Dave Hansen wrote: > On Mon, 2008-10-27 at 07:03 -0400, Oren Laadan wrote: >>> In our implementation, we simply refused to checkpoint setid >> programs. >> >> True. And this works very well for HPC applications. >> >> However, it doesn't work so well for server applications, for >> instance. >> >> Also, you could use file system snapshotting to ensure that the file >> system view does not change, and still face the same issue. >> >> So I'm perfectly ok with deferring this discussion to a later time :) > > Oren, is this a good place to stick a process_deny_checkpoint()? Both > so we refuse to checkpoint, and document this as something that has to > be addressed later? why refuse to checkpoint ? if I'm root, and I want to checkpoint, and later restart, my sshd server (assuming we support listening sockets) - then why not ? we can just let it be, and have the restart fail (if it isn't root that does the restart); perhaps add something like warn_checkpoint() (similar to deny, but only warns) ? Oren. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
