[CRIU] [PATCH 3/9] check: add a feature test for apparmor_stacking

[Tycho Andersen]

Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
---
 criu/cr-check.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/criu/cr-check.c b/criu/cr-check.c
index bb4d978..b295f1d 100644
--- a/criu/cr-check.c
+++ b/criu/cr-check.c
@@ -40,8 +40,12 @@
 #include "tun.h"
 #include "namespaces.h"
 #include "pstree.h"
+#include "lsm.h"
+#include "apparmor.h"
 #include "cr_options.h"
 
+#include "images/inventory.pb-c.h"
+
 static char *feature_name(int (*func)());
 
 static int check_tty(void)
@@ -933,6 +937,23 @@ static int check_tcp_window(void)
 	return 0;
 }
 
+static int check_apparmor_stacking(void)
+{
+	kerndat_lsm();
+
+	/* If the kernel doesn't even support apparmor, there can't be any
+	 * processes with apparmor profiles, so we don't have to worry about
+	 * dump support.
+	 */
+	if (host_lsm_type() != LSMTYPE__APPARMOR)
+		return 0;
+
+	if (!check_aa_ns_dumping())
+		return -1;
+
+	return 0;
+}
+
 static int (*chk_feature)(void);
 
 /*
@@ -1031,6 +1052,7 @@ int cr_check(void)
 		ret |= check_clone_parent_vs_pid();
 		ret |= check_cgroupns();
 		ret |= check_tcp_window();
+		ret |= check_apparmor_stacking();
 	}
 
 	/*
@@ -1110,6 +1132,7 @@ static struct feature_list feature_list[] = {
 	{ "loginuid", check_loginuid },
 	{ "cgroupns", check_cgroupns },
 	{ "autofs", check_autofs },
+	{ "apparmor_stacking", check_apparmor_stacking },
 	{ NULL, NULL },
 };
 
-- 
2.9.3