278
edits
Changes
mLine 1:
Line 1: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 52:
Line 90: + + + + + + + + + + + + + + +
Add support for memfd_secret file descriptors
=== Add support for memfd_secret file descriptors ===
'''Summary:''' Support C/R of memfd_secret descriptors
There is memfd_secret syscall which allows user to open
special memfd which is backed by special memory range which
is inaccessible by another processes (and the kernel too!).
At the moment CRIU can't dump processes that have memfd_secret's opened.
'''Links:'''
* https://lwn.net/Articles/865256/
* https://warusadura.github.io/gsoc23-final-report.html
* https://github.com/checkpoint-restore/criu/pull/2247
'''Details:'''
* Skill level: intermediate
* Language: C
* Expected size: 350 hours
* Mentors: Alexander Mikhalitsyn <alexander@mihalicyn.com>, Mike Rapoport <mike.rapoport@gmail.com>
* Suggested by: Alexander Mikhalitsyn <alexander@mihalicyn.com>
=== Forensic analysis of container checkpoints ===
'''Summary:''' Extending go-crit with capabilities for forensic analysis
'''Merged:''' https://github.com/checkpoint-restore/checkpointctl
The go-crit tool was created during GSoC 2022 to enable analysis of CRIU [[images]] with tools written in Go. It allows container management tools such as [https://github.com/checkpoint-restore/checkpointctl checkpointctl] and Podman to provide capabilities similar to CRIT. The goal of this project is to extend go-crit with functionality for forensic analysis of container checkpoints to provide a better user experience.
The go-crit tool is still in its early stages of development. To effectively utilise this new feature, the checkpointctl tool would be extended to display information about the processes included in a container checkpoint and their runtime state (e.g., memory, open files, sockets, etc).
'''Links:'''
* https://criu.org/CRIT_(Go_library)
* https://github.com/checkpoint-restore/go-criu/tree/master/crit
* https://kubernetes.io/blog/2022/12/05/forensic-container-checkpointing-alpha/
=== Restrict checks for open/mmaped files ===
=== Restrict checks for open/mmaped files ===
* [[CRIT (Go library)]]
* [[CRIT (Go library)]]
* https://github.com/snprajwal/gsoc-2022
* https://github.com/snprajwal/gsoc-2022
=== Support sparse ghosts ===
'''Summary:''' While sparse ghost files were in part supported for quiet some time, we still was not able to handle big sparse ghost files and highly fragmented sparse ghost files effectively.
'''Merged:''' https://github.com/checkpoint-restore/criu/pull/1944 https://github.com/checkpoint-restore/criu/pull/1963
When criu dumps processes it also dumps files that are opened by them. It does this by saving file names by which the files are accessible. But sometimes files can have no names. It may happen if a task opened a file and then removed it. To dump this file criu cannot save its name (because the name doesn't exist). Instead criu saves the whole file. This is called "ghost file". Since saving the whole file is very expensive (copying lots of data on disk) criu limits the maximum size of a ghost file. The latter is also not good, because there are "sparse" files, that are large in size, but may be small from the real disk usage perspective. The goal of the task is to support sparse ghost files, i.e. limit the size of the ghost not by its length but by disk usage and when copying the data detect the used blocks and save only those.
'''Links:'''
*[https://en.wikipedia.org/wiki/Sparse_file Sparse files]
*[[Dumping files]]
*[[Invisible files]]
*[https://www.kernel.org/doc/html/latest/filesystems/fiemap.html Fiemap ioctl]
[[Category:GSoC]]
[[Category:GSoC]]