Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate NO_NEW_PRIVS prctl #2228

Closed
wants to merge 3 commits into from
Closed

Migrate NO_NEW_PRIVS prctl #2228

wants to merge 3 commits into from

Conversation

osctobe
Copy link
Contributor

@osctobe osctobe commented Jul 19, 2023
edited
Loading

Migrate prctl(NO_NEW_PRIVS) setting.

@osctobe osctobe requested a review from avagin July 19, 2023 17:01
@osctobe osctobe changed the title No new privs Migrate NO_NEW_PRIVS prctl Jul 19, 2023
avagin
avagin reviewed Jul 21, 2023
View reviewed changes
criu/pie/restorer.c Outdated Show resolved Hide resolved
@osctobe osctobe force-pushed the no-new-privs branch 5 times, most recently from 1f86bad to fbe6a57 Compare July 25, 2023 17:44
@osctobe osctobe requested a review from avagin July 25, 2023 17:44
@codecov-commenter
Copy link

codecov-commenter commented Jul 25, 2023
edited
Loading

Codecov Report

Patch coverage: 100.00% and no project coverage change.

Comparison is base (ff67ad8) 70.36% compared to head (aee0ed9) 70.37%.

❗ Current head aee0ed9 differs from pull request most recent head 988a5f4. Consider uploading reports for the commit 988a5f4 to get more accurate results

Additional details and impacted files 
@@            Coverage Diff            @@
##           criu-dev    #2228   +/-   ##
=========================================
  Coverage     70.36%   70.37%           
=========================================
  Files           134      134           
  Lines         34036    34040    +4     
=========================================
+ Hits          23951    23956    +5     
+ Misses        10085    10084    -1
Files Changed Coverage Δ
criu/include/parasite.h 100.00% <ø> (ø)
criu/parasite-syscall.c 86.02% <100.00%> (+0.13%) ⬆️

... and 2 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@osctobe
prctl: Migrate prctl(NO_NEW_PRIVS) setting.
6bad5d2 
Signed-off-by: Michał Mirosław <[email protected]>
@osctobe
prctl: test prctl(NO_NEW_PRIVS) setting
d490218 
Signed-off-by: Michał Mirosław <[email protected]>
@osctobe
restore: Skip dropping BSET capability if irrelevant.
988a5f4 
prctl(NO_NEW_PRIVS) when set prevents child processes gaining
capabilities not in permitted set. In this case, inability to
clear capability from BSET that is not in the permitted set is
harmless.

Signed-off-by: Michał Mirosław <[email protected]>
@avagin
Copy link
Member

avagin commented Aug 1, 2023

Merged. thanks.

@avagin avagin closed this Aug 1, 2023
@osctobe osctobe deleted the no-new-privs branch August 1, 2023 18:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@avagin avagin avagin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@osctobe @codecov-commenter @avagin