From: Oren Laadan <orenl@cs.columbia.edu>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
linux-api@vger.kernel.org, Serge Hallyn <serue@us.ibm.com>,
Ingo Molnar <mingo@elte.hu>,
containers@lists.linux-foundation.org
Subject: [C/R v20][PATCH 95/96] c/r: add selinux support (v6)
Date: Wed, 17 Mar 2010 12:09:23 -0400 [thread overview]
Message-ID: <1268842164-5590-96-git-send-email-orenl@cs.columbia.edu> (raw)
In-Reply-To: <1268842164-5590-95-git-send-email-orenl@cs.columbia.edu>
From: Serge E. Hallyn <serue@us.ibm.com>
Documentation/checkpoint/readme.txt begins:
"""
Application checkpoint/restart is the ability to save the state
of a running application so that it can later resume its execution
from the time at which it was checkpointed.
"""
This patch adds the ability to checkpoint and restore selinux
contexts for tasks, open files, and sysvipc objects. Contexts
are checkpointed as strings. For tasks and files, where a security
struct actually points to several contexts, all contexts are
written out in one string, separated by ':::'.
The default behaviors are to checkpoint contexts, but not to
restore them. To attempt to restore them, sys_restart() must
be given the RESTART_KEEP_LSM flag. If this is given then
the caller of sys_restart() must have the new 'restore' permission
to the target objclass, or for instance PROCESS__SETFSCREATE to
itself to specify a create_sid.
There are some tests under cr_tests/selinux at
git://git.sr71.net/~hallyn/cr_tests.git.
A corresponding simple refpolicy (and /usr/share/selinux/devel/include)
patch is needed.
The programs to checkpoint and restart (called 'checkpoint' and
'restart') come from git://git.ncl.cs.columbia.edu/pub/git/user-cr.git.
This patch applies against the checkpoint/restart-enabled kernel
tree at git://git.ncl.cs.columbia.edu/pub/git/linux-cr.git/.
Changelog:
Feb 02: [orenl] rebase to kernel 2.6.33
* add tags in classmap.h (includes files autogenerated)
Dec 09: update to use common_audit_data.
oct 09: fix memory overrun in selinux_cred_checkpoint.
oct 02: (Stephen Smalley suggestions):
1. s/__u32/u32/
2. enable the fown sid restoration
3. use process_restore to authorize resetting osid
4. don't make new hooks inline.
oct 01: Remove some debugging that is redundant with
avc log data.
sep 10: (Most addressing suggestions by Stephen Smalley)
1. change xyz_get_ctx() to xyz_checkpoint().
2. check entrypoint permission on cred_restore
3. always dec context length by 1
4. don't allow SECSID_NULL when that's not valid
5. when SECSID_NULL is valid, restore it
6. c/r task->osid
7. Just print nothing instead of 'null' for SECSID_NULL
8. sids are __u32, as are lenghts passed to sid_to_context.
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Acked-by: Oren Laadan <orenl@cs.columbia.edu>
---
checkpoint/restart.c | 1 +
security/selinux/hooks.c | 369 +++++++++++++++++++++++++++++++++++
security/selinux/include/classmap.h | 9 +-
3 files changed, 375 insertions(+), 4 deletions(-)
diff --git a/checkpoint/restart.c b/checkpoint/restart.c
index 0d1b9bf..6a9644d 100644
--- a/checkpoint/restart.c
+++ b/checkpoint/restart.c
@@ -680,6 +680,7 @@ static int restore_lsm(struct ckpt_ctx *ctx)
if (strcmp(ctx->lsm_name, "lsm_none") != 0 &&
strcmp(ctx->lsm_name, "smack") != 0 &&
+ strcmp(ctx->lsm_name, "selinux") != 0 &&
strcmp(ctx->lsm_name, "default") != 0) {
ckpt_debug("c/r: RESTART_KEEP_LSM unsupported for %s\n",
ctx->lsm_name);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 9a2ee84..dd22750 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -76,6 +76,10 @@
#include <linux/selinux.h>
#include <linux/mutex.h>
#include <linux/posix-timers.h>
+#include <linux/checkpoint.h>
+
+#include "flask.h"
+#include "av_permissions.h"
#include "avc.h"
#include "objsec.h"
@@ -2978,6 +2982,104 @@ static int selinux_file_permission(struct file *file, int mask)
return selinux_revalidate_file_permission(file, mask);
}
+/*
+ * for file context, we print both the fsec->sid and fsec->fown_sid
+ * as string representations, separated by ':::'
+ * We don't touch isid - if you wanted that set you shoulda set up the
+ * fs correctly.
