On Thu, Jun 11, 2020 at 05:17:09PM -0700, Matt Helsley wrote:
> On Fri, May 22, 2020 at 07:53:50AM +0200, Adrian Reber wrote:
> > This enables CRIU to checkpoint and restore a process as non-root.
> >
> > Over the last years CRIU upstream has been asked a couple of time if it
> > is possible to ch
On Fri, May 22, 2020 at 07:53:50AM +0200, Adrian Reber wrote:
> This enables CRIU to checkpoint and restore a process as non-root.
>
> Over the last years CRIU upstream has been asked a couple of time if it
> is possible to checkpoint and restore a process as non-root. The answer
> usually was: 'a
> >
> > I would argue that setting the current process exe file check should just
> > be reduced to a "can you ptrace a children" check.
> > Here's why: any process can masquerade into another executable with ptrace.
> > One can fork a child, ptrace it, have the child execve("target_exe"), then
>
On Wed, May 27, 2020 at 06:05:55PM +, Nicolas Viennot wrote:
> > > Also in this thread Kamil mentioned that they also need calling prctl
> > > with PR_SET_MM during restore in their production setup.
> >
> > We're using that as well but it really feels like this:
> >
> > prctl_map = (struc
> > Also in this thread Kamil mentioned that they also need calling prctl
> > with PR_SET_MM during restore in their production setup.
>
> We're using that as well but it really feels like this:
>
> prctl_map = (struct prctl_mm_map){
> .start_code = start_code,
> .end_cod
On 5/27/2020 9:37 AM, Nicolas Viennot wrote:
>>> If I understand part of CRIU correctly, then we only need read-access
>>> for the current user. I am sure Andrei, Pavel or Cyrill will correct
>>> me if I am wrong concerning map_files.
>> If I do "ls -l /proc/self/map_files" I get the link name an
> > If I understand part of CRIU correctly, then we only need read-access
> > for the current user. I am sure Andrei, Pavel or Cyrill will correct
> > me if I am wrong concerning map_files.
> If I do "ls -l /proc/self/map_files" I get the link name and link content.
> While I can't open /proc/sel
On 5/27/2020 6:48 AM, Adrian Reber wrote:
> On Mon, May 25, 2020 at 11:55:20AM -0700, Casey Schaufler wrote:
>> On 5/25/2020 1:05 AM, Adrian Reber wrote:
>>> On Fri, May 22, 2020 at 09:40:37AM -0700, Casey Schaufler wrote:
On 5/21/2020 10:53 PM, Adrian Reber wrote:
> This enables CRIU to c
On Wed, May 27, 2020 at 04:14:03PM +0200, Adrian Reber wrote:
> On Tue, May 26, 2020 at 08:59:29AM -0500, Eric W. Biederman wrote:
> > Adrian Reber writes:
> >
> > > On Fri, May 22, 2020 at 09:40:37AM -0700, Casey Schaufler wrote:
> >
> > >> What are the other blockers? Are you going to suggest
On Tue, May 26, 2020 at 08:59:29AM -0500, Eric W. Biederman wrote:
> Adrian Reber writes:
>
> > On Fri, May 22, 2020 at 09:40:37AM -0700, Casey Schaufler wrote:
>
> >> What are the other blockers? Are you going to suggest additional new
> >> capabilities to clear them?
> >
> > As mentioned somew
On Mon, May 25, 2020 at 11:55:20AM -0700, Casey Schaufler wrote:
> On 5/25/2020 1:05 AM, Adrian Reber wrote:
> > On Fri, May 22, 2020 at 09:40:37AM -0700, Casey Schaufler wrote:
> >> On 5/21/2020 10:53 PM, Adrian Reber wrote:
> >>> This enables CRIU to checkpoint and restore a process as non-root.
On Tue, May 26, 2020 at 9:01 PM Christine Flood wrote:
> Java applications suffer from slow startup times due to dynamic class loading
> and warming up the Just In Time compilers. Not all Java users have root
> access on their machines. Enabling CRIU in user mode solves this problem for
> us.
On 5/26/2020 12:01 PM, Christine Flood wrote:
Please do not top-post on this list.
