On Sat, Jan 18, 2020 at 4:47 AM Christian Brauner christian.brauner@ubuntu.com wrote:
The criu process is started with all capabilities in the root user namespace.
I don't have time to investigate this issue right now, will provide more details next Tuesday.
Yeah, we've detected the issue. security_capable() indicates success by returning 0 for whatever reason whereas has_ns_capability() returns 1. So the logic was inverted. This is fixed in the new version. Sorry for the noise!
So, I just finished compiling criu and running the test suite on the criu-dev branch. The test-suite passes fine after the security_capable() braino in my original patch was corrected to security_capable() == 0:
################## ALL TEST(S) PASSED (TOTAL 178/SKIPPED 16) ###################
Thank you for doing this! Not all CRIU contributors can run all tests. You rock!
Thanks! Christian