327
edits
Changes
mLine 1:
Line 1: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 54:
Line 92: + +
Add support for memfd_secret file descriptors
=== Add support for memfd_secret file descriptors ===
'''Summary:''' Support C/R of memfd_secret descriptors
There is memfd_secret syscall which allows user to open
special memfd which is backed by special memory range which
is inaccessible by another processes (and the kernel too!).
At the moment CRIU can't dump processes that have memfd_secret's opened.
'''Links:'''
* https://lwn.net/Articles/865256/
* https://warusadura.github.io/gsoc23-final-report.html
* https://github.com/checkpoint-restore/criu/pull/2247
'''Details:'''
* Skill level: intermediate
* Language: C
* Expected size: 350 hours
* Mentors: Alexander Mikhalitsyn <alexander@mihalicyn.com>, Mike Rapoport <mike.rapoport@gmail.com>
* Suggested by: Alexander Mikhalitsyn <alexander@mihalicyn.com>
=== Forensic analysis of container checkpoints ===
'''Summary:''' Extending go-crit with capabilities for forensic analysis
'''Merged:''' https://github.com/checkpoint-restore/checkpointctl
The go-crit tool was created during GSoC 2022 to enable analysis of CRIU [[images]] with tools written in Go. It allows container management tools such as [https://github.com/checkpoint-restore/checkpointctl checkpointctl] and Podman to provide capabilities similar to CRIT. The goal of this project is to extend go-crit with functionality for forensic analysis of container checkpoints to provide a better user experience.
The go-crit tool is still in its early stages of development. To effectively utilise this new feature, the checkpointctl tool would be extended to display information about the processes included in a container checkpoint and their runtime state (e.g., memory, open files, sockets, etc).
'''Links:'''
* https://criu.org/CRIT_(Go_library)
* https://github.com/checkpoint-restore/go-criu/tree/master/crit
* https://kubernetes.io/blog/2022/12/05/forensic-container-checkpointing-alpha/
=== Restrict checks for open/mmaped files ===
=== Restrict checks for open/mmaped files ===
=== Support sparse ghosts ===
=== Support sparse ghosts ===
'''Summary:''' While sparse ghost files were in part supported for quiet some time, we still was not able to handle big sparse ghost files and highly fragmented sparse ghost files effectively.
'''Merged:''' https://github.com/checkpoint-restore/criu/pull/1944 https://github.com/checkpoint-restore/criu/pull/1963
'''Merged:''' https://github.com/checkpoint-restore/criu/pull/1944 https://github.com/checkpoint-restore/criu/pull/1963