[CRIU] [PATCH 4/6] criu(8): Document --lsm-profile

Kirill Kolyshkin kolyshkin at gmail.com
Wed Jan 16 23:40:23 MSK 2019 

On Sun, 13 Jan 2019 at 06:59, Radostin Stoyanov <rstoyanov1 at gmail.com>
wrote:

> The option --lsm-profile was added with commit:
>
>  6af96c8404181e63d2424d1695fd7f8a42a291bf
>  lsm: add a --lsm-profile flag
>
>  In LXD, we use the container name in the LSM profile. If the container
> name
>  is changed on migrate (on the host side), we want to use a different LSM
>  profile name (a. la. --cgroup-root). This flag adds that support.
>
> A usage example is available in
> https://github.com/lxc/lxc/commit/13389b2963692a51162c703d8a64a79542b18949
>
> Signed-off-by: Radostin Stoyanov <rstoyanov1 at gmail.com>
> ---
>  Documentation/criu.txt | 11 +++++++++++
>  criu/crtools.c         |  3 +++
>  2 files changed, 14 insertions(+)
>
> diff --git a/Documentation/criu.txt b/Documentation/criu.txt
> index 0a024292d..3cb8b7334 100644
> --- a/Documentation/criu.txt
> +++ b/Documentation/criu.txt
> @@ -445,6 +445,17 @@ The 'mode' may be one of the following:
>  *-l*, *--file-locks*::
>      Restore file locks from the image.
>
> +*--lsm-profile* 'LSM'*:*'PROFILE'::
> +    Specify LSM profile name to be used for restore. The generic syntax is
> +    'LSM', followed by a literal colon and the name 'PROFILE'. Currently
>

I would
1. not use ALL CAPS in variable parts here. They are already denoted by
being italicized;
2. use "type" and "name" instead of "LSM" and "PROFILE", respectively.

So something like

*--lsm-profile* 'type':'name'::
   Specify an LSM profile to be used during restore. The `type` can be
   either *apparmor* or *selinux*.


> +    supported 'LSM' types are: *apparmor* and *selinux*.
> ++
> +Example:
> ++
> +----------
> +--lsm-profile apparmor:whatever
> +----------
> +
>

Maybe drop the example -- there is not anything that is way too complicated
here.


>  *--auto-dedup*::
>      As soon as a page is restored it get punched out from image.
>
> diff --git a/criu/crtools.c b/criu/crtools.c
> index c8b9ab19c..2a42dc8bf 100644
> --- a/criu/crtools.c
> +++ b/criu/crtools.c
> @@ -425,6 +425,9 @@ usage:
>  "  --cgroup-dump-controller NAME\n"
>  "                        define cgroup controller to be dumped\n"
>  "                        and skip anything else present in system\n"
> +"  --lsm-profile LSM:PROFILE\n"
>

--lsm-profile TYPE:NAME


> +"                        specify lsm profile name for restore. LSM can be
> 'apparmor'\n"
>

s/LSM/TYPE/
s/lsm/LSM/


> +"                        or 'selinux'. (example: --lsm-profile
> apparmor:whatever)\n"
>  "  --skip-mnt PATH       ignore this mountpoint when dumping the mount
> namespace\n"
>  "  --enable-fs FSNAMES   a comma separated list of filesystem names or
> \"all\"\n"
>  "                        force criu to (try to) dump/restore these
> filesystem's\n"
> --
> 2.20.1
>
> _______________________________________________
> CRIU mailing list
> CRIU at openvz.org
> https://lists.openvz.org/mailman/listinfo/criu
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/criu/attachments/20190116/c69d98e9/attachment-0001.html>

More information about the CRIU mailing list