Changes

547 bytes removed ,  12:31, 6 August 2014
m
Move security topic to separate page
Line 106: Line 106:  
== Security ==
 
== Security ==
   −
Due to restrictions imposed by several kernel APIs CRIU uses, the tools can only work with run with root privileges. However, if the node administrator sets the +suid bit on the criu binary, or runs criu as an [[RPC]] service, criu will be able to work on behalf of regular user.
+
See [[Security]]
 
  −
In the latter case, the following security restrictions would apply:
  −
* criu will refuse to dump or restore processes whose <code>[se]?[ug]id</code> is not equal to the corresponding value of the calling user
  −
* criu will refuse to dump or restore any bits set in any capability set
  −
 
   
== Further reading ==
 
== Further reading ==
  
85

edits