[PATCH 2/5] cr: checkpoint the active LSM and add RESTART_KEEP_LSM flag

Casey Schaufler casey at schaufler-ca.com
Mon Aug 31 22:51:50 PDT 2009


Serge E. Hallyn wrote:
> Quoting Serge E. Hallyn (serue at us.ibm.com):
>   
>> Quoting Casey Schaufler (casey at schaufler-ca.com):
>>     
>>> Serge E. Hallyn wrote:
>>>       
>>>> Quoting Casey Schaufler (casey at schaufler-ca.com):
>>>> So do you think that adding a policy version check in the kernel
>>>> at restart would help this?
>>>>         
>> For the moment I intend to add a patch on top of these adding two
>> security calls:
>>
>> 	security_may_checkpoint(ctx) which will authorize the
>> 		ability to checkpoint at all, and
>>     
>
> I meant:
>
> 	security_may_restore(ctx).
>   

As much as I hate adding more hooks, you could argue for both.



More information about the Containers mailing list