>> 1. cap_sys_admin check is unfortunate. In discussions about Oren's >> patchset we've agreed that not having that check from the outset forces >> us to consider security with each new patch and feature, which is a good >> thing. > > Removing CAP_SYS_ADMIN on restore? we've kept the capabilities in our patchset but the user tools doing checkpoint and restart are setcap'ed appropriately to be able to do different things like : clone() the namespaces mount /dev/mqueue interact with net_ns etc. at restart, the task are restarted through execve() so they loose their capabilities automatically. but I think we could drop the CAP_SYS_ADMIN tests for some namespaces, uts and ipc are good candidates. I guess network should require some privilege. C. -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
