Changes

77 bytes added ,  09:58, 17 October 2013
Reformatted, added RPC
Line 106: Line 106:  
== Security ==
 
== Security ==
   −
Due to restrictions imposed by several kernel APIs CRIU uses, the tools can only work with run with root privileges. However, if the node administrator sets the +suid bit on the criu binary, criu will be able to work when launched from regular user. But, in the latter case, criu will refuse to dump or restore processes whose <code>[se]?[ug]id</code> is not equal to the corresponding value of the calling user.
+
Due to restrictions imposed by several kernel APIs CRIU uses, the tools can only work with run with root privileges. However, if the node administrator sets the +suid bit on the criu binary, or runs criu as an [[RPC]] service, criu will be able to work on behalf of regular user.  
 +
 
 +
In the latter case, the following security restrictions would apply:
 +
* criu will refuse to dump or restore processes whose <code>[se]?[ug]id</code> is not equal to the corresponding value of the calling user
    
== Further reading ==
 
== Further reading ==