Line 57: |
Line 57: |
| * Suggested by: Pavel Emelianov <xemul@virtuozzo.com> | | * Suggested by: Pavel Emelianov <xemul@virtuozzo.com> |
| | | |
− | === Anonymise image files ===
| |
− |
| |
− | '''Summary:''' Teach [[CRIT]] to remove sensitive information from images
| |
− |
| |
− | When reporting a BUG it may be not acceptable for the reporter to send us raw images, as they may contain sensitive data. Need to teach CRIT to "anonymise" images for publication.
| |
− |
| |
− | List of data to shred:
| |
− |
| |
− | * Memory contents. For the sake of investigation, all the memory contents can be just removed. Only the sizes of pages*.img files are enough.
| |
− | * Paths to files. Here we should keep the paths relations to each other. The simplest way seem to be replacing file names with "random" (or sequential) strings, BUT (!) keeping an eye on making this mapping be 1:1. Note, that file paths may also sit in sk-unix.img.
| |
− | * Registers.
| |
− | * Process names. (But relations should be kept).
| |
− | * Contents of streams, i.e. pipe/fifo data, sk-queue, tcp-stream, tty data.
| |
− | * Ghost files.
| |
− | * Tarballs with tmpfs-s.
| |
− | * IP addresses in sk-inet-s, ip tool dumps and net*.img.
| |
− |
| |
− | '''Links:'''
| |
− | * [[Anonymize image files]]
| |
− | * https://github.com/checkpoint-restore/criu/issues/360
| |
− | * [[CRIT]], [[Images]]
| |
− | * External links to mailing lists or web sites
| |
− |
| |
− | '''Details:'''
| |
− | * Skill level: beginner
| |
− | * Language: Python
| |
− | * Mentor: Pavel Emelianov <xemul@virtuozzo.com>
| |
− | * Suggested by: Pavel Emelianov <xemul@virtuozzo.com>
| |
| | | |
| === Use eBPF to lock and unlock the network === | | === Use eBPF to lock and unlock the network === |
Line 130: |
Line 102: |
| | | |
| CRIU uses /proc/pid/map_files to dump and restore anonymous shared memory regions, but map_files is restricted to the global CAP_SYS_ADMIN capability. In most cases, it is possible to dump/restore shared memory region without map_files and we need to implement this in CRIU. | | CRIU uses /proc/pid/map_files to dump and restore anonymous shared memory regions, but map_files is restricted to the global CAP_SYS_ADMIN capability. In most cases, it is possible to dump/restore shared memory region without map_files and we need to implement this in CRIU. |
| + | |
| + | '''Links:''' |
| + | * [[User-mode]] |
| + | |
| + | '''Details:''' |
| + | * Skill level: intermediate |
| + | * Language: C |
| + | * Suggested by: Andrei Vagin <avagin@gmail.com> |
| + | * Suggested by: Pavel Emelyanov <xemul@openvz.org> |
| | | |
| | | |
Line 175: |
Line 156: |
| | | |
| | | |
| + | === Anonymise image files === |
| + | |
| + | '''Summary:''' Teach [[CRIT]] to remove sensitive information from images |
| + | |
| + | When reporting a BUG it may be not acceptable for the reporter to send us raw images, as they may contain sensitive data. Need to teach CRIT to "anonymise" images for publication. |
| + | |
| + | List of data to shred: |
| + | |
| + | * Memory contents. For the sake of investigation, all the memory contents can be just removed. Only the sizes of pages*.img files are enough. |
| + | * Paths to files. Here we should keep the paths relations to each other. The simplest way seem to be replacing file names with "random" (or sequential) strings, BUT (!) keeping an eye on making this mapping be 1:1. Note, that file paths may also sit in sk-unix.img. |
| + | * Registers. |
| + | * Process names. (But relations should be kept). |
| + | * Contents of streams, i.e. pipe/fifo data, sk-queue, tcp-stream, tty data. |
| + | * Ghost files. |
| + | * Tarballs with tmpfs-s. |
| + | * IP addresses in sk-inet-s, ip tool dumps and net*.img. |
| + | |
| '''Links:''' | | '''Links:''' |
− | * [[User-mode]] | + | * [[Anonymize image files]] |
− | | + | * https://github.com/checkpoint-restore/criu/issues/360 |
| + | * [[CRIT]], [[Images]] |
| + | * External links to mailing lists or web sites |
| + | |
| '''Details:''' | | '''Details:''' |
− | * Skill level: intermediate | + | * Skill level: beginner |
− | * Language: C | + | * Language: Python |
− | * Suggested by: Andrei Vagin <avagin@gmail.com> | + | * Mentor: Pavel Emelianov <xemul@virtuozzo.com> |
− | * Suggested by: Pavel Emelyanov <xemul@openvz.org> | + | * Suggested by: Pavel Emelianov <xemul@virtuozzo.com> |
| | | |
| [[Category:GSoC]] | | [[Category:GSoC]] |
| [[Category:Development]] | | [[Category:Development]] |