Quoting Andrew G. Morgan (morgan@xxxxxxxxxx): > > with a BUILD_BUG_ON to ensure that sizeof(r)==sizeof(d). Ugly, but > > should suit everyone? > > could the checkpointing code check the return value for > cap_checkpoint_restore() and fail the restore if it returned an error? Sorry things seem mixed up here. Let's stick to the naming Oren suggested (and i used in the latest set): checkpoint_capabilities() saves the credential's caps to the checkpoint image restore_capabilities() takes state from checkpoint file and sets a credential's caps accordingly if allowed. restore_capabilities() returns an error now on failure (-EPERM or -ENOMEM). We might talk about it returning -EINVAL if capability sets aren't valid, but then the kernel currently allows invalid capabilities to be set anyway (hence CapPrm for root tasks is generally 0xffffffffffffffff, not just filled with valid bits). checkpoint_capabilities() doesn't need to return an error - if it is called at all, it is called with enough space for the struct it expects to write out. So I don't understand what it is you're asking for above? thanks, -serge _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
