[PATCH 1/1] cr: lsm: restore LSM contexts for ipc objects
James Morris
jmorris at namei.org
Sun Jun 21 22:37:45 PDT 2009
On Fri, 19 Jun 2009, Serge E. Hallyn wrote:
> Here is the next version of the patch implementing checkpoint
> and restore of LSM contexts. This is just handling IPC objects
> as a proof of concept. But actually, looking ahead and both
> files and tasks, I see that selinux stores several sids in the
> security structs. For instance, for tasks there is the current
> sid, exec sid, create sid, keycreate_sid, and sockcreate_sid.
> So I guess I'll have to ask the LSM for how many secids it wants
> to checkpoint, then checkpoint an array of contexts?
>
Can you please explain exactly what checkpoint/restart is?
--
James Morris
<jmorris at namei.org>
More information about the Containers
mailing list