Changes

558 bytes removed ,  16:41, 14 September 2015
not needed anymore
Line 15: Line 15:     
CRIU has security issues when working with [[Userns|user namespaces]] and [[selinux]]
 
CRIU has security issues when working with [[Userns|user namespaces]] and [[selinux]]
  −
== Kernel restrictions ==
  −
  −
Currently there are a few places in the kernel which test for action preformed being allowed for capable users only:
  −
  −
* Reading of <code>/proc/$pid/map_files</code> entries is guarded by <code>CAP_SYS_ADMIN</code>. This data is intensively used by CRIU on the dump.
  −
* Restoring memory maps with <code>prctl</code> may require <code>CAP_SYS_RESOURCE</code> on old CRIU versions which don't use <code>PR_SET_MM_MAP</code> interface.
  −
* Upon CRIU start it might try to load net-diag modules which require <code>CAP_SYS_MODULE</code>.
      
== Code example ==
 
== Code example ==