Merge pull request #1578 from rst0git/lsm

restore: add lsm-profile and lsm-mount-context options
containers · Oct 21, 2024 · 2d36664 · 2d36664
2 parents bfdabce + ce89aa6
commit 2d36664
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 0 deletions.
diff --git a/src/libcrun/container.h b/src/libcrun/container.h
@@ -187,6 +187,8 @@ struct libcrun_checkpoint_restore_s
  char *parent_path;
  bool pre_dump;
  int manage_cgroups_mode;
+ char *lsm_profile;
+ char *lsm_mount_context;
 };
 typedef struct libcrun_checkpoint_restore_s libcrun_checkpoint_restore_t;
 

diff --git a/src/libcrun/criu.c b/src/libcrun/criu.c
@@ -89,6 +89,8 @@ struct libcriu_wrapper_s
  void (*criu_set_tcp_established) (bool tcp_established);
  void (*criu_set_track_mem) (bool track_mem);
  void (*criu_set_work_dir_fd) (int fd);
+ int (*criu_set_lsm_profile) (const char *name);
+ int (*criu_set_lsm_mount_context) (const char *name);
 };
 
 static struct libcriu_wrapper_s *libcriu_wrapper;
@@ -826,6 +828,20 @@ libcrun_container_restore_linux_criu (libcrun_container_status_t *status, libcru
  cr_options->work_path = cr_options->image_path;
  }
 
+ if (cr_options->lsm_profile != NULL)
+ {
+ ret = libcriu_wrapper->criu_set_lsm_profile (cr_options->lsm_profile);
+ if (UNLIKELY (ret != 0))
+ return crun_make_error (err, 0, "error setting LSM profile to `%s`", cr_options->lsm_profile);
+ }
+
+ if (cr_options->lsm_mount_context != NULL)
+ {
+ ret = libcriu_wrapper->criu_set_lsm_mount_context (cr_options->lsm_mount_context);
+ if (UNLIKELY (ret != 0))
+ return crun_make_error (err, 0, "error setting LSM mount context to `%s`", cr_options->lsm_mount_context);
+ }
+
  /* Tell CRIU about external bind mounts. */
  for (i = 0; i < def->mounts_len; i++)
  {

diff --git a/src/restore.c b/src/restore.c
@@ -44,6 +44,8 @@ enum
  OPTION_CONSOLE_SOCKET,
  OPTION_FILE_LOCKS,
  OPTION_MANAGE_CGROUPS_MODE,
+ OPTION_LSM_PROFILE,
+ OPTION_LSM_MOUNT_CONTEXT,
 };
 
 static char doc[] = "OCI runtime";
@@ -67,6 +69,8 @@ static struct argp_option options[]
  "path to a socket that will receive the ptmx end of the tty", 0 },
  { "file-locks", OPTION_FILE_LOCKS, 0, 0, "allow file locks", 0 },
  { "manage-cgroups-mode", OPTION_MANAGE_CGROUPS_MODE, "MODE", 0, "cgroups mode: 'soft' (default), 'ignore', 'full' and 'strict'", 0 },
+ { "lsm-profile", OPTION_LSM_PROFILE, "VALUE", 0, "Specify an LSM profile to be used during restore in the form of TYPE:NAME", 0 },
+ { "lsm-mount-context", OPTION_LSM_MOUNT_CONTEXT, "VALUE", 0, "Specify an LSM mount context to be used during restore", 0 },
  {
  0,
  } };
@@ -125,6 +129,14 @@ parse_opt (int key, char *arg, struct argp_state *state)
  cr_options.manage_cgroups_mode = crun_parse_manage_cgroups_mode (argp_mandatory_argument (arg, state));
  break;
 
+ case OPTION_LSM_PROFILE:
+ cr_options.lsm_profile = argp_mandatory_argument (arg, state);
+ break;
+
+ case OPTION_LSM_MOUNT_CONTEXT:
+ cr_options.lsm_mount_context = argp_mandatory_argument (arg, state);
+ break;
+
  default:
  return ARGP_ERR_UNKNOWN;
  }