Skip to content

L
lxc
Commit 13389b29 by Tycho Andersen Committed by Stéphane Graber
Options

c/r: use --lsm-profile if provided

Since we can rename a container on a migrate, let's tell CRIU to use the LSM profile name the user has specified. This change is motivated by LXD, which sets an LSM profile name based on the container name, so if a user changes the name of a container during migration, the old profile name (that criu has saved) won't exist on the new host. Signed-off-by: 's avatarTycho Andersen <tycho.andersen@canonical.com> Acked-by: 's avatarStéphane Graber <stgraber@ubuntu.com>
parent a14bf84f
Showing with 19 additions and 2 deletions
src/lxc/criu.c
...@@ -89,8 +89,10 @@ void exec_criu(struct criu_opts *opts) ...@@ -89,8 +89,10 @@ void exec_criu(struct criu_opts *opts)
static_args++; static_args++;
} else if (strcmp(opts->action, "restore") == 0) { } else if (strcmp(opts->action, "restore") == 0) {
/* --root $(lxc_mount_point) --restore-detached /* --root $(lxc_mount_point) --restore-detached
* --restore-sibling --pidfile $foo --cgroup-root $foo */ * --restore-sibling --pidfile $foo --cgroup-root $foo
static_args += 8; * --lsm-profile apparmor:whatever
*/
static_args += 10;
} else { } else {
return; return;
} }
...@@ -184,6 +186,7 @@ void exec_criu(struct criu_opts *opts) ...@@ -184,6 +186,7 @@ void exec_criu(struct criu_opts *opts)
} else if (strcmp(opts->action, "restore") == 0) { } else if (strcmp(opts->action, "restore") == 0) {
void *m; void *m;
int additional; int additional;
struct lxc_conf *lxc_conf = opts->c->lxc_conf;
DECLARE_ARG("--root"); DECLARE_ARG("--root");
DECLARE_ARG(opts->c->lxc_conf->rootfs.mount); DECLARE_ARG(opts->c->lxc_conf->rootfs.mount);
...@@ -194,6 +197,20 @@ void exec_criu(struct criu_opts *opts) ...@@ -194,6 +197,20 @@ void exec_criu(struct criu_opts *opts)
DECLARE_ARG("--cgroup-root"); DECLARE_ARG("--cgroup-root");
DECLARE_ARG(opts->cgroup_path); DECLARE_ARG(opts->cgroup_path);
if (lxc_conf->lsm_aa_profile || lxc_conf->lsm_se_context) {
if (lxc_conf->lsm_aa_profile)
ret = snprintf(buf, sizeof(buf), "apparmor:%s", lxc_conf->lsm_aa_profile);
else
ret = snprintf(buf, sizeof(buf), "selinux:%s", lxc_conf->lsm_se_context);
if (ret < 0 || ret >= sizeof(buf))
goto err;
DECLARE_ARG("--lsm-profile");
DECLARE_ARG(buf);
}
additional = lxc_list_len(&opts->c->lxc_conf->network) * 2; additional = lxc_list_len(&opts->c->lxc_conf->network) * 2;
m = realloc(argv, (argc + additional + 1) * sizeof(*argv)); m = realloc(argv, (argc + additional + 1) * sizeof(*argv));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment