This is v4 of the 'Introduce CAP_CHECKPOINT_RESTORE' patchset. There is only one change from v3 to address Jann's comment on patch 3/3
(That is not necessarily true in the presence of LSMs like SELinux: You'd have to be able to FILE__EXECUTE_NO_TRANS the target executable according to the system's security policy.) Nicolas updated the last patch (3/3). The first two patches are unchanged from v3. Adrian Reber (2): capabilities: Introduce CAP_CHECKPOINT_RESTORE selftests: add clone3() CAP_CHECKPOINT_RESTORE test Nicolas Viennot (1): prctl: Allow ptrace capable processes to change /proc/self/exe fs/proc/base.c | 8 +- include/linux/capability.h | 6 + include/linux/lsm_hook_defs.h | 1 + include/linux/security.h | 6 + include/uapi/linux/capability.h | 9 +- kernel/pid.c | 2 +- kernel/pid_namespace.c | 2 +- kernel/sys.c | 12 +- security/commoncap.c | 26 +++ security/security.c | 5 + security/selinux/hooks.c | 14 ++ security/selinux/include/classmap.h | 5 +- tools/testing/selftests/clone3/Makefile | 4 +- .../clone3/clone3_cap_checkpoint_restore.c | 203 ++++++++++++++++++ 14 files changed, 285 insertions(+), 18 deletions(-) create mode 100644 tools/testing/selftests/clone3/clone3_cap_checkpoint_restore.c base-commit: f2b92b14533e646e434523abdbafddb727c23898 -- 2.26.2