[CRIU] restoring apparmor/selinux profiles
Tycho Andersen
tycho.andersen at canonical.com
Thu Oct 23 10:18:46 PDT 2014
Hi all,
Another thing that we need to do in order to migrate containers is to
restore any apparmor/selinux profiles. I've been looking into this,
and it seems that we should do this at the end of the restorer blob,
since the syscalls in the restorer blob might be blocked by the
profile we're restoring.
What's the best way of calling code like this? I could statically link
the whole thing into the restorer blob, but that doesn't seem ideal.
Should I just pass a function pointer from the "regular" criu code? Is
there some other option?
Thanks,
Tycho
More information about the CRIU
mailing list