Files · beb158a66e20388d5b7ff71d9083f0c93179c4a1 · zhul / criu

Pavel Emelyanov authored Jan 27, 2012

Dumping is simple. All but secbits can be read from proc, secbits
are got from parasite.

Restoring is a bit tricky -- when you change anything on kernel
cred's struct it performs sophisticated checks and can change
some more stuff than requested, so the creds restoration procedure
is carefully commented step-by-step.

Another thing to mention is that creds are restored after everything
else, i.e. right before performing final threads sync and sigreturns.
This is done to avoid potential problems with insufficient caps for
restoring other stuff (e.g. CAP_DAC_OVERRIDE or zero euid is most
likely required for opening any image file and the notorious control
/proc/sys/kernel/ns_last_pid, which in turn is performed till the
very last moment).
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>

beb158a6

Name	Last commit	Last update
Documentation		Loading commit data...
include		Loading commit data...
test		Loading commit data...
tools		Loading commit data...
.gitignore		Loading commit data...
COPYING		Loading commit data...
Makefile		Loading commit data...
Makefile.inc		Loading commit data...
README		Loading commit data...
cr-dump.c		Loading commit data...
cr-restore.c		Loading commit data...
cr-show.c		Loading commit data...
crtools.c		Loading commit data...
files.c		Loading commit data...
gen-offsets.sh		Loading commit data...
libnetlink.c		Loading commit data...
log.c		Loading commit data...
namespaces.c		Loading commit data...
parasite-syscall.c		Loading commit data...
parasite.c		Loading commit data...
parasite.lds.S		Loading commit data...
proc_parse.c		Loading commit data...
ptrace.c		Loading commit data...
restorer-log.c		Loading commit data...
restorer.c		Loading commit data...
restorer.lds.S		Loading commit data...
sockets.c		Loading commit data...
util.c		Loading commit data...

README