criu(8): Document --lsm-profile

The option --lsm-profile was added with commit:

 6af96c84
 lsm: add a --lsm-profile flag

 In LXD, we use the container name in the LSM profile. If the container name
 is changed on migrate (on the host side), we want to use a different LSM
 profile name (a. la. --cgroup-root). This flag adds that support.

A usage example is available in
https://github.com/lxc/lxc/commit/13389b2963692a51162c703d8a64a79542b18949Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
Signed-off-by: Andrei Vagin <avagin@gmail.com>

Documentation/criu.txt

@@ -445,6 +445,10 @@ The 'mode' may be one of the following:
 *-l*, *--file-locks*::
     Restore file locks from the image.
 
+*--lsm-profile* 'type'*:*'name'::
+    Specify an LSM profile to be used during restore. The `type` can be
+    either *apparmor* or *selinux*.
+
 *--auto-dedup*::
     As soon as a page is restored it get punched out from image.
 

criu/crtools.c

@@ -402,6 +402,9 @@ usage:
 "  --cgroup-dump-controller NAME\n"
 "                        define cgroup controller to be dumped\n"
 "                        and skip anything else present in system\n"
+"  --lsm-profile TYPE:NAME\n"
+"                        Specify an LSM profile to be used during restore.\n"
+"                        The type can be either 'apparmor' or 'selinux'.\n"
 "  --skip-mnt PATH       ignore this mountpoint when dumping the mount namespace\n"
 "  --enable-fs FSNAMES   a comma separated list of filesystem names or \"all\"\n"
 "                        force criu to (try to) dump/restore these filesystem's\n"