Mirrors/criu
1
0
Fork 0
mirror of https://github.com/checkpoint-restore/criu.git synced 2026-01-23 10:16:41 +00:00
Code Issues Projects Releases Wiki Activity
criu/include
History
Tycho Andersen 5fe3a138df lsm: add support for c/ring LSM profiles 
This patch adds support for checkpoint and restore of two linux security
modules (apparmor and selinux). The actual checkpoint or restore code isn't
that interesting, other than that we have to do the LSM restore in the restorer
blob since it may block any number of things that we want to do as part of the
restore process.

I tried originally to get this to work using libraries in the restorer blob,
but I could _not_ get things to work correctly (I assume I was doing something
wrong with all the static linking, you can see my draft attempts here:
https://github.com/tych0/criu/commits/apparmor-using-libraries ). I can try to
resurrect this if it makes more sense, to do it that way, though.

v2: lsm_profile lives in creds.proto instead of the task core, look in a more
    canonical place for selinuxfs and don't try to special case any selinux
    profile names.
v3: only allow unconfined selinux profiles

Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-05-08 15:31:05 +03:00
..
asm-generic Use run-time page size where it matters 2015-04-22 15:39:05 +03:00
action-scripts.h scripts: Add ACT_MAX limit and make @action_names being const 2014-10-27 21:30:37 +04:00
aio.h aio: Restore AIO contexts 2014-12-26 18:13:40 +03:00
bfd.h bfd: Don't leak image-open flags into bfdopen 2015-03-16 15:58:14 +03:00
bug.h bug: Include <stdbool.h> 2014-02-21 16:27:16 +04:00
cgroup.h cg: add --cgroup-root option 2014-08-19 12:58:36 +04:00
compiler.h include/compiler.h: Cleanup 2013-02-15 17:34:38 +04:00
config-base.h config-base: Add F_SETPIPE_SZ/F_GETPIPE_SZ 2014-02-18 12:53:09 +04:00
cpu.h cpuinfo: Add "cpuinfo [dump|check]" commands, v2 2014-10-03 13:26:58 +04:00
cr-errno.h cr_errno: move cr_err helpers into cr_errno.h 2014-12-22 13:50:45 +03:00
cr-service-const.h service: allocate buffers for messages dinamically (v2) 2015-04-21 16:09:09 +03:00
cr-service.h scripts: Use numeric action val in RPC notifications 2014-09-05 13:48:27 +04:00
cr-show.h img: Introduce the struct cr_img 2014-09-30 21:48:13 +04:00
cr_options.h mnt: add --enable-external-masters option 2015-04-10 17:54:51 +03:00
criu-log.h criu: print correct errno messages from pr_perror() 2015-02-13 15:14:44 +03:00
criu-plugin.h plugin: Explicit assign plugin hooks 2014-09-19 17:39:06 +04:00
crtools.h security: create separate security.h header 2015-02-10 16:53:54 +03:00
err.h headers: Add err.h header 2013-04-02 20:27:51 +04:00
errno.h headers: Move ERESTART codes to errno.h 2013-11-14 22:22:21 +04:00
eventfd.h anon-inode: Don't readlink fd/fd multiple times 2014-02-02 22:14:29 +04:00
eventpoll.h anon-inode: Don't readlink fd/fd multiple times 2014-02-02 22:14:29 +04:00
fcntl.h fsnotify: Open handle with O_PATH, v2 2014-02-25 23:38:35 +04:00
fifo.h img: Rename fdset -> imgset 2014-09-30 21:48:10 +04:00
file-ids.h files-ids: generate id-s accoding with mnt_id, st->st_dev and st->st_ino 2014-04-21 22:39:28 +04:00
file-lock.h locks: Don't dump locks in per-task manner (v3) 2014-09-02 17:44:46 +04:00
files-reg.h reg-files: Do not try to linkat with wrong user 2015-02-13 16:11:38 +04:00
files.h service: add ability to set inherit file descriptors (v3) 2015-03-30 13:09:25 +03:00
fs-magic.h remap: add a dead pid /proc remap 2014-09-19 17:42:48 +04:00
fsnotify.h fsnotify: merge fanotify mark image into fanotify image (v3) 2014-09-03 20:51:39 +04:00
image-desc.h add netns protobuf entry and image, also add conf to net device entry 2015-04-09 18:59:17 +03:00
image.h arch/ppc64: Add PowerPC 64 LE support 2015-04-30 09:57:49 +03:00
imgset.h img: Introduce the struct cr_img 2014-09-30 21:48:13 +04:00
inet_diag.h headers: Unify include guards (in comments) and a few fixes 2012-12-25 22:40:24 +04:00
ipc_ns.h ns: Factor out namespace switching call 2014-09-30 21:54:11 +04:00
irmap.h irmap: Get root mntfd before releasing tasks on predump 2014-10-01 09:37:04 +04:00
kcmp-ids.h headers: Add extern specificator to functions 2013-11-15 17:00:58 +04:00
kcmp.h headers: Move kcmp_type to kcmp.h 2013-11-14 22:13:59 +04:00
kerndat.h kerndat: check the lock field in fdinfo (v2) 2015-04-27 14:53:22 +03:00
libnetlink.h nlk: Add error callback to do_rtnl_req 2015-01-22 18:54:37 +03:00
list.h criu: Several formatting fixes 2014-01-14 09:33:19 +04:00
lock.h atomic: Use atomic_read instead of atomic_get 2013-08-16 19:37:06 +04:00
