Peter Chubb wrote: >>>>>> "Oren" == Oren Laadan <orenl@xxxxxxxxxxxxxxx> writes: >>>>>> > > Oren> Daniel Lezcano wrote: > > >>>> The one exception (and it is a tedious one !) are states in which >>>> the task is already frozen by definition: any ptrace blocking >>>> point where the tracee waits for the tracer to grant permission to >>>> proceed with its execution. Another example is in vfork(), waiting >>>> for completion. >>>> >>> I would say these are perfect places for "may be >>> non-checkpointable" :) >>> > > Oren> For now, yes. But we definitely want this capability in the long > Oren> run; otherwise we won't be able to checkpoint a kernel compile > Oren> ('make' uses vfork), or anything with 'gdb' running inside, or > Oren> 'strace', and other goodies. > > The strace/gdb example is *really* hard; but for vfork, you just wait > until it's over. The interval between vfork and exec/exit should be > short enough not to affect the overall time for a checkpoint A malicious user could trivially exploit that. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers