Difference between revisions of "Download/criu/2.0"
Jump to navigation
Jump to search
(Created page with "{{Release|2.0|7 Mar 2016}} === New features === * 2.0 -- new code layout for sub-projects (e.g. [Compel]) * === Optimizations/improvements === * === Fixes === * === Secur...") |
m |
||
(14 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
=== New features === | === New features === | ||
− | * | + | * New code layout for sub-projects (e.g. [[Compel]]) |
− | * | + | * [[Unprivileged dump]] |
+ | * Dump/check cpuinfo support for PPC | ||
+ | * Explorers for [[CRIT]] | ||
+ | * Added "post-setup-namespaces" to [[action scripts]] | ||
+ | * Added timeout for dump procedure (5 sec by default) | ||
+ | * Ability to override LSM profile on restore with CLI/RPC option | ||
+ | * [[External bind mounts]] can be fs-root mounts too | ||
+ | * Skip netns' internals on dump and restore (for Docker [[integration]]) | ||
+ | * Advanced support for [[external files]] | ||
+ | ** [[External resources|External TTYs]] | ||
+ | * C/R for | ||
+ | ** Mode and uid/gid of cgroup files and dirs | ||
+ | ** Freeze cgroup state (frozen/thawed) | ||
+ | ** Task's loginuid and oom score | ||
+ | ** Per-thread credentials | ||
+ | ** Filter mode of seccomp | ||
+ | ** Ghost file in removed directory | ||
+ | ** Ghost files lutimes | ||
+ | ** Binfmt-misc FS contents | ||
+ | ** Netfilter conntracks and expectations | ||
+ | ** Multi-headed cgroups | ||
+ | ** CGroup namespaces (no nesting) | ||
=== Optimizations/improvements === | === Optimizations/improvements === | ||
− | * | + | * Align parasite stack on 16 bits for correctness |
+ | * Compilation with native libc syscall wrappers and helpers | ||
+ | * Parasite code injection done via memfd system call | ||
+ | * Make vaddr to pfn conversion with one less syscall | ||
+ | * CRIT shows device numbers in "maj:min" manner | ||
+ | * CRIT shows mmap's status in verbose | ||
+ | * Docker files for builds on all supported arches | ||
=== Fixes === | === Fixes === | ||
− | * | + | * Absent readlink syscall on ARM (use readlinkat instead) could cause dump to fail |
+ | * Wrong argument to timer_create system call could cause restore to crash | ||
+ | * Extra tasks in freeze cgroup caused dump to fail/hand/crash | ||
+ | * Unaligned restore-time object allocations caused lock operations to fail | ||
+ | * Opened /proc/pid dir of dead task failed the dump | ||
+ | * Unaligned stacks caused criu to fail on aarch64 | ||
+ | * Changed device numbers on restore side could cause random failures | ||
+ | * Fixes in mount points sharing/slavery/propagation restore | ||
+ | * Race between mntns creation and fds closing in different tasks could cause restore to fail | ||
+ | * Hard kernel limit on TCP repair recv queue restore could cause big queue restore to fail | ||
+ | * Unconnected dgram UNIX socket with data lost packets on restore | ||
+ | * CRIT didn't show IPC objects | ||
+ | * CRIT didn't convert IP addresses in images | ||
+ | * Logs from PIE code contained corrupted addresses and sizes | ||
+ | * Not loaded netfilter modules could cause dump/restore to stuck on dumping netlink socket | ||
+ | * Shared external mounts were restored with error | ||
=== Security === | === Security === | ||
− | * | + | * [[User-mode]] |
+ | * When checking for namespaces' CRIU entered userns with host creds | ||
+ | |||
+ | === Deprecated/removed === | ||
+ | * Completely removed 'show' action. Use [[CRIT]] instead. |
Latest revision as of 13:55, 7 April 2016
Tarball: | criu-2.0.tar.bz2 |
Version: | 2.0 |
Released: | 7 Mar 2016 |
GIT tag: | v2.0 |
New features[edit]
- New code layout for sub-projects (e.g. Compel)
- Unprivileged dump
- Dump/check cpuinfo support for PPC
- Explorers for CRIT
- Added "post-setup-namespaces" to action scripts
- Added timeout for dump procedure (5 sec by default)
- Ability to override LSM profile on restore with CLI/RPC option
- External bind mounts can be fs-root mounts too
- Skip netns' internals on dump and restore (for Docker integration)
- Advanced support for external files
- C/R for
- Mode and uid/gid of cgroup files and dirs
- Freeze cgroup state (frozen/thawed)
- Task's loginuid and oom score
- Per-thread credentials
- Filter mode of seccomp
- Ghost file in removed directory
- Ghost files lutimes
- Binfmt-misc FS contents
- Netfilter conntracks and expectations
- Multi-headed cgroups
- CGroup namespaces (no nesting)
Optimizations/improvements[edit]
- Align parasite stack on 16 bits for correctness
- Compilation with native libc syscall wrappers and helpers
- Parasite code injection done via memfd system call
- Make vaddr to pfn conversion with one less syscall
- CRIT shows device numbers in "maj:min" manner
- CRIT shows mmap's status in verbose
- Docker files for builds on all supported arches
Fixes[edit]
- Absent readlink syscall on ARM (use readlinkat instead) could cause dump to fail
- Wrong argument to timer_create system call could cause restore to crash
- Extra tasks in freeze cgroup caused dump to fail/hand/crash
- Unaligned restore-time object allocations caused lock operations to fail
- Opened /proc/pid dir of dead task failed the dump
- Unaligned stacks caused criu to fail on aarch64
- Changed device numbers on restore side could cause random failures
- Fixes in mount points sharing/slavery/propagation restore
- Race between mntns creation and fds closing in different tasks could cause restore to fail
- Hard kernel limit on TCP repair recv queue restore could cause big queue restore to fail
- Unconnected dgram UNIX socket with data lost packets on restore
- CRIT didn't show IPC objects
- CRIT didn't convert IP addresses in images
- Logs from PIE code contained corrupted addresses and sizes
- Not loaded netfilter modules could cause dump/restore to stuck on dumping netlink socket
- Shared external mounts were restored with error
Security[edit]
- User-mode
- When checking for namespaces' CRIU entered userns with host creds
Deprecated/removed[edit]
- Completely removed 'show' action. Use CRIT instead.