<div dir="ltr"><div dir="ltr"><div dir="ltr">On Sun, 13 Jan 2019 at 06:59, Radostin Stoyanov <<a href="mailto:rstoyanov1@gmail.com">rstoyanov1@gmail.com</a>> wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">The option --lsm-profile was added with commit:<br>
<br>
6af96c8404181e63d2424d1695fd7f8a42a291bf<br>
lsm: add a --lsm-profile flag<br>
<br>
In LXD, we use the container name in the LSM profile. If the container name<br>
is changed on migrate (on the host side), we want to use a different LSM<br>
profile name (a. la. --cgroup-root). This flag adds that support.<br>
<br>
A usage example is available in<br>
<a href="https://github.com/lxc/lxc/commit/13389b2963692a51162c703d8a64a79542b18949" rel="noreferrer" target="_blank">https://github.com/lxc/lxc/commit/13389b2963692a51162c703d8a64a79542b18949</a><br>
<br>
Signed-off-by: Radostin Stoyanov <<a href="mailto:rstoyanov1@gmail.com" target="_blank">rstoyanov1@gmail.com</a>><br>
---<br>
Documentation/criu.txt | 11 +++++++++++<br>
criu/crtools.c | 3 +++<br>
2 files changed, 14 insertions(+)<br>
<br>
diff --git a/Documentation/criu.txt b/Documentation/criu.txt<br>
index 0a024292d..3cb8b7334 100644<br>
--- a/Documentation/criu.txt<br>
+++ b/Documentation/criu.txt<br>
@@ -445,6 +445,17 @@ The 'mode' may be one of the following:<br>
*-l*, *--file-locks*::<br>
Restore file locks from the image.<br>
<br>
+*--lsm-profile* 'LSM'*:*'PROFILE'::<br>
+ Specify LSM profile name to be used for restore. The generic syntax is<br>
+ 'LSM', followed by a literal colon and the name 'PROFILE'. Currently<br></blockquote><div><br></div><div>I would<br>1. not use ALL CAPS in variable parts here. They are already denoted by being italicized;</div><div>2. use "type" and "name" instead of "LSM" and "PROFILE", respectively.</div><div><br></div><div>So something like<br><br>*--lsm-profile* 'type':'name'::<br> Specify an LSM profile to be used during restore. The `type` can be<br> either *apparmor* or *selinux*.<br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
+ supported 'LSM' types are: *apparmor* and *selinux*.<br>
++<br>
+Example:<br>
++<br>
+----------<br>
+--lsm-profile apparmor:whatever<br>
+----------<br>
+<br></blockquote><div><br></div><div>Maybe drop the example -- there is not anything that is way too complicated here.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
*--auto-dedup*::<br>
As soon as a page is restored it get punched out from image.<br>
<br>
diff --git a/criu/crtools.c b/criu/crtools.c<br>
index c8b9ab19c..2a42dc8bf 100644<br>
--- a/criu/crtools.c<br>
+++ b/criu/crtools.c<br>
@@ -425,6 +425,9 @@ usage:<br>
" --cgroup-dump-controller NAME\n"<br>
" define cgroup controller to be dumped\n"<br>
" and skip anything else present in system\n"<br>
+" --lsm-profile LSM:PROFILE\n"<br></blockquote><div><br></div><div>--lsm-profile TYPE:NAME</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
+" specify lsm profile name for restore. LSM can be 'apparmor'\n"<br></blockquote><div><br></div><div>s/LSM/TYPE/</div><div>s/lsm/LSM/</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
+" or 'selinux'. (example: --lsm-profile apparmor:whatever)\n"<br>
" --skip-mnt PATH ignore this mountpoint when dumping the mount namespace\n"<br>
" --enable-fs FSNAMES a comma separated list of filesystem names or \"all\"\n"<br>
" force criu to (try to) dump/restore these filesystem's\n"<br>
-- <br>
2.20.1<br>
<br>
_______________________________________________<br>
CRIU mailing list<br>
<a href="mailto:CRIU@openvz.org" target="_blank">CRIU@openvz.org</a><br>
<a href="https://lists.openvz.org/mailman/listinfo/criu" rel="noreferrer" target="_blank">https://lists.openvz.org/mailman/listinfo/criu</a><br>
</blockquote></div></div></div>