Security

From CRIU
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Due to restrictions imposed by several kernel APIs CRIU uses, the tools can only work with run with root privileges. The plan is to provide user-mode, but it will have restrictions.

Service mode

If CRIU is run as service from root, make sure the connection socket is restricted to unauthorized access. The service doesn't make any additional checks about the RPC caller, it just goes and performs the requested action.

See also

CRIU has security issues when working with user namespaces and selinux

Retrieved from "https://criu.org/index.php?title=Security&oldid=3831"