+ */
+static char *selinux_file_checkpoint(void *security)
+{
+ struct file_security_struct *fsec = security;
+ char *s1 = NULL, *s2 = NULL, *sfull;
+ u32 len1, len2, lenfull;
+ int ret;
+
+ if (fsec->sid == 0 || fsec->fown_sid == 0)
+ return ERR_PTR(-EINVAL);
+
+ ret = security_sid_to_context(fsec->sid, &s1, &len1);
+ if (ret)
+ return ERR_PTR(ret);
+ len1--;
+ ret = security_sid_to_context(fsec->fown_sid, &s2, &len2);
+ if (ret) {
+ kfree(s1);
+ return ERR_PTR(ret);
+ }
+ len2--;
+ lenfull = len1 + len2 + 3;
+ sfull = kmalloc(lenfull + 1, GFP_KERNEL);
+ if (!sfull) {
+ sfull = ERR_PTR(-ENOMEM);
+ goto out;
+ }
+ sfull[lenfull] = '\0';
+ sprintf(sfull, "%s:::%s", s1, s2);
+
+out:
+ kfree(s1);
+ kfree(s2);
+ return sfull;
+}
+
+static int selinux_file_restore(struct file *file, char *ctx)
+{
+ char *s1, *s2;
+ u32 sid1 = 0, sid2 = 0;
+ int ret = -EINVAL;
+ struct file_security_struct *fsec = file->f_security;
+
+ /*
+ * Objhash made sure the string is null-terminated.
+ * We make a copy so we can mangle it.
+ */
+ s1 = kstrdup(ctx, GFP_KERNEL);
+ if (!s1)
+ return -ENOMEM;
+ s2 = strstr(s1, ":::");
+ if (!s2)
+ goto out;
+
+ *s2 = '\0';
+ s2 += 3;
+ if (*s2 == '\0')
+ goto out;
+
+ /* SECSID_NULL is not valid for file sids */
+ if (strlen(s1) == 0 || strlen(s2) == 0)
+ goto out;
+
+ ret = security_context_to_sid(s1, strlen(s1), &sid1);
+ if (ret)
+ goto out;
+ ret = security_context_to_sid(s2, strlen(s2), &sid2);
+ if (ret)
+ goto out;
+
+ if (sid1 && fsec->sid != sid1) {
+ ret = avc_has_perm(current_sid(), sid1, SECCLASS_FILE,
+ FILE__RESTORE, NULL);
+ if (ret)
+ goto out;
+ fsec->sid = sid1;
+ }
+
+ if (sid2 && fsec->fown_sid != sid2) {
+ ret = avc_has_perm(current_sid(), sid2, SECCLASS_FILE,
+ FILE__FOWN_RESTORE, NULL);
+ if (ret)
+ goto out;
+ fsec->fown_sid = sid2;
+ }
+
+ ret = 0;
+
+out:
+ kfree(s1);
+ return ret;
+}
+
static int selinux_file_alloc_security(struct file *file)
{
return file_alloc_security(file);
@@ -3236,6 +3338,186 @@ static int selinux_task_create(unsigned long clone_flags)
return current_has_perm(current, PROCESS__FORK);
}
+#define NUMTASKSIDS 6
+/*
+ * for cred context, we print:
+ * osid, sid, exec_sid, create_sid, keycreate_sid, sockcreate_sid;
+ * as string representations, separated by ':::'
+ */
