Jump to: navigation, search


517 bytes added, 08:51, 30 November 2015
no edit summary
** empty bridges in netns
** FILTER mode of seccomp
** IP_FREEBIND socket option
=== Optimizations/improvements ===
* Post-restore actions could generate stats files in wrong directories
* Freeze-cgroup didn't take sub-cgroups' tasks into account
* Tentative state in IPv6 sockets binding prevented socket from being bound immediately
* Restoring from images with files pointing to /proc file of dead tasks could crash
* Tasks with STOP in queue (i.e. -- not ''yet'' stopped) were CONT-ed in case of --leave-running dump
* Stopped task with one more STOP in queue caused dump to stuck
* If parent task left the MNT namespace it created for children restore could BUG()
* Link-local IPv6 addresses sometimes failed to bind() at restore
=== Security ===
* Service run as root could allow users to violate ptrace policies
* Service run as root could give users access to privileged files and directories

Navigation menu