[CRIU] [PATCHv3 4/6] criu(8): Document --lsm-profile
Radostin Stoyanov
rstoyanov1 at gmail.com
Thu Jan 17 11:33:40 MSK 2019
The option --lsm-profile was added with commit:
6af96c8404181e63d2424d1695fd7f8a42a291bf
lsm: add a --lsm-profile flag
In LXD, we use the container name in the LSM profile. If the container name
is changed on migrate (on the host side), we want to use a different LSM
profile name (a. la. --cgroup-root). This flag adds that support.
A usage example is available in
https://github.com/lxc/lxc/commit/13389b2963692a51162c703d8a64a79542b18949
Signed-off-by: Radostin Stoyanov <rstoyanov1 at gmail.com>
---
Documentation/criu.txt | 4 ++++
criu/crtools.c | 3 +++
2 files changed, 7 insertions(+)
diff --git a/Documentation/criu.txt b/Documentation/criu.txt
index 0a024292d..ea02613dd 100644
--- a/Documentation/criu.txt
+++ b/Documentation/criu.txt
@@ -445,6 +445,10 @@ The 'mode' may be one of the following:
*-l*, *--file-locks*::
Restore file locks from the image.
+*--lsm-profile* 'type'*:*'name'::
+ Specify an LSM profile to be used during restore. The `type` can be
+ either *apparmor* or *selinux*.
+
*--auto-dedup*::
As soon as a page is restored it get punched out from image.
diff --git a/criu/crtools.c b/criu/crtools.c
index c8b9ab19c..983d2b04d 100644
--- a/criu/crtools.c
+++ b/criu/crtools.c
@@ -425,6 +425,9 @@ usage:
" --cgroup-dump-controller NAME\n"
" define cgroup controller to be dumped\n"
" and skip anything else present in system\n"
+" --lsm-profile LSM:PROFILE\n"
+" specify lsm profile name for restore. LSM can be\n"
+" 'apparmor' or 'selinux'.\n"
" --skip-mnt PATH ignore this mountpoint when dumping the mount namespace\n"
" --enable-fs FSNAMES a comma separated list of filesystem names or \"all\"\n"
" force criu to (try to) dump/restore these filesystem's\n"
--
2.20.1
More information about the CRIU
mailing list