On Mon, Jan 23, 2023 at 08:52:29PM +0100, Oleg Nesterov wrote:
On 01/23, Gregory Price wrote:
So i think dropping 2/3 in the list is good. If you concur i'll do that.
Well I obviously think that 2/3 should be dropped ;)
As for 1/3 and 3/3, feel free to add my reviewed-by.
Oleg.
I'm actually going to walk my agreement back.
After one more review, the need for the proc/status entry is not to decide whether to dump SUD settings, but for use in deciding whether to set the SUSPEND_SYSCALL_DISPATCH option from patch 1/3.
For SECCOMP, CRIU's `compel` does the following:
1. ptrace attach / halt 2. examine proc/status for seccomp usage 3. if seccomp in use, set PTRACE_O_SUSPEND_SECCOMP 4. proceed with further operations
The same pattern would be used for syscall dispatch.
Technically I think setting the flag unconditionally would be safe, but it would lead to unclear system state (i.e. did i actually suspend something? was the process actually using it?)
To me it seems better to leave it explicit and keep the second commit.
Thoughts?
(cc: @avagin if you happen to have any input on this particular pattern)
~Gregory