Re: [RFC v7][PATCH 2/9] General infrastructure for checkpoint restart
From: Oren Laadan <hidden>
Date: 2008-10-27 11:04:12
Also in:
linux-mm, lkml
Peter Chubb wrote:
quoted
quoted
quoted
quoted
quoted
"Oren" == Oren Laadan [off-list ref] writes:Oren> Nope, since we will fail to restart in many cases. We will need Oren> a way to move from caller's credentials to saved credentials, Oren> and even from caller's credentials to privileged credentials Oren> (e.g. to reopen a file that was created by a setuid program Oren> prior to dropping privileges). You can't necessarily tell the difference between this and revocation of privilege. For most security models, it must be possible to change the permissions on the file, and then the restart should fail. In our implementation, we simply refused to checkpoint setid programs.
True. And this works very well for HPC applications. However, it doesn't work so well for server applications, for instance. Also, you could use file system snapshotting to ensure that the file system view does not change, and still face the same issue. So I'm perfectly ok with deferring this discussion to a later time :) Oren.
-- Dr Peter Chubb http://www.gelato.unsw.edu.au peterc AT gelato.unsw.edu.au http://www.ertos.nicta.com.au ERTOS within National ICT Australia
-- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html