> Java applications suffer from slow startup times due to dynamic class loading
> and warming up the Just In Time compilers. Not all Java users have root
> access on their machines. Enabling CRIU in user mode s
Adrian Reber writes:
> On Fri, May 22, 2020 at 09:40:37AM -0700, Casey Schaufler wrote:
>> What are the other blockers? Are you going to suggest additional new
>> capabilities to clear them?
>
> As mentioned somewhere else access to /proc//map_files/ would be
> helpful. Right now I am testing wi
On 25/05/2020 22:53, Jann Horn wrote:
On Fri, May 22, 2020 at 7:55 AM Adrian Reber wrote:
This enables CRIU to checkpoint and restore a process as non-root.
Over the last years CRIU upstream has been asked a couple of time if it
is possible to checkpoint and restore a process as non-root. The
On Fri, May 22, 2020 at 7:55 AM Adrian Reber wrote:
> This enables CRIU to checkpoint and restore a process as non-root.
>
> Over the last years CRIU upstream has been asked a couple of time if it
> is possible to checkpoint and restore a process as non-root. The answer
> usually was: 'almost'.
>
On 5/25/2020 1:05 AM, Adrian Reber wrote:
> On Fri, May 22, 2020 at 09:40:37AM -0700, Casey Schaufler wrote:
>> On 5/21/2020 10:53 PM, Adrian Reber wrote:
>>> This enables CRIU to checkpoint and restore a process as non-root.
>> I know it sounds pedantic, but could you spell out CRIU once?
>> While
On Fri, May 22, 2020 at 09:40:37AM -0700, Casey Schaufler wrote:
> On 5/21/2020 10:53 PM, Adrian Reber wrote:
> > This enables CRIU to checkpoint and restore a process as non-root.
>
> I know it sounds pedantic, but could you spell out CRIU once?
> While I know that everyone who cares either knows
On 5/22/2020 9:27 PM, Andrei Vagin wrote:
> On Fri, May 22, 2020 at 09:40:37AM -0700, Casey Schaufler wrote:
>> On 5/21/2020 10:53 PM, Adrian Reber wrote:
>>> There are probably a few more things guarded by CAP_SYS_ADMIN required
>>> to run checkpoint/restore as non-root,
>> If you need CAP_SYS_ADM
On Fri, May 22, 2020 at 09:40:37AM -0700, Casey Schaufler wrote:
> On 5/21/2020 10:53 PM, Adrian Reber wrote:
> > There are probably a few more things guarded by CAP_SYS_ADMIN required
> > to run checkpoint/restore as non-root,
>
> If you need CAP_SYS_ADMIN anyway you're not gaining anything by
>
On Fri, May 22, 2020 at 09:53:31AM +0200, Christian Brauner wrote:
> On Fri, May 22, 2020 at 07:53:50AM +0200, Adrian Reber wrote:
> >
> > There are probably a few more things guarded by CAP_SYS_ADMIN required
> > to run checkpoint/restore as non-root, but by applying this patch I can
> > already
On 5/21/2020 10:53 PM, Adrian Reber wrote:
> This enables CRIU to checkpoint and restore a process as non-root.
I know it sounds pedantic, but could you spell out CRIU once?
While I know that everyone who cares either knows or can guess
what you're talking about, it may be a mystery to some of the
On Fri, May 22, 2020 at 07:53:50AM +0200, Adrian Reber wrote:
> This enables CRIU to checkpoint and restore a process as non-root.
>
> Over the last years CRIU upstream has been asked a couple of time if it
> is possible to checkpoint and restore a process as non-root. The answer
> usually was: 'a
On Fri, May 22, 2020 at 07:53:50AM +0200, Adrian Reber wrote:
> This enables CRIU to checkpoint and restore a process as non-root.
>
> Over the last years CRIU upstream has been asked a couple of time if it
> is possible to checkpoint and restore a process as non-root. The answer
> usually was: 'a
This enables CRIU to checkpoint and restore a process as non-root.
Over the last years CRIU upstream has been asked a couple of time if it
is possible to checkpoint and restore a process as non-root. The answer
usually was: 'almost'.
The main blocker to restore a process was that selecting the PI
25 matches
Mail list logo
