[PATCH 1/1] cr: lsm: restore LSM contexts for ipc objects

Serge E. Hallyn serue at us.ibm.com
Fri Jun 19 18:32:16 PDT 2009


Here is the next version of the patch implementing checkpoint
and restore of LSM contexts.  This is just handling IPC objects
as a proof of concept.  But actually, looking ahead and both
files and tasks, I see that selinux stores several sids in the
security structs.  For instance, for tasks there is the current
sid, exec sid, create sid, keycreate_sid, and sockcreate_sid.
So I guess I'll have to ask the LSM for how many secids it wants
to checkpoint, then checkpoint an array of contexts?



More information about the Containers mailing list