+static char *selinux_cred_checkpoint(void *security)
+{
+ struct task_security_struct *tsec = security;
+ char *stmp, *sfull = NULL;
+ u32 slen, runlen;
+ int i, ret;
+ u32 sids[NUMTASKSIDS] = { tsec->osid, tsec->sid, tsec->exec_sid,
+ tsec->create_sid, tsec->keycreate_sid, tsec->sockcreate_sid };
+
+ if (sids[0] == 0 || sids[1] == 0)
+ /* SECSID_NULL is not valid for osid or sid */
+ return ERR_PTR(-EINVAL);
+
+ ret = security_sid_to_context(sids[0], &sfull, &runlen);
+ if (ret)
+ return ERR_PTR(ret);
+ runlen--;
+
+ for (i = 1; i < NUMTASKSIDS; i++) {
+ if (sids[i] == 0) {
+ stmp = NULL;
+ slen = 0;
+ } else {
+ ret = security_sid_to_context(sids[i], &stmp, &slen);
+ if (ret) {
+ kfree(sfull);
+ return ERR_PTR(ret);
+ }
+ slen--;
+ }
+ /* slen + runlen + ':::' + \0 */
+ sfull = krealloc(sfull, slen + runlen + 3 + 1,
+ GFP_KERNEL);
+ if (!sfull) {
+ kfree(stmp);
+ return ERR_PTR(-ENOMEM);
+ }
+ sprintf(sfull+runlen, ":::%s", stmp ? stmp : "");
+ runlen += slen + 3;
+ kfree(stmp);
+ }
+
+ return sfull;
+}
+
+static inline int credrestore_nullvalid(int which)
+{
+ int valid_array[NUMTASKSIDS] = {
+ 0, /* task osid */
+ 0, /* task sid */
+ 1, /* exec sid */
+ 1, /* create sid */
+ 1, /* keycreate_sid */
+ 1, /* sockcreate_sid */
+ };
+
+ return valid_array[which];
+}
+
+static int selinux_cred_restore(struct file *file, struct cred *cred,
+ char *ctx)
+{
+ char *s, *s1, *s2 = NULL;
+ int ret = -EINVAL;
+ struct task_security_struct *tsec = cred->security;
+ int i;
+ u32 sids[NUMTASKSIDS];
+ struct inode *ctx_inode = file->f_dentry->d_inode;
+ struct common_audit_data ad;
+
+ /*
+ * objhash made sure the string is null-terminated
+ * now we want our own copy so we can chop it up with \0's
+ */
+ s = kstrdup(ctx, GFP_KERNEL);
+ if (!s)
+ return -ENOMEM;
+
+ s1 = s;
+ for (i = 0; i < NUMTASKSIDS; i++) {
+ if (i < NUMTASKSIDS-1) {
+ ret = -EINVAL;
+ s2 = strstr(s1, ":::");
+ if (!s2)
+ goto out;
+ *s2 = '\0';
+ s2 += 3;
+ }
+ if (strlen(s1) == 0) {
+ ret = -EINVAL;
+ if (credrestore_nullvalid(i))
+ sids[i] = 0;
+ else
+ goto out;
+ } else {
+ ret = security_context_to_sid(s1, strlen(s1), &sids[i]);
+ if (ret)
+ goto out;
+ }
+ s1 = s2;
+ }
+
+ /*
+ * Check that these transitions are allowed, and effect them.
+ * XXX: Do these checks suffice?
