Jump to: navigation, search


485 bytes added, 13:55, 7 April 2016
no edit summary
* Added timeout for dump procedure (5 sec by default)
* Ability to override LSM profile on restore with CLI/RPC option
* [[External resources|External TTYs]]
* [[External bind mounts]] can be fs-root mounts too
* Skip netns' internals on dump and restore (for Docker [[integration]])
* Advanced support for [[external files]]
** [[External resources|External TTYs]]
* C/R for
** Mode and uid/gid of cgroup files and dirs
** Freeze cgroup state (frozen/thawed)
** Task's loginuid** Task's and oom score
** Per-thread credentials
** Filter mode of seccomp
** Binfmt-misc FS contents
** Netfilter conntracks and expectations
** Multi-headed cgroups
** CGroup namespaces (no nesting)
=== Optimizations/improvements ===
* CRIT shows device numbers in "maj:min" manner
* CRIT shows mmap's status in verbose
* Docker files for builds on all supported arches
=== Fixes ===
* CRIT didn't show IPC objects
* CRIT didn't convert IP addresses in images
* Logs from PIE code contained corrupted addresses and sizes
* Not loaded netfilter modules could cause dump/restore to stuck on dumping netlink socket
* Shared external mounts were restored with error
=== Security ===
* [[User-mode]]
* When checking for namespaces' CRIU entered userns with host creds
=== Deprecated/removed ===
* Completely removed 'show' action. Use [[CRIT]] instead.

Navigation menu