[PATCHv2,4/6] criu(8): Document --lsm-profile

Submitted by Radostin Stoyanov on Jan. 13, 2019, 3:25 p.m.


Message ID 20190113152542.20315-4-rstoyanov1@gmail.com
State New
Series "Series without cover letter"
Headers show

Commit Message

Radostin Stoyanov Jan. 13, 2019, 3:25 p.m.
The option --lsm-profile was added with commit:

 lsm: add a --lsm-profile flag

 In LXD, we use the container name in the LSM profile. If the container name
 is changed on migrate (on the host side), we want to use a different LSM
 profile name (a. la. --cgroup-root). This flag adds that support.

A usage example is available in

Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
 Documentation/criu.txt | 11 +++++++++++
 criu/crtools.c         |  3 +++
 2 files changed, 14 insertions(+)

Patch hide | download patch | download mbox

diff --git a/Documentation/criu.txt b/Documentation/criu.txt
index 0a024292d..3cb8b7334 100644
--- a/Documentation/criu.txt
+++ b/Documentation/criu.txt
@@ -445,6 +445,17 @@  The 'mode' may be one of the following:
 *-l*, *--file-locks*::
     Restore file locks from the image.
+*--lsm-profile* 'LSM'*:*'PROFILE'::
+    Specify LSM profile name to be used for restore. The generic syntax is
+    'LSM', followed by a literal colon and the name 'PROFILE'. Currently
+    supported 'LSM' types are: *apparmor* and *selinux*.
+--lsm-profile apparmor:whatever
     As soon as a page is restored it get punched out from image.
diff --git a/criu/crtools.c b/criu/crtools.c
index c8b9ab19c..983d2b04d 100644
--- a/criu/crtools.c
+++ b/criu/crtools.c
@@ -425,6 +425,9 @@  usage:
 "  --cgroup-dump-controller NAME\n"
 "                        define cgroup controller to be dumped\n"
 "                        and skip anything else present in system\n"
+"  --lsm-profile LSM:PROFILE\n"
+"                        specify lsm profile name for restore. LSM can be\n"
+"                        'apparmor' or 'selinux'.\n"
 "  --skip-mnt PATH       ignore this mountpoint when dumping the mount namespace\n"
 "  --enable-fs FSNAMES   a comma separated list of filesystem names or \"all\"\n"
 "                        force criu to (try to) dump/restore these filesystem's\n"