[RFC v6][PATCH 0/9] Kernel based checkpoint/restart

Dave Hansen dave at linux.vnet.ibm.com
Mon Oct 20 10:17:12 PDT 2008


On Fri, 2008-10-17 at 17:00 +1030, David Newall wrote:
> > The strace/gdb example is *really* hard; but for vfork, you just wait
> > until it's over. The interval between vfork and exec/exit should be
> > short enough not to affect the overall time for a checkpoint
> 
> A malicious user could trivially exploit that.

You mean a malicious user could prevent a checkpoint from occurring by
doing this?

There are going to be a lot of those for a long while. :)

-- Dave



More information about the Containers mailing list