[PATCH v5 0/6] capabilities: Introduce CAP_CHECKPOINT_RESTORE

Christian Brauner christian.brauner at ubuntu.com
Sat Jul 18 17:47:39 UTC 2020


On Fri, Jul 17, 2020 at 10:24:16PM -0500, Serge Hallyn wrote:
> On Wed, Jul 15, 2020 at 04:49:48PM +0200, Adrian Reber wrote:
> > This is v5 of the 'Introduce CAP_CHECKPOINT_RESTORE' patchset. The
> > changes to v4 are:
> > 
> >  * split into more patches to have the introduction of
> >    CAP_CHECKPOINT_RESTORE and the actual usage in different
> >    patches
> >  * reduce the /proc/self/exe patch to only be about
> >    CAP_CHECKPOINT_RESTORE
> > 
> > Adrian Reber (5):
> >   capabilities: Introduce CAP_CHECKPOINT_RESTORE
> >   pid: use checkpoint_restore_ns_capable() for set_tid
> >   pid_namespace: use checkpoint_restore_ns_capable() for ns_last_pid
> >   proc: allow access in init userns for map_files with CAP_CHECKPOINT_RESTORE
> >   selftests: add clone3() CAP_CHECKPOINT_RESTORE test
> > 
> > Nicolas Viennot (1):
> >   prctl: Allow checkpoint/restore capable processes to change exe link
> 
> (This is probably bad form, but)  All
> 
> Reviewed-by: Serge Hallyn <serge at hallyn.com>
> 
> Assuming you changes patches 4 and 6 per Christian's suggestions,
> I'd like to re-review those then.

Thanks, once Adrian has reposted the changes and you agree with them as
well, I'll pick them up though I might end up pushing this into the next
merge window...

Christian



More information about the Linux-security-module-archive mailing list