On Mon, Jan 23, 2023 at 08:52:29PM +0100, Oleg Nesterov wrote: > On 01/23, Gregory Price wrote: > > > > So i think dropping 2/3 in the list is good. If you concur i'll do > > that. > > Well I obviously think that 2/3 should be dropped ;) > > As for 1/3 and 3/3, feel free to add my reviewed-by. > > Oleg. > I'm actually going to walk my agreement back. After one more review, the need for the proc/status entry is not to decide whether to dump SUD settings, but for use in deciding whether to set the SUSPEND_SYSCALL_DISPATCH option from patch 1/3. For SECCOMP, CRIU's `compel` does the following: 1. ptrace attach / halt 2. examine proc/status for seccomp usage 3. if seccomp in use, set PTRACE_O_SUSPEND_SECCOMP 4. proceed with further operations The same pattern would be used for syscall dispatch. Technically I think setting the flag unconditionally would be safe, but it would lead to unclear system state (i.e. did i actually suspend something? was the process actually using it?) To me it seems better to leave it explicit and keep the second commit. Thoughts? (cc: @avagin if you happen to have any input on this particular pattern) ~Gregory
