Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Serge E. Hallyn <serue <at> us.ibm.com>
Subject: [PATCH 0/8] a start to credentials c/r
Newsgroups: gmane.linux.kernel.lsm
Date: Tuesday 26th May 2009 17:32:42 UTC (over 8 years ago)
Following is the next version of the credentials c/r patchset,
on top of the c/r patchset at
git://git.ncl.cs.columbia.edu/pub/git/linux-cr.git

It implements checkpoint and restart of user, user namespaces,
groups, supplementary groups, and struct cred.

There is a question as to what to do about LSM data at
restart.  Right now I'm ignoring it, which means that
prepare_creds() should ensure that the restart tasks get
the context of the task calling sys_restart().  I
suspect the right thing to do is to add two new LSM
hooks, one which checks current's authorization to
restart from the checkpoint file, and one which determines
the task->cred->security filed based upon any of:
	1. current_security() of the task calling sys_restart()
	2. the task->cred->security checkpointed in the ckpt file
	3. the ->security of the checkpoint file

Oren, I think this version has all the changes you asked
for except for restoring cred info for sysvipc.

thanks,
-serge
--
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
 
CD: 4ms