log.h img: Introduce the struct cr_img 2014-09-30 21:48:13 +04:00
lsm.h lsm: add support for c/ring LSM profiles 2015-05-08 15:31:05 +03:00
magic.h img: Introduce v1.1 images (v2) 2015-04-14 15:18:32 +03:00
mem.h mem: Move shmem preparation routine and rename 2014-02-03 23:34:12 +04:00
mman.h headers: Move MADV definitions to own mman.h 2013-11-14 22:48:30 +04:00
mount.h introduce --enable-fs cli option 2015-04-10 17:35:43 +03:00
namespaces.h revert 246367e4e4 "add walk_all flag to walk_namespaces" 2015-04-14 22:34:40 +03:00
net.h Allow the veth-pair option to specify a bridge 2015-01-12 14:54:18 +03:00
netfilter.h headers: Add extern specificator to functions 2013-11-15 17:00:58 +04:00
netlink_diag.h headers: Add missing __CR_ at last endif 2013-11-15 16:59:57 +04:00
packet_diag.h headers: Unify include guards (in comments) and a few fixes 2012-12-25 22:40:24 +04:00
page-pipe.h page-pipe: split dumping memory on chunks (v3) 2014-02-10 15:06:39 +04:00
page-read.h page-read: Explicitly mark ENOENT with return code 2015-03-13 14:42:11 +03:00
page-xfer.h mem: check existence of parent images before dumping pages (v2) 2014-11-29 19:32:40 +03:00
pagemap-cache.h Use run-time page size where it matters 2015-04-22 15:39:05 +03:00
parasite-syscall.h parasite: Cleanup args size fetching 2014-11-11 20:11:34 +04:00
parasite.h tty: Rework tty_driver structure 2015-04-02 20:20:01 +03:00
pid.h headers: Add missing __CR_ at last endif 2013-11-15 16:59:57 +04:00
pipes.h collect: Shorten common images collecting code 2013-08-21 03:52:18 +04:00
plugin.h plugin: Rework plugins API, v2 2014-09-03 20:48:36 +04:00
posix-timer.h posix-timers: Helper for freeing proc parsed data 2014-04-17 12:01:02 +04:00
prctl.h prctl: Add new interface constants 2014-10-27 21:25:25 +04:00
proc_parse.h lock: parse the lock field in fdinfo if it's avaliable (v2) 2015-04-27 14:53:24 +03:00
protobuf-desc.h add netns protobuf entry and image, also add conf to net device entry 2015-04-09 18:59:17 +03:00
protobuf.h img: Remove O_OPT and COLLECT_OPTIONAL 2015-03-13 14:42:01 +03:00
pstree.h pstree: Add helper for adding helpers to pstree 2014-10-14 18:02:36 +04:00
ptrace.h dump: remove useless arguments from seize_task() 2014-11-07 17:14:54 +04:00
rbtree.h x86: moved x86-specific files into the directory arch/x86. 2013-01-09 17:02:47 +04:00
restorer.h lsm: add support for c/ring LSM profiles 2015-05-08 15:31:05 +03:00
rst-malloc.h whitespace-at-eol cleanup 2013-12-12 10:00:45 +04:00
rst_info.h tty: Implement support of current tty 2015-04-02 20:20:08 +03:00
security.h security: add cr_fchown 2015-02-10 16:54:31 +03:00
servicefd.h usernsd: The way to restore priviledged stuff in userns 2015-02-13 16:11:38 +04:00
setproctitle.h crtools: check for setproctitle_init 2014-09-02 16:14:39 +04:00
shmem.h shmem: Turn shmem-info into shared objects from shremap ones 2015-01-12 14:47:24 +03:00
sigframe.h parasite: don't include restorer.h in parasite-syscall.c 2013-11-06 12:39:36 +04:00
signalfd.h img: Rename fdset -> imgset 2014-09-30 21:48:10 +04:00
sk-inet.h Do not call listen() when SO_REUSEADDR is off 2015-02-16 13:18:32 +03:00
sk-packet.h img: Rename fdset -> imgset 2014-09-30 21:48:10 +04:00
sk-queue.h crtools: move all stuff about vma together 2013-11-06 12:43:49 +04:00
sockets.h sockets: define NETLINK_SOCK_DIAG in sockets.h 2015-01-23 15:40:02 +03:00
stats.h stats: Fix restore pages stats 2014-02-04 14:03:10 +04:00
string.h make: config -- Add testing if we have libbsd installed 2014-03-26 01:44:23 +04:00
syscall-types.h x86: Add io syscalls 2014-12-26 18:13:33 +03:00
sysctl.h sysctl: Pass number of requests in argument 2015-05-05 14:14:24 +03:00
sysfs_parse.h Added AUFS support. 2014-08-21 18:35:22 +04:00
timerfd.h timerfd: Implement check routine 2014-08-07 10:18:09 +04:00
tty.h tty: Rework tty_driver structure 2015-04-02 20:20:01 +03:00
tun.h check/zdtm: Introduce fine-grained feature testing 2015-01-22 18:55:34 +03:00
unix_diag.h x86: moved x86-specific files into the directory arch/x86. 2013-01-09 17:02:47 +04:00
util-pie.h headers: Drop uintX_t usage 2013-12-12 10:03:07 +04:00
util.h util: Fix the ispathsub corner case 2014-11-09 23:26:56 +04:00
uts_ns.h ns: Factor out namespace switching call 2014-09-30 21:54:11 +04:00
vdso.h vdso: Implement vDSO proxification of any vvar/vdso order 2014-08-04 15:35:03 +04:00
vma.h vma: Unify private VMAs testing 2015-04-01 12:36:46 +03:00
xmalloc.h core: Allocate CoreEntry (except arch) with single xmalloc 2014-03-14 13:39:28 +04:00