Eric W. Biederman wrote: > Oren Laadan <orenl@xxxxxxxxxxxxxxx> writes: > >>>> I'm sorry but I'm pretty new in this domain, so I don't see what are the >>>> namespaces where setting (or pre-setting) the id would be a problem? >>> pids to some extent as people use them in all kinds of files. Being >>> able to force the pid of another process could make a hard to trigger >>> security hole with file permissions absolutely trivial to hit. >> Since the intent of this mechanism is to allow ckpt/restart, it makes >> sense to only allow this operation during restart. For example, in zap, >> containers have a state, e.g. running, stopped, ckpt, restart, and this >> is only possible in restart state; Furthermore, a container can only be >> put in restart state at creation time, and only by root. Of course, you >> should only trust that as much as you trust the root :O > > Yes and thanks. > > The notion of the state of a container makes a lot of sense (even if > we never implement explicit state bits). I found it extremely helpful in managing containers (pods) in zap. There are three more states, actually: stopping, reviving and dead. It is like extending the notion of process state into their collective representation which is the container. In fact, restricting certain operations to specific states was instrumental in eliminating a myriad of potential races in the implementation. I believe this belongs to the ever-pending ckpt/restart discussion :) Oren. > > Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers