[PATCH] capabilities: Introduce CAP_RESTORE

Radostin Stoyanov rstoyanov1 at gmail.com
Tue May 26 09:09:22 UTC 2020


On 25/05/2020 22:53, Jann Horn wrote:
> On Fri, May 22, 2020 at 7:55 AM Adrian Reber <areber at redhat.com> wrote:
>> This enables CRIU to checkpoint and restore a process as non-root.
>>
>> Over the last years CRIU upstream has been asked a couple of time if it
>> is possible to checkpoint and restore a process as non-root. The answer
>> usually was: 'almost'.
>>
>> The main blocker to restore a process was that selecting the PID of the
>> restored process, which is necessary for CRIU, is guarded by CAP_SYS_ADMIN.
> And if you were restoring the process into your own PID namespace, so
> that you actually have a guarantee that this isn't going to blow up in
> your face because one of your PIDs is allocated for a different
> process, this part of the problem could be simplified.
>
> I don't get why your users are fine with a "oh it kinda works 99% of
> the time but sometimes it randomly doesn't and then you have to go
> reboot or whatever" model.
Transparent checkpoint and restore of a process tree is not simple, 
especially when it is done entirely in user-space. To best of my 
knowledge, CRIU is the only tool out there that is able to achieve this, 
it is actively being tested and maintained, and it has been integrated 
into several container runtimes. Like any other software, CRIU has 
limitations but, as said in the README file, contributions are welcome.



More information about the Linux-security-module-archive mailing list