2015-06-01 22:28 GMT+03:00 Tycho Andersen <tycho.andersen@xxxxxxxxxxxxx>: > This patch is the first step in enabling checkpoint/restore of processes > with seccomp enabled. > > One of the things CRIU does while dumping tasks is inject code into them > via ptrace to collect information that is only available to the process > itself. However, if we are in a seccomp mode where these processes are > prohibited from making these syscalls, then what CRIU does kills the task. > > This patch adds a new ptrace command, PTRACE_SUSPEND_SECCOMP that enables a > task from the init user namespace which has CAP_SYS_ADMIN to disable (and > re-enable) seccomp filters for another task so that they can be > successfully dumped (and restored). Do we need to re-enable seccomp if a tracer detaches unexpectedly. CRIU can be killed and we should try to not affect the task state even in this case. Thanks, Andrew -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
