[PATCH v5 0/6] capabilities: Introduce CAP_CHECKPOINT_RESTORE
Christian Brauner
christian.brauner at ubuntu.com
Sat Jul 18 17:47:39 UTC 2020
On Fri, Jul 17, 2020 at 10:24:16PM -0500, Serge Hallyn wrote:
> On Wed, Jul 15, 2020 at 04:49:48PM +0200, Adrian Reber wrote:
> > This is v5 of the 'Introduce CAP_CHECKPOINT_RESTORE' patchset. The
> > changes to v4 are:
> >
> > * split into more patches to have the introduction of
> > CAP_CHECKPOINT_RESTORE and the actual usage in different
> > patches
> > * reduce the /proc/self/exe patch to only be about
> > CAP_CHECKPOINT_RESTORE
> >
> > Adrian Reber (5):
> > capabilities: Introduce CAP_CHECKPOINT_RESTORE
> > pid: use checkpoint_restore_ns_capable() for set_tid
> > pid_namespace: use checkpoint_restore_ns_capable() for ns_last_pid
> > proc: allow access in init userns for map_files with CAP_CHECKPOINT_RESTORE
> > selftests: add clone3() CAP_CHECKPOINT_RESTORE test
> >
> > Nicolas Viennot (1):
> > prctl: Allow checkpoint/restore capable processes to change exe link
>
> (This is probably bad form, but) All
>
> Reviewed-by: Serge Hallyn <serge at hallyn.com>
>
> Assuming you changes patches 4 and 6 per Christian's suggestions,
> I'd like to re-review those then.
Thanks, once Adrian has reposted the changes and you agree with them as
well, I'll pick them up though I might end up pushing this into the next
merge window...
Christian
More information about the Linux-security-module-archive
mailing list