[CRIU] [PATCH v3 1/3] lsm: add support for c/ring LSM profiles
Pavel Emelyanov
xemul at parallels.com
Fri May 8 05:31:24 PDT 2015
On 05/07/2015 01:18 AM, Tycho Andersen wrote:
> This patch adds support for checkpoint and restore of two linux security
> modules (apparmor and selinux). The actual checkpoint or restore code isn't
> that interesting, other than that we have to do the LSM restore in the restorer
> blob since it may block any number of things that we want to do as part of the
> restore process.
>
> I tried originally to get this to work using libraries in the restorer blob,
> but I could _not_ get things to work correctly (I assume I was doing something
> wrong with all the static linking, you can see my draft attempts here:
> https://github.com/tych0/criu/commits/apparmor-using-libraries ). I can try to
> resurrect this if it makes more sense, to do it that way, though.
>
> v2: lsm_profile lives in creds.proto instead of the task core, look in a more
> canonical place for selinuxfs and don't try to special case any selinux
> profile names.
> v3: only allow unconfined selinux profiles
>
> Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Applied, thanks!
More information about the CRIU
mailing list