From: Andrei Vagin <avagin@gmail.com>
To: Adrian Reber <areber@redhat.com>
Cc: "Christian Brauner" <christian.brauner@ubuntu.com>,
"Eric Biederman" <ebiederm@xmission.com>,
"Pavel Emelyanov" <ovzxemul@gmail.com>,
"Oleg Nesterov" <oleg@redhat.com>,
"Dmitry Safonov" <0x7f454c46@gmail.com>,
"Nicolas Viennot" <Nicolas.Viennot@twosigma.com>,
"Michał Cłapiński" <mclapinski@google.com>,
"Kamil Yurtsever" <kyurtsever@google.com>,
"Dirk Petersen" <dipeit@gmail.com>,
"Christine Flood" <chf@redhat.com>,
"Casey Schaufler" <casey@schaufler-ca.com>,
"Mike Rapoport" <rppt@linux.ibm.com>,
"Radostin Stoyanov" <rstoyanov1@gmail.com>,
"Cyrill Gorcunov" <gorcunov@openvz.org>,
"Serge Hallyn" <serge@hallyn.com>,
"Stephen Smalley" <stephen.smalley.work@gmail.com>,
"Sargun Dhillon" <sargun@sargun.me>,
"Arnd Bergmann" <arnd@arndb.de>,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, selinux@vger.kernel.org,
"Eric Paris" <eparis@parisplace.org>,
"Jann Horn" <jannh@google.com>,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH v2 1/3] capabilities: Introduce CAP_CHECKPOINT_RESTORE
Date: Mon, 8 Jun 2020 20:42:21 -0700 [thread overview]
Message-ID: <20200609034221.GA150921@gmail.com> (raw)
In-Reply-To: <20200603162328.854164-2-areber@redhat.com>
On Wed, Jun 03, 2020 at 06:23:26PM +0200, Adrian Reber wrote:
> This patch introduces CAP_CHECKPOINT_RESTORE, a new capability facilitating
> checkpoint/restore for non-root users.
>
> Over the last years, The CRIU (Checkpoint/Restore In Userspace) team has been
> asked numerous times if it is possible to checkpoint/restore a process as
> non-root. The answer usually was: 'almost'.
>
> The main blocker to restore a process as non-root was to control the PID of the
> restored process. This feature available via the clone3 system call, or via
> /proc/sys/kernel/ns_last_pid is unfortunately guarded by CAP_SYS_ADMIN.
>
> In the past two years, requests for non-root checkpoint/restore have increased
> due to the following use cases:
> * Checkpoint/Restore in an HPC environment in combination with a resource
> manager distributing jobs where users are always running as non-root.
> There is a desire to provide a way to checkpoint and restore long running
> jobs.
> * Container migration as non-root
> * We have been in contact with JVM developers who are integrating
> CRIU into a Java VM to decrease the startup time. These checkpoint/restore
> applications are not meant to be running with CAP_SYS_ADMIN.
>
...
>
> The introduced capability allows to:
> * Control PIDs when the current user is CAP_CHECKPOINT_RESTORE capable
> for the corresponding PID namespace via ns_last_pid/clone3.
> * Open files in /proc/pid/map_files when the current user is
> CAP_CHECKPOINT_RESTORE capable in the root namespace, useful for recovering
> files that are unreachable via the file system such as deleted files, or memfd
> files.
PTRACE_O_SUSPEND_SECCOMP is needed for C/R and it is protected by
CAP_SYS_ADMIN too.
Thanks,
Andrei
next prev parent reply other threads:[~2020-06-09 3:42 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-03 16:23 [PATCH v2 0/3] capabilities: Introduce CAP_CHECKPOINT_RESTORE Adrian Reber
2020-06-03 16:23 ` [PATCH v2 1/3] " Adrian Reber
2020-06-03 17:01 ` Cyrill Gorcunov
2020-06-09 3:42 ` Andrei Vagin [this message]
2020-06-09 7:44 ` Christian Brauner
2020-06-09 16:06 ` Andrei Vagin
2020-06-09 16:14 ` Christian Brauner
2020-06-10 7:59 ` Andrei Vagin
2020-06-10 15:41 ` Casey Schaufler
2020-06-10 15:48 ` Christian Brauner
2020-06-09 18:45 ` Cyrill Gorcunov
2020-06-09 20:09 ` Nicolas Viennot
2020-06-09 21:05 ` Eric W. Biederman
2020-06-09 21:28 ` Cyrill Gorcunov
2020-06-03 16:23 ` [PATCH v2 2/3] selftests: add clone3() CAP_CHECKPOINT_RESTORE test Adrian Reber
2020-06-03 16:23 ` [PATCH v2 3/3] prctl: Allow ptrace capable processes to change exe_fd Adrian Reber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200609034221.GA150921@gmail.com \
--to=avagin@gmail.com \
--cc=0x7f454c46@gmail.com \
--cc=Nicolas.Viennot@twosigma.com \
--cc=areber@redhat.com \
--cc=arnd@arndb.de \
--cc=casey@schaufler-ca.com \
--cc=chf@redhat.com \
--cc=christian.brauner@ubuntu.com \
--cc=dipeit@gmail.com \
--cc=ebiederm@xmission.com \
--cc=eparis@parisplace.org \
--cc=gorcunov@openvz.org \
--cc=jannh@google.com \
--cc=kyurtsever@google.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mclapinski@google.com \
--cc=oleg@redhat.com \
--cc=ovzxemul@gmail.com \
--cc=rppt@linux.ibm.com \
--cc=rstoyanov1@gmail.com \
--cc=sargun@sargun.me \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.