Serge E. Hallyn wrote: > Quoting Serge E. Hallyn (serue@xxxxxxxxxx): > >> Quoting Casey Schaufler (casey@xxxxxxxxxxxxxxxx): >> >>> Serge E. Hallyn wrote: >>> >>>> Quoting Casey Schaufler (casey@xxxxxxxxxxxxxxxx): >>>> So do you think that adding a policy version check in the kernel >>>> at restart would help this? >>>> >> For the moment I intend to add a patch on top of these adding two >> security calls: >> >> security_may_checkpoint(ctx) which will authorize the >> ability to checkpoint at all, and >> > > I meant: > > security_may_restore(ctx). > As much as I hate adding more hooks, you could argue for both. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
