seccomp: add a --no-seccomp option to disable dumping seccomp

Sometimes we may want to use CRIU on older kernels which don't support dumping seccomp state where we don't actually care about the seccomp state. Of course this is unsafe, but it does allow for c/r of things using seccomp on these older kernels in some cases. When the task is in SECCOMP_MODE_STRICT or SECCOMP_MODE_FILTER with filters that block the syscalls criu's parasite code needs, the dump will still fail. Note that we disable seccomp by simply feigning that we are in mode 0. This is a little hacky, but avoids distributing ifs throughout the code and keeps them in this one place. Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com> CC: Saied Kazemi <saied@google.com> Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
author: Tycho Andersen <tycho.andersen@canonical.com> 2016-02-17 08:03:00 +0300
committer: Pavel Emelyanov <xemul@virtuozzo.com> 2016-02-17 13:46:55 +0300
commit: a98014f306be4b4fefdf01af31e1efa5d83e5e4f (patch)
tree: 29920d171631f8dd8bd7bdbda9399c0143f8be05 /images
parent: 1741438f81a1de5ca7c0146bd7451a5a39a38fee (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/images/rpc.proto b/images/rpc.proto
index fac4b9fa0..34fa98844 100644
--- a/images/rpc.proto
+++ b/images/rpc.proto
@@ -90,6 +90,7 @@ message criu_opts {
 	repeated string			irmap_scan_paths = 36;
 	repeated string			external	= 37;
 	optional uint32			empty_ns	= 38;
+	optional bool			no_seccomp	= 39;
 }
 
 message criu_dump_resp {
author	Tycho Andersen <tycho.andersen@canonical.com>	2016-02-17 08:03:00 +0300
committer	Pavel Emelyanov <xemul@virtuozzo.com>	2016-02-17 13:46:55 +0300
commit	a98014f306be4b4fefdf01af31e1efa5d83e5e4f (patch)
tree	29920d171631f8dd8bd7bdbda9399c0143f8be05 /images
parent	1741438f81a1de5ca7c0146bd7451a5a39a38fee (diff)