+ */
+ if (tsec->osid != sids[0]) {
+ ret = avc_has_perm(current_sid(), sids[0], SECCLASS_PROCESS,
+ PROCESS__RESTORE, NULL);
+ if (ret)
+ goto out;
+ tsec->osid = sids[0];
+ }
+
+ if (tsec->sid != sids[1]) {
+ struct inode_security_struct *isec;
+ ret = avc_has_perm(current_sid(), sids[1], SECCLASS_PROCESS,
+ PROCESS__RESTORE, NULL);
+ if (ret)
+ goto out;
+
+ /* check whether checkpoint file type is a valid entry
+ * point to the new domain: we may want a specific
+ * 'restore_entrypoint' permission for this, but let's
+ * see if just entrypoint is deemed sufficient
+ */
+
+ COMMON_AUDIT_DATA_INIT(&ad, FS);
+ ad.u.fs.path = file->f_path;
+
+ isec = ctx_inode->i_security;
+ ret = avc_has_perm(sids[1], isec->sid, SECCLASS_FILE,
+ FILE__ENTRYPOINT, &ad);
+ if (ret)
+ goto out;
+ /* TODO: do we need to check for shared state? */
+ tsec->sid = sids[1];
+ }
+
+ ret = -EPERM;
+ if (sids[2] != tsec->exec_sid) {
+ if (!current_has_perm(current, PROCESS__SETEXEC))
+ goto out;
+ tsec->exec_sid = sids[2];
+ }
+
+ if (sids[3] != tsec->create_sid) {
+ if (!current_has_perm(current, PROCESS__SETFSCREATE))
+ goto out;
+ tsec->create_sid = sids[3];
+ }
+
+ if (tsec->keycreate_sid != sids[4]) {
+ if (!current_has_perm(current, PROCESS__SETKEYCREATE))
+ goto out;
+ if (!may_create_key(sids[4], current))
+ goto out;
+ tsec->keycreate_sid = sids[4];
+ }
+
+ if (tsec->sockcreate_sid != sids[5]) {
+ if (!current_has_perm(current, PROCESS__SETSOCKCREATE))
+ goto out;
+ tsec->sockcreate_sid = sids[5];
+ }
+
+ ret = 0;
+
+out:
+ kfree(s);
+ return ret;
+}
+
+
/*
* allocate the SELinux part of blank credentials
*/
@@ -4767,6 +5049,44 @@ static void ipc_free_security(struct kern_ipc_perm *perm)
kfree(isec);
}
+static char *selinux_msg_msg_checkpoint(void *security)
+{
+ struct msg_security_struct *msec = security;
+ char *s;
+ u32 len;
+ int ret;
+
+ if (msec->sid == 0)
+ return ERR_PTR(-EINVAL);
+
+ ret = security_sid_to_context(msec->sid, &s, &len);
+ if (ret)
+ return ERR_PTR(ret);
+ return s;
+}
+
+static int selinux_msg_msg_restore(struct msg_msg *msg, char *ctx)
+{
+ struct msg_security_struct *msec = msg->security;
+ int ret;
+ u32 sid = 0;
+
+ ret = security_context_to_sid(ctx, strlen(ctx), &sid);
+ if (ret)
+ return ret;
+
+ if (msec->sid == sid)
+ return 0;
+
+ ret = avc_has_perm(current_sid(), sid, SECCLASS_MSG,
+ MSG__RESTORE, NULL);
+ if (ret)
+ return ret;
+
+ msec->sid = sid;
+ return 0;
+}
+
static int msg_msg_alloc_security(struct msg_msg *msg)
{
struct msg_security_struct *msec;
@@ -5170,6 +5490,47 @@ static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
*secid = isec->sid;
}
+static char *selinux_ipc_checkpoint(void *security)
+{
+ struct ipc_security_struct *isec = security;
+ char *s;
+ u32 len;
+ int ret;
+
+ if (isec->sid == 0)
+ return ERR_PTR(-EINVAL);
+
+ ret = security_sid_to_context(isec->sid, &s, &len);
+ if (ret)
+ return ERR_PTR(ret);
+ return s;
+}
+
+static int selinux_ipc_restore(struct kern_ipc_perm *ipcp, char *ctx)
+{
+ struct ipc_security_struct *isec = ipcp->security;
+ int ret;
+ u32 sid = 0;
+ struct common_audit_data ad;
+
+ ret = security_context_to_sid(ctx, strlen(ctx), &sid);
+ if (ret)
+ return ret;
+
+ if (isec->sid == sid)
+ return 0;
+
+ COMMON_AUDIT_DATA_INIT(&ad, IPC);
+ ad.u.ipc_id = ipcp->key;
+ ret = avc_has_perm(current_sid(), sid, SECCLASS_IPC,
+ IPC__RESTORE, &ad);
+ if (ret)
+ return ret;
+
+ isec->sid = sid;
+ return 0;
+}
+
static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
{
if (inode)
@@ -5517,6 +5878,8 @@ static struct security_operations selinux_ops = {
.inode_getsecid = selinux_inode_getsecid,
.file_permission = selinux_file_permission,
+ .file_checkpoint = selinux_file_checkpoint,
+ .file_restore = selinux_file_restore,
.file_alloc_security = selinux_file_alloc_security,
.file_free_security = selinux_file_free_security,
.file_ioctl = selinux_file_ioctl,
@@ -5532,6 +5895,8 @@ static struct security_operations selinux_ops = {
.task_create = selinux_task_create,
.cred_alloc_blank = selinux_cred_alloc_blank,
+ .cred_checkpoint = selinux_cred_checkpoint,
+ .cred_restore = selinux_cred_restore,
.cred_free = selinux_cred_free,
.cred_prepare = selinux_cred_prepare,
.cred_transfer = selinux_cred_transfer,
