2,257
edits
Changes
Jump to navigation
Jump to search
Line 15:
Line 15: + Line 27:
Line 28: + + Line 51:
Line 54: +
no edit summary
** ignore_routes_with_linkdown netns devconf
** ignore_routes_with_linkdown netns devconf
** empty bridges in netns
** empty bridges in netns
** FILTER mode of seccomp
=== Optimizations/improvements ===
=== Optimizations/improvements ===
* Read pages.img in more optimal manner rather than page-by-page
* Read pages.img in more optimal manner rather than page-by-page
* Less "Error"-s in logs, that actually don't lead to errors
* Less "Error"-s in logs, that actually don't lead to errors
* Slightly faster /proc/pid/status parsing
* Dead/live-locks on internal criu locks now emits a warning into logs
=== Fixes ===
=== Fixes ===
* Controlling tty could be restored on wrong tty end
* Controlling tty could be restored on wrong tty end
* Tmpfs mount of sub-namespace was restored from wrong image file
* Tmpfs mount of sub-namespace was restored from wrong image file
* Potential stack overflow in libcriu
=== Security ===
=== Security ===
* Service run as root could allow users to violate ptrace policies
* Service run as root could allow users to violate ptrace policies
* Service run as root could give users access to privileged files and directories
* Service run as root could give users access to privileged files and directories