mirror of
https://github.com/checkpoint-restore/criu.git
synced 2026-01-23 02:14:37 +00:00
7424ccaae8
We check files in /sys, so we must do this from host mount namespaces. The write_img_inventory() is called after kerndat_init() and it's only called on dump. The bug is triggered on restore, because the mount namespace of the restored process doesn't have /sys/kernel/security/apparmor/ I think it's better to initialize the host lsm in a one place for dump and restore. Currently we initialize the host lsm when we try to use it at a first time. It works fine for the dump operation. On restore it doesn't work because criu checks files in a restored mount namespace and it does this for each process, what isn't optimal. Signed-off-by: Andrew Vagin <avagin@openvz.org> Signed-off-by: Andrey Vagin <avagin@openvz.org> Acked-by: Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
34 lines
701 B
C
34 lines
701 B
C
#ifndef __CR_LSM_H__
|
|
#define __CR_LSM_H__
|
|
|
|
#include "protobuf/inventory.pb-c.h"
|
|
#include "protobuf/creds.pb-c.h"
|
|
|
|
/*
|
|
* Get the Lsmtype for the current host.
|
|
*/
|
|
extern Lsmtype host_lsm_type();
|
|
|
|
/*
|
|
* Initilize the Lsmtype for the current host
|
|
*/
|
|
extern void kerndat_lsm();
|
|
|
|
/*
|
|
* Read the LSM profile for the pstree item
|
|
*/
|
|
extern int collect_lsm_profile(pid_t, CredsEntry *);
|
|
|
|
/*
|
|
* Validate that the LSM profiles can be correctly applied (must happen after
|
|
* pstree is set up).
|
|
*/
|
|
extern int validate_lsm();
|
|
|
|
/*
|
|
* Render the profile name in the way that the LSM wants it written to
|
|
* /proc/<pid>/attr/current.
|
|
*/
|
|
int render_lsm_profile(char *profile, char **val);
|
|
|
|
#endif /* __CR_LSM_H__ */
|