@@ -5555,8 +5920,12 @@ static struct security_operations selinux_ops = {
.ipc_permission = selinux_ipc_permission,
.ipc_getsecid = selinux_ipc_getsecid,
+ .ipc_checkpoint = selinux_ipc_checkpoint,
+ .ipc_restore = selinux_ipc_restore,
.msg_msg_alloc_security = selinux_msg_msg_alloc_security,
+ .msg_msg_checkpoint = selinux_msg_msg_checkpoint,
+ .msg_msg_restore = selinux_msg_msg_restore,
.msg_msg_free_security = selinux_msg_msg_free_security,
.msg_queue_alloc_security = selinux_msg_queue_alloc_security,
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index 8b32e95..b1cde03 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -24,7 +24,7 @@ struct security_class_mapping secclass_map[] = {
"getattr", "setexec", "setfscreate", "noatsecure", "siginh",
"setrlimit", "rlimitinh", "dyntransition", "setcurrent",
"execmem", "execstack", "execheap", "setkeycreate",
- "setsockcreate", NULL } },
+ "setsockcreate", "restore", NULL } },
{ "system",
{ "ipc_info", "syslog_read", "syslog_mod",
"syslog_console", "module_request", NULL } },
@@ -43,7 +43,8 @@ struct security_class_mapping secclass_map[] = {
"quotaget", NULL } },
{ "file",
{ COMMON_FILE_PERMS,
- "execute_no_trans", "entrypoint", "execmod", "open", NULL } },
+ "execute_no_trans", "entrypoint", "execmod", "open",
+ "restore", "fown_restore", NULL } },
{ "dir",
{ COMMON_FILE_PERMS, "add_name", "remove_name",
"reparent", "search", "rmdir", "open", NULL } },
@@ -93,13 +94,13 @@ struct security_class_mapping secclass_map[] = {
} },
{ "sem",
{ COMMON_IPC_PERMS, NULL } },
- { "msg", { "send", "receive", NULL } },
+ { "msg", { "send", "receive", "restore", NULL } },
{ "msgq",
{ COMMON_IPC_PERMS, "enqueue", NULL } },
{ "shm",
{ COMMON_IPC_PERMS, "lock", NULL } },
{ "ipc",
- { COMMON_IPC_PERMS, NULL } },
+ { COMMON_IPC_PERMS, "restore", NULL } },
{ "netlink_route_socket",
{ COMMON_SOCK_PERMS,
"nlmsg_read", "nlmsg_write", NULL } },
--
1.6.3.3
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2010-03-17 16:29 UTC|newest]
Thread overview: 103+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-17 16:07 [C/R v20][PATCH 00/96] Linux Checkpoint-Restart - v20 Oren Laadan
2010-03-17 16:07 ` [C/R v20][PATCH 01/96] eclone (1/11): Factor out code to allocate pidmap page Oren Laadan
2010-03-17 16:07 ` [C/R v20][PATCH 02/96] eclone (2/11): Have alloc_pidmap() return actual error code Oren Laadan
2010-03-17 16:07 ` [C/R v20][PATCH 03/96] eclone (3/11): Define set_pidmap() function Oren Laadan
2010-03-17 16:07 ` [C/R v20][PATCH 04/96] eclone (4/11): Add target_pids parameter to alloc_pid() Oren Laadan
2010-03-17 16:07 ` [C/R v20][PATCH 05/96] eclone (5/11): Add target_pids parameter to copy_process() Oren Laadan
2010-03-17 16:07 ` [C/R v20][PATCH 06/96] eclone (6/11): Check invalid clone flags Oren Laadan
2010-03-17 16:07 ` [C/R v20][PATCH 07/96] eclone (7/11): Define do_fork_with_pids() Oren Laadan
2010-03-17 16:07 ` [C/R v20][PATCH 08/96] eclone (8/11): Implement sys_eclone for x86 (32,64) Oren Laadan
2010-03-17 16:07 ` [C/R v20][PATCH 09/96] eclone (9/11): Implement sys_eclone for s390 Oren Laadan
2010-03-17 16:07 ` [C/R v20][PATCH 10/96] eclone (10/11): Implement sys_eclone for powerpc Oren Laadan
2010-03-17 16:07 ` [C/R v20][PATCH 11/96] eclone (11/11): Document sys_eclone Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 12/96] c/r: extend arch_setup_additional_pages() Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 13/96] c/r: break out new_user_ns() Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 14/96] c/r: split core function out of some set*{u,g}id functions Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 15/96] cgroup freezer: Fix buggy resume test for tasks frozen with cgroup freezer Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 16/96] cgroup freezer: Update stale locking comments Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 17/96] cgroup freezer: Add CHECKPOINTING state to safeguard container checkpoint Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 18/96] cgroup freezer: interface to freeze a cgroup from within the kernel Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 19/96] Namespaces submenu Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 20/96] c/r: make