Would requiring CAP_SETUID, like we do for
> restoring creds be an overkill ?
Yeah I think CAP_SETUID is overkill. Yes, it's what would have been
needed to cause the condition originally, but the only real implication
is CAP_KILL. And since the application might have originally run with
euid=1001 and suid=1002, done the fcntl, and then done
setresuid(1002,1002,1002), CAP_SETUID may not have originaly been
necessary (if I'm thinking straight).
In any case, CAP_KILL is what you can do with the result, so I think
that suffices.
-serge
next prev parent reply other threads:[~2010-05-12 17:54 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-11 22:38 [RFC][PATCH 0/4][cr]: Checkpoint/restart file-owner info Sukadev Bhattiprolu
2010-05-11 22:38 ` [RFC][PATCH 1/4][cr]: Add uid, euid params to f_modown() Sukadev Bhattiprolu
[not found] ` <1273617500-13653-2-git-send-email-sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2010-05-12 17:05 ` Jamie Lokier
2010-05-12 17:05 ` Jamie Lokier
[not found] ` <20100512170513.GD19314-yetKDKU6eevNLxjTenLetw@public.gmane.org>
2010-05-12 17:30 ` Sukadev Bhattiprolu
2010-05-12 17:30 ` Sukadev Bhattiprolu
[not found] ` <20100512173048.GC11144-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-05-12 20:12 ` Oren Laadan
2010-05-12 20:12 ` Oren Laadan
[not found] ` <1273617500-13653-1-git-send-email-sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2010-05-11 22:38 ` Sukadev Bhattiprolu
2010-05-11 22:38 ` [RFC][PATCH 2/4][cr]: Define __f_setown_uid() Sukadev Bhattiprolu
2010-05-11 22:38 ` [RFC][PATCH 3/4][cr]: Checkpoint file-owner information Sukadev Bhattiprolu
2010-05-11 22:38 ` [RFC][PATCH 4/4][cr]: Restore file_owner info Sukadev Bhattiprolu
2010-05-11 22:38 ` [RFC][PATCH 2/4][cr]: Define __f_setown_uid() Sukadev Bhattiprolu
[not found] ` <1273617500-13653-3-git-send-email-sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2010-05-12 8:06 ` Serge E. Hallyn
[not found] ` <20100512080629.GB2636-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-05-12 8:43 ` Serge E. Hallyn
[not found] ` <20100512084317.GA8842-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-05-12 16:59 ` Sukadev Bhattiprolu
[not found] ` <20100512165922.GA11144-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-05-12 17:54 ` Serge E. Hallyn [this message]
2010-05-12 14:07 ` Matthew Wilcox
2010-05-12 14:07 ` Matthew Wilcox
2010-05-12 17:05 ` Sukadev Bhattiprolu
[not found] ` <20100512140741.GF10452-6jwH94ZQLHl74goWV3ctuw@public.gmane.org>
2010-05-12 17:05 ` Sukadev Bhattiprolu
2010-05-11 22:38 ` [RFC][PATCH 3/4][cr]: Checkpoint file-owner information Sukadev Bhattiprolu
2010-05-11 22:38 ` [RFC][PATCH 4/4][cr]: Restore file_owner info Sukadev Bhattiprolu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100512175426.GA4839@hallyn.com \
--to=serge-a9i7lubdfnhqt0dzr+alfa@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.