Re: [PATCH v5 4/6] proc: allow access in init userns for map_files with CAP_CHECKPOINT_RESTORE

From: Cyrill Gorcunov
Date: Wed Jul 15 2020 - 17:17:28 EST

Next message: Boris Ostrovsky: "Re: [PATCH v2 01/11] xen/manage: keep track of the on-going suspend mode"
Previous message: Jiri Olsa: "Re: [PATCH 09/18] perf metric: Collect referenced metrics in struct metric_ref_node"
In reply to: Adrian Reber: "[PATCH v5 4/6] proc: allow access in init userns for map_files with CAP_CHECKPOINT_RESTORE"
Next in thread: Adrian Reber: "[PATCH v5 5/6] prctl: Allow checkpoint/restore capable processes to change exe link"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jul 15, 2020 at 04:49:52PM +0200, Adrian Reber wrote:
> Opening files in /proc/pid/map_files when the current user is
> CAP_CHECKPOINT_RESTORE capable in the root namespace is useful for
> checkpointing and restoring to recover files that are unreachable via
> the file system such as deleted files, or memfd files.
>
> Signed-off-by: Adrian Reber <areber@xxxxxxxxxx>
> Signed-off-by: Nicolas Viennot <Nicolas.Viennot@xxxxxxxxxxxx>

I still have a plan to make this code been usable without
capabilities requirements but due to lack of spare time
for deep investigation this won't happen anytime soon.
Thus the patch looks OK to me, fwiw

Reviewed-by: Cyrill Gorcunov <gorcunov@xxxxxxxxx>

Next message: Boris Ostrovsky: "Re: [PATCH v2 01/11] xen/manage: keep track of the on-going suspend mode"
Previous message: Jiri Olsa: "Re: [PATCH 09/18] perf metric: Collect referenced metrics in struct metric_ref_node"
In reply to: Adrian Reber: "[PATCH v5 4/6] proc: allow access in init userns for map_files with CAP_CHECKPOINT_RESTORE"
Next in thread: Adrian Reber: "[PATCH v5 5/6] prctl: Allow checkpoint/restore capable processes to change exe link"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]