file_pos_read/write() public Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 21/96] c/r: create syscalls: sys_checkpoint, sys_restart Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 22/96] c/r: documentation Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 23/96] c/r: basic infrastructure for checkpoint/restart Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 24/96] c/r: x86_32 support " Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 25/96] c/r: x86-64: checkpoint/restart implementation Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 26/96] c/r: external checkpoint of a task other than ourself Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 27/96] c/r: export functionality used in next patch for restart-blocks Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 28/96] c/r: restart-blocks Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 29/96] c/r: checkpoint multiple processes Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 30/96] c/r: restart " Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 31/96] c/r: introduce PF_RESTARTING, and skip notification on exit Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 32/96] c/r: support for zombie processes Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 33/96] c/r: Save and restore the [compat_]robust_list member of the task struct Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 34/96] c/r: infrastructure for shared objects Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 35/96] c/r: detect resource leaks for whole-container checkpoint Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 36/96] deferqueue: generic queue to defer work Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 37/96] c/r: introduce new 'file_operations': ->checkpoint, ->collect() Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 38/96] c/r: dump open file descriptors Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 39/96] c/r: restore " Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 40/96] c/r: introduce method '->checkpoint()' in struct vm_operations_struct Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 41/96] Introduce FOLL_DIRTY to follow_page() for "dirty" pages Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 42/96] c/r: dump memory address space (private memory) Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 43/96] c/r: restore " Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 44/96] c/r: add generic '->checkpoint' f_op to ext fses Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 45/96] c/r: add generic '->checkpoint()' f_op to simple devices Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 46/96] c/r: add checkpoint operation for opened files of generic filesystems Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 47/96] c/r: export shmem_getpage() to support shared memory Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 48/96] c/r: dump anonymous- and file-mapped- " Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 49/96] c/r: restore " Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 50/96] splice: export pipe/file-to-pipe/file functionality Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 51/96] c/r: support for open pipes Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 52/96] c/r: checkpoint and restore FIFOs Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 53/96] c/r: refuse to checkpoint if monitoring directories with dnotify Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 54/96] c/r: make ckpt_may_checkpoint_task() check each namespace individually Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 55/96] c/r: support for UTS namespace Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 56/96] c/r (ipc): allow allocation of a desired ipc identifier Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 57/96] c/r: save and restore sysvipc namespace basics Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 58/96] c/r: support share-memory sysv-ipc Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 59/96] " Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 60/96] c/r: support semaphore sysv-ipc Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 61/96] c/r: (s390): expose a constant for the number of words (CRs) Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 62/96] c/r: add CKPT_COPY() macro Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 63/96] c/r: define s390-specific checkpoint-restart code Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 64/96] c/r: capabilities: define checkpoint and restore fns Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 65/96] c/r: checkpoint and restore task credentials Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 66/96] c/r: restore file->f_cred Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 67/96] c/r: checkpoint and restore (shared) task's sighand_struct Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 68/96] c/r: [signal 1/4] blocked and template for shared signals Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 69/96] c/r: [signal 2/4] checkpoint/restart of rlimit Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 70/96] c/r: [signal 3/4] pending signals (private, shared) Oren Laadan
2010-03-17 16:08 ` [C/R v20][PATCH 71/96] c/r: [signal 4/4] support for real/virt/prof itimers Oren Laadan
2010-03-17 16:09 ` [C/R v20][PATCH 72/96] Expose may_setuid() in user.h and add may_setgid() (v2) Oren Laadan
2010-03-17 16:09 ` [C/R v20][PATCH 73/96] c/r: correctly restore pgid Oren Laadan
2010-03-17 16:09 ` [C/R v20][PATCH 74/96] Add common socket helpers to unify the security hooks Oren Laadan
2010-03-17 16:09 ` [C/R v20][PATCH 75/96] c/r: introduce checkpoint/restore methods to struct proto_ops Oren Laadan
2010-03-17 16:09 ` [C/R v20][PATCH 76/96] c/r: Add AF_UNIX support (v12) Oren Laadan
2010-03-17 16:09 ` [C/R v20][PATCH 77/96] c/r: add support for listening INET sockets (v2) Oren Laadan
2010-03-17 16:09 ` [C/R v20][PATCH 78/96] c/r: add support for connected INET sockets (v5) Oren Laadan
2010-03-17 16:09 ` [C/R v20][PATCH 79/96] c/r: [pty 1/2] allow allocation of desired pty slave Oren Laadan
2010-03-17 16:09 ` [C/R v20][PATCH 80/96] c/r: [pty 2/2] support for pseudo terminals Oren Laadan
2010-03-17 16:09 ` [C/R v20][PATCH 81/96] c/r: support for controlling terminal and job control Oren Laadan
2010-03-17 16:09 ` [C/R v20][PATCH 82/96] c/r: checkpoint/restart epoll sets Oren Laadan
2010-03-17 16:09 ` [C/R v20][PATCH 83/96] c/r: checkpoint/restart eventfd Oren Laadan
2010-03-17 16:09 ` [C/R v20][PATCH 84/96] c/r: restore task fs_root and pwd (v3) Oren Laadan
2010-03-17 16:09 ` [C/R v20][PATCH 85/96] c/r: preliminary support mounts namespace Oren Laadan
2010-03-17 16:09 ` [C/R v20][PATCH 86/96] powerpc: reserve checkpoint arch identifiers Oren Laadan
2010-03-17 16:09 ` [C/R v20][PATCH 87/96] powerpc: provide APIs for validating and updating DABR Oren Laadan
2010-03-17 16:09 ` [C/R v20][PATCH 88/96] use correct ccr bit for syscall error status Oren Laadan
2010-03-17 16:09 ` [C/R v20][PATCH 89/96] powerpc: checkpoint/restart implementation Oren Laadan
2010-03-17 16:09 ` [C/R v20][PATCH 90/96] powerpc: wire up checkpoint and restart syscalls Oren Laadan
2010-03-17 16:09 ` [C/R v20][PATCH 91/96] powerpc: enable checkpoint support in Kconfig Oren Laadan
2010-03-17 16:09 ` [C/R v20][PATCH 92/96] c/r: add lsm name and lsm_info (policy header) to container info Oren Laadan
2010-03-17 16:09 ` [C/R v20][PATCH 93/96] c/r: add generic LSM c/r support (v7) Oren Laadan
2010-03-17 16:09 ` [C/R v20][PATCH 94/96] c/r: add smack support to lsm c/r (v4) Oren Laadan
2010-03-17 16:09 ` Oren Laadan [this message]
2010-03-17 16:09 ` [C/R v20][PATCH 96/96] c/r: add an entry for checkpoint/restart in MAINTAINERS Oren Laadan
2010-03-17 21:09 ` [C/R v20][PATCH 46/96] c/r: add checkpoint operation for opened files of generic filesystems Andreas Dilger
2010-03-17 23:25 ` Matt Helsley
2010-03-17 23:37 ` Matt Helsley
2010-03-22 23:28 ` [C/R v20][PATCH 15/96] cgroup freezer: Fix buggy resume test for tasks frozen with cgroup freezer Rafael J. Wysocki
2010-03-23 16:03 ` Oren Laadan
2010-03-26 22:53 ` Rafael J. Wysocki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1268842164-5590-96-git-send-email-orenl@cs.columbia.edu \
--to=orenl@cs.columbia.edu \
--cc=akpm@linux-foundation.org \
--cc=containers@lists.linux-foundation.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mingo@elte.hu \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox