Checkpoint and Restore of processes within kernel security mechanisms


One Line Summary

A discussion about what to do for c/r of LSMs, selinux, and user namespaces.


In this time slot we’ll talk about what’s needed to checkpoint and
restore processes using kernel security features like LSMs (AppArmor,
SELinux), seccomp (both STRICT and FILTER modes), and user namespaces.
We have initial basic support for some LSMs, but kernel work will be
needed to support seccomp and user namespaces.


containers, CRIU


  • Tycho Andersen

    Canonical Ltd.


    Tycho is a software engineer at Canonical actively working on several
    cloud-related projects. He holds degrees from the University of
    Wisconsin—Madison and Iowa State University, and has co-authored several
    peer-reviewed papers. In his spare time he collects programming languages, rides
    bicycles, and climbs mountains.