mirror of
https://github.com/checkpoint-restore/criu.git
synced 2026-01-23 02:14:37 +00:00
lsm: support checkpoint/restore of stacked apparmor profiles
Support for apparmor namespaces and stacking is coming to Ubuntu kernels in 16.10, and should hopefully be upstreamed Soon (TM) :). The basic idea is similar to how cgroups are done: we can restore the apparmor namespace and profile blobs independently of the tasks, and then at the end we can just set the task's label appropriately. This means the code that moves tasks under a label stays the same, and the only new code is the stuff that dumps and restores the policy blobs that are in the namespace that were loaded by the container. Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This commit is contained in:
Tycho Andersen
Andrei Vagin
parent
0db135ac4f
commit
8d992a680e
16 changed files with 596 additions and 0 deletions
11
include/apparmor.h
Normal file
11
include/apparmor.h
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
#ifndef __CR_APPARMOR_H__
|
||||
#define __CR_APPARMOR_H__
|
||||
|
||||
int collect_aa_namespace(char *profile);
|
||||
int dump_aa_namespaces(void);
|
||||
|
||||
bool check_aa_ns_dumping(void);
|
||||
|
||||
int prepare_apparmor_namespaces(void);
|
||||
|
||||
#endif /* __CR_APPARMOR_H__ */
|
||||
Loading…
Add table
Add a link
Reference in a new issue