Files · 5fe3a138df9d157e3e29c910ca9ff9186cd5ad7f · zhul / criu

lsm: add support for c/ring LSM profiles · 5fe3a138

Tycho Andersen authored May 06, 2015

This patch adds support for checkpoint and restore of two linux security
modules (apparmor and selinux). The actual checkpoint or restore code isn't
that interesting, other than that we have to do the LSM restore in the restorer
blob since it may block any number of things that we want to do as part of the
restore process.

I tried originally to get this to work using libraries in the restorer blob,
but I could _not_ get things to work correctly (I assume I was doing something
wrong with all the static linking, you can see my draft attempts here:
https://github.com/tych0/criu/commits/apparmor-using-libraries ). I can try to
resurrect this if it makes more sense, to do it that way, though.

v2: lsm_profile lives in creds.proto instead of the task core, look in a more
canonical place for selinuxfs and don't try to special case any selinux
profile names.
v3: only allow unconfined selinux profiles
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

5fe3a138

Name	Last commit	Last update
Documentation		Loading commit data...
arch		Loading commit data...
contrib		Loading commit data...
include		Loading commit data...
lib		Loading commit data...
pie		Loading commit data...
protobuf		Loading commit data...
pycriu		Loading commit data...
scripts		Loading commit data...
test		Loading commit data...
.gitignore		Loading commit data...
.mailmap		Loading commit data...
.travis.yml		Loading commit data...
COPYING		Loading commit data...
CREDITS		Loading commit data...
Dockerfile		Loading commit data...
Makefile		Loading commit data...
Makefile.config		Loading commit data...
Makefile.crtools		Loading commit data...
Makefile.inc		Loading commit data...
README		Loading commit data...
action-scripts.c		Loading commit data...
aio.c		Loading commit data...
bfd.c		Loading commit data...
cgroup.c		Loading commit data...
cr-check.c		Loading commit data...
cr-dedup.c		Loading commit data...
cr-dump.c		Loading commit data...
cr-errno.c		Loading commit data...
cr-exec.c		Loading commit data...
cr-restore.c		Loading commit data...
cr-service.c		Loading commit data...
cr-show.c		Loading commit data...
crit		Loading commit data...
crtools		Loading commit data...
crtools.c		Loading commit data...
eventfd.c		Loading commit data...
eventpoll.c		Loading commit data...
fifo.c		Loading commit data...
file-ids.c		Loading commit data...
file-lock.c		Loading commit data...
files-ext.c		Loading commit data...
files-reg.c		Loading commit data...
files.c		Loading commit data...
fsnotify.c		Loading commit data...
image-desc.c		Loading commit data...
image.c		Loading commit data...
ipc_ns.c		Loading commit data...
irmap.c		Loading commit data...
kcmp-ids.c		Loading commit data...
kerndat.c		Loading commit data...
libnetlink.c		Loading commit data...
log.c		Loading commit data...
lsm.c		Loading commit data...
mem.c		Loading commit data...
mount.c		Loading commit data...
namespaces.c		Loading commit data...
net.c		Loading commit data...
netfilter.c		Loading commit data...
page-pipe.c		Loading commit data...
page-read.c		Loading commit data...
page-xfer.c		Loading commit data...
pagemap-cache.c		Loading commit data...
parasite-syscall.c		Loading commit data...
pipes.c		Loading commit data...
plugin.c		Loading commit data...
proc_parse.c		Loading commit data...
protobuf-desc.c		Loading commit data...
protobuf.c		Loading commit data...
pstree.c		Loading commit data...
ptrace.c		Loading commit data...
rbtree.c		Loading commit data...
rst-malloc.c		Loading commit data...
sd-daemon.c		Loading commit data...
sd-daemon.h		Loading commit data...
security.c		Loading commit data...
shmem.c		Loading commit data...
sigframe.c		Loading commit data...
signalfd.c		Loading commit data...
sk-inet.c		Loading commit data...
sk-netlink.c		Loading commit data...
sk-packet.c		Loading commit data...
sk-queue.c		Loading commit data...
sk-tcp.c		Loading commit data...
sk-unix.c		Loading commit data...
sockets.c		Loading commit data...
stats.c		Loading commit data...
string.c		Loading commit data...
sysctl.c		Loading commit data...
sysfs_parse.c		Loading commit data...
timerfd.c		Loading commit data...
tty.c		Loading commit data...
tun.c		Loading commit data...
util.c		Loading commit data...
uts_ns.c		Loading commit data...

README