Re: [PATCH] kernel: reduce required permission for prctl_set_mm

2014-02-12 Thread Eric W. Biederman
Andrey Vagin writes: > Currently prctl_set_mm requires the global CAP_SYS_RESOURCE, > this patch reduce requiremence to CAP_SYS_RESOURCE in the current > namespace. > > When we restore a task we need to set up text, data and data heap sizes > from userspace to the values a task had at checkpoint

Re: [PATCH] kernel: reduce required permission for prctl_set_mm

2014-02-12 Thread Andrew Vagin
On Wed, Feb 12, 2014 at 01:50:35PM -0800, Kees Cook wrote: > On Wed, Feb 12, 2014 at 1:32 PM, Andrew Morton > wrote: > > On Wed, 12 Feb 2014 19:40:11 +0400 Andrey Vagin wrote: > > > >> Currently prctl_set_mm requires the global CAP_SYS_RESOURCE, > >> this patch reduce requiremence to CAP_SYS_RESO

Re: [PATCH] kernel: reduce required permission for prctl_set_mm

2014-02-12 Thread Andrew Vagin
On Wed, Feb 12, 2014 at 01:32:28PM -0800, Andrew Morton wrote: > On Wed, 12 Feb 2014 19:40:11 +0400 Andrey Vagin wrote: > > > Currently prctl_set_mm requires the global CAP_SYS_RESOURCE, > > this patch reduce requiremence to CAP_SYS_RESOURCE in the current > > namespace. > > > > When we restore

Re: [CRIU] [PATCH] kernel: reduce required permission for prctl_set_mm

2014-02-12 Thread Cyrill Gorcunov
On Wed, Feb 12, 2014 at 01:32:28PM -0800, Andrew Morton wrote: > On Wed, 12 Feb 2014 19:40:11 +0400 Andrey Vagin wrote: > > > Currently prctl_set_mm requires the global CAP_SYS_RESOURCE, > > this patch reduce requiremence to CAP_SYS_RESOURCE in the current > > namespace. > > > > When we restore

Re: [PATCH] kernel: reduce required permission for prctl_set_mm

2014-02-12 Thread Kees Cook
On Wed, Feb 12, 2014 at 1:32 PM, Andrew Morton wrote: > On Wed, 12 Feb 2014 19:40:11 +0400 Andrey Vagin wrote: > >> Currently prctl_set_mm requires the global CAP_SYS_RESOURCE, >> this patch reduce requiremence to CAP_SYS_RESOURCE in the current >> namespace. >> >> When we restore a task we need

Re: [PATCH] kernel: reduce required permission for prctl_set_mm

2014-02-12 Thread Andrew Morton
On Wed, 12 Feb 2014 19:40:11 +0400 Andrey Vagin wrote: > Currently prctl_set_mm requires the global CAP_SYS_RESOURCE, > this patch reduce requiremence to CAP_SYS_RESOURCE in the current > namespace. > > When we restore a task we need to set up text, data and data heap sizes > from userspace to t

[PATCH] kernel: reduce required permission for prctl_set_mm

2014-02-12 Thread Andrey Vagin
Currently prctl_set_mm requires the global CAP_SYS_RESOURCE, this patch reduce requiremence to CAP_SYS_RESOURCE in the current namespace. When we restore a task we need to set up text, data and data heap sizes from userspace to the values a task had at checkpoint time. Currently we can not restor