Changes

412 bytes added , 13:55, 7 April 2016

m

no edit summary

Line 9: Line 9:

* Added timeout for dump procedure (5 sec by default)

* Ability to override LSM profile on restore with CLI/RPC option

−

* [[External resources|External TTYs]]

* [[External bind mounts]] can be fs-root mounts too

* Skip netns' internals on dump and restore (for Docker [[integration]])

+

* Advanced support for [[external files]]

+

** [[External resources|External TTYs]]

* C/R for

** Mode and uid/gid of cgroup files and dirs

** Freeze cgroup state (frozen/thawed)

−

** Task's loginuid

+

** Task's loginuid and oom score

−

** Task's oom score

** Per-thread credentials

** Filter mode of seccomp

Line 23: Line 23:

** Binfmt-misc FS contents

** Netfilter conntracks and expectations

+

** Multi-headed cgroups

+

** CGroup namespaces (no nesting)

=== Optimizations/improvements ===

Line 31: Line 33:

* CRIT shows device numbers in "maj:min" manner

* CRIT shows mmap's status in verbose

−

*

+

* Docker files for builds on all supported arches

=== Fixes ===

Line 47: Line 49:

* CRIT didn't show IPC objects

* CRIT didn't convert IP addresses in images

+

* Logs from PIE code contained corrupted addresses and sizes

+

* Not loaded netfilter modules could cause dump/restore to stuck on dumping netlink socket

+

* Shared external mounts were restored with error

=== Security ===

* [[User-mode]]

+

* When checking for namespaces' CRIU entered userns with host creds

=== Deprecated/removed ===

* Completely removed 'show' action. Use [[CRIT]] instead.

Xemul

Bureaucrats, Administrators

2,257

edits

Changes

Download/criu/2.0 (edit)

Revision as of 13:55, 7 April 2016