Tarball: | criu-1.4.tar.bz2 |
Version: | 1.4 |
Released: | 1 Dec 2014 |
GIT tag: | v1.4 |
New features
- Dump and check cpuinfo. Needed to make sure CPU is capable to run the images after restore, e.g. during live migration
- Initial support for user namespaces
- Use memfd to restore shared memory segments
- New (slightly faster) API for mm stuff restore via prctl
- [UG]ID-s are dumped from parasite, not from /proc files
- The docker_cr.sh script to show how Docker container C/R should (will) look like
- New API for writing plugins (old one is still possible)
- Service workers change their title to better look in ps output
- Ability to feed socket for pre-dump and page-server in swrk mode
- Page-server can auto-bind its port
- Ability to perform several actions during one connection to RPC service
- C/R of opened /proc/$pid/foo files of dead tasks
- C/R of /dev/console
- C/R of virtualized devtmpfs (openvz and future upstream kernels)
- C/R of empty mqueue fs (posix message queues)
- C/R of shared bind-mounts
Optimizations
- BFD engine
- Faster that glibc's FILE * buffered read from /proc files
- Buffered image files IO
- Faster parasite/restorer unload
- Use HW breakpoints
- Less ptrace GETREGS calls sometimes
- Wake pie after sending the FINI command to socket
- Merged some pairs of images into one
- eventpoll and -tfd
- inotify and -wd
- fsnotify and -mark
- Less setns()-s on dump is much faster on older kernels
- Faster access to /proc/self files -- cached fd of /proc/self and openat(this_cache)
Fixes
- Sibling restore mode didn't set up CRIU signals properly
- Unpredictable sibling/child root task restore. Fixed with explicit CLI option
- Validation for leaf mount points was skipped
- Mount options were corrupted on dump, which resulted in errors bind mounts detection
- Uninitialized properties of some cgroups prevented moving tasks into them (e.g. empty cpuset masks and low memcg limit)
- File locks could belong to task with different pid (inherited on fork) blocked the dump
- Bogus error printed in logs about SIGCHLD catch (was caused by thread dump using traps)
- Irmap engine accessed freed root_task on pre-dump
- Restore of net namespace could always fail (pid mismatch on fork) if kernel thread was created on netns setup
- Cgroups service descriptor was closed too early and failed restore
- Auto-loaded *diag modules caused audit netlink socket to contain data on dump (dump fails in this case)
- The "(deleted)" prefix accumulated in unlinked files while doing C/R
- The devpts filesystem and ptmx file were only dumped when found on /dev/pts and /dev respectively
- Data in netlink socket and fanotify was lost after C/R (now dump is aborted if data found in it)
- Fanotify mark was restore in different mount namespace
- Images were writable by group. Not secure when user-dump was requested
- Rootfs has parent id equal to self. CRIU didn't expect this and failed the dump
- Shared mount of the --root path failed the restore
- Absence (e.g. not compiled in) of any namespace in the kernel failed the dump
- Page-server incremental dump didn't detect new tasks properly and failed the stage
- Big TCP queues sometimes failed to get restored