diff options
author | Tycho Andersen <tycho.andersen@canonical.com> | 2016-02-17 08:03:00 +0300 |
---|---|---|
committer | Pavel Emelyanov <xemul@virtuozzo.com> | 2016-02-17 13:46:55 +0300 |
commit | a98014f306be4b4fefdf01af31e1efa5d83e5e4f (patch) | |
tree | 29920d171631f8dd8bd7bdbda9399c0143f8be05 /images | |
parent | 1741438f81a1de5ca7c0146bd7451a5a39a38fee (diff) |
seccomp: add a --no-seccomp option to disable dumping seccomp
Sometimes we may want to use CRIU on older kernels which don't support
dumping seccomp state where we don't actually care about the seccomp state.
Of course this is unsafe, but it does allow for c/r of things using
seccomp on these older kernels in some cases. When the task is in
SECCOMP_MODE_STRICT or SECCOMP_MODE_FILTER with filters that block the
syscalls criu's parasite code needs, the dump will still fail.
Note that we disable seccomp by simply feigning that we are in mode 0. This
is a little hacky, but avoids distributing ifs throughout the code and
keeps them in this one place.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
CC: Saied Kazemi <saied@google.com>
Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
Diffstat (limited to 'images')
-rw-r--r-- | images/rpc.proto | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/images/rpc.proto b/images/rpc.proto index fac4b9fa0..34fa98844 100644 --- a/images/rpc.proto +++ b/images/rpc.proto @@ -90,6 +90,7 @@ message criu_opts { repeated string irmap_scan_paths = 36; repeated string external = 37; optional uint32 empty_ns = 38; + optional bool no_seccomp = 39; } message criu_dump_resp { |