We need to do this so that we think about the security concerns as we add each and every bit of c/r functionality. There's nothing that we need privileges for, yet. Let's keep it that way as long as possible. --- oren-cr.git-dave/checkpoint/sys.c | 6 ------ 1 file changed, 6 deletions(-) diff -puN checkpoint/sys.c~0003-Remove-CAP_SYS_ADMIN-for-checkpoint-restart checkpoint/sys.c --- oren-cr.git/checkpoint/sys.c~0003-Remove-CAP_SYS_ADMIN-for-checkpoint-restart 2008-08-20 12:12:49.000000000 -0700 +++ oren-cr.git-dave/checkpoint/sys.c 2008-08-20 12:12:49.000000000 -0700 @@ -169,9 +169,6 @@ asmlinkage long sys_checkpoint(pid_t pid int fput_needed; int ret; - if (!capable(CAP_SYS_ADMIN)) - return -EPERM; - file = fget_light(fd, &fput_needed); if (!file) return -EBADF; @@ -207,9 +204,6 @@ asmlinkage long sys_restart(int crid, in int fput_needed; int ret; - if (!capable(CAP_SYS_ADMIN)) - return -EPERM; - file = fget_light(fd, &fput_needed); if (!file) return -EBADF; _ _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers