ce570ab34d
CRIU can influence the PID of the threads it wants to create. CRIU uses /proc/sys/kernel/ns_last_pidto tell the kernel which PID it wants for the next clone(). So it has to write to that file. This feels like a problematic as it opens up the container writing to all sysctl_kernel_t. Using new label container_t will just write to sysctl_kernel_ns_last_pid_t instad writing to more generic sysctl_kernel_t files. |
||
|---|---|---|
| .. | ||
| flask | ||
| modules | ||
| support | ||
| constraints | ||
| context_defaults | ||
| global_booleans | ||
| global_tunables | ||
| mcs | ||
| mls | ||
| policy_capabilities | ||
| users | ||