Changes

3,090 bytes added ,  18:11, 11 November 2014
Created page with "{{Release|1.4|1 Dec 2014}} === New features === * Dump and check cpuinfo (needed to make sure CPU is capable to run the images after restore) * Initial support for [[user..."
{{Release|1.4|1 Dec 2014}}

=== New features ===
* Dump and check [[cpuinfo]] (needed to make sure CPU is capable to run the images after restore)
* Initial support for [[userns|user namespaces]]
** Use memfd to restore shared memory segments
** New (slightly faster) API for mm stuff restore via prctl
** [UG]ID-s are dumped from parasite, not from /proc files
* The docker_cr.sh script to show how Docker container C/R should (will) look like
* New API for writing [[plugins]] (old one is still possible))
* C/R of opened /proc/$pid/foo files of dead tasks
* Service workers change their title to better look in ps output
* Ability to feed socket for pre-dump and page-server in swrk mode
* Page-server can auto-bind its port
* Ability to perform several actions during one connection to RPC service
* Support C/R of /dev/console
* Virtualized devtmpfs C/R (openvz and future upstream kernels)
* C/R of empty mqueue fs (posix message queues)

=== Optimizations ===
* BFD engine
** Faster that glibc's FILE * buffered read from /proc files
** Buffered image files IO
* Faster parasite/restorer unload
** Use HW breakpoints
** Less ptrace GETREGS calls sometimes
** Wake pie after sending the FINI command to socket
* Merged some pairs of images into one
** eventpoll and -tfd
** inotify and -wd
** fsnotify and -mark
* Less setns()-s on dump is much faster on older kernels
* Faster access to /proc/self files -- cached fd of /proc/self and openat(this_cache)

=== Fixes ===
* Sibling restore mode didn't set up CRIU signals properly
* Unpredictable sibling/child root task restore. Fixed with explicit CLI option
* Validation for leaf mount points was skipped
* Mount options were corrupted on dump, which resulted in errors bind mounts detection
* Uninitialized properties of some cgroups prevented moving tasks into them (e.g. empty cpuset masks and low memcg limit)
* File locks could belong to task with different pid (inherited on fork) blocked the dump
* Bogus error printed in logs about SIGCHLD catch (was caused by thread dump using traps)
* Irmap engine accessed freed root_task on pre-dump
* Restore of net namespace could always fail (pid mismatch on fork) if kernel thread was created on netns setup
* Cgroups service descriptor was closed too early and failed restore
* Auto-loaded *diag modules caused audit netlink socket to contain data on dump (dump fails in this case)
* The "(deleted)" prefix accumulated in unlinked files while doing C/R
* The devpts filesystem and ptmx file were only dumped when found on /dev/pts and /dev respectively
* Data in netlink socket and fanotify was lost after C/R (now dump is aborted if data found in it)
* Fanotify mark was restore in different mount namespace
* Images were writable by group. Not secure when user-dump was requested
* Rootfs has parent id equal to self. CRIU didn't expect this and failed the dump
* Shared mount of the --root path failed the restore
* Absence (e.g. not compiled in) of any namespace in the kernel failed the dump
* Page-server incremental dump didn't detect new tasks properly and failed the stage