569
edits
Changes
mLine 31:
Line 31: − * [https://fosdem.org/2026/schedule/event/F9RANH-forensic-snapshots-in-kubernetes/ Investigating Security Incidents with Forensic Snapshots in Kubernetes] + + + Line 54:
Line 56: − − === Add support for memory compression === − − '''Summary:''' Support compression for page images − − We would like to support memory page files compression − in CRIU using one of the fastest algorithms (it's matter − of discussion which one to choose!). − − This task does not require any Linux kernel modifications − and scope is limited to CRIU itself. At the same time it's − complex enough as we need to touch memory dump/restore codepath − in CRIU and also handle many corner cases like page-server and stuff. − − '''Details:''' − * Skill level: intermediate − * Language: C − * Expected size: 350 hours − * Suggested by: Andrei Vagin <avagin@gmail.com> − * Mentors: Radostin Stoyanov <rstoyanov@fedoraproject.org>, Alexander Mikhalitsyn <alexander@mihalicyn.com>, Andrei Vagin <avagin@gmail.com> Line 133:
Line 115: + + + + + + + + + + + + + + + + + + + + + + + + + + +
no edit summary
'''Links:'''
'''Links:'''
* https://github.com/checkpoint-restore/checkpointctl
* https://github.com/checkpoint-restore/checkpointctl
* [https://fosdem.org/2026/events/attachments/F9RANH-forensic-snapshots-in-kubernetes/slides/266249/fosdem_2_4dh73ni.pdf Investigating Security Incidents with Forensic Snapshots in Kubernetes]
* [https://www.cncf.io/reports/cloud-native-security-whitepaper/ Cloud Native Security Whitepaper]
* [https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF Kubernetes Hardening Guide]
'''Details:'''
'''Details:'''
* Expected size: 350 hours
* Expected size: 350 hours
* Mentors: Radostin Stoyanov <rstoyanov@fedoraproject.org>, Adrian Reber <areber@redhat.com>
* Mentors: Radostin Stoyanov <rstoyanov@fedoraproject.org>, Adrian Reber <areber@redhat.com>
=== Files on detached mounts ===
=== Files on detached mounts ===
* Mentors: Radostin Stoyanov <rstoyanov@fedoraproject.org>, Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
* Mentors: Radostin Stoyanov <rstoyanov@fedoraproject.org>, Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
* Suggested by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
* Suggested by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
=== Add support for SCM_CREDENTIALS / SCM_PIDFD and friends ===
'''Summary:''' Support for SCM_CREDENTIALS / SCM_PIDFD
SCM_CREDENTIALS and SCM_PIDFD are types of SCM (Socket-level Control Messages). They play a crucial role
in systemd and many other user space applications. This project is about adding support for these
SCMs to be properly saved and restored back with CRIU. There is an existing code in OpenVZ CRIU fork,
see [1] and [2]. Goal would be first of all to properly port this code, cover with extensive tests and
ensure that SCM_PIDFD / SO_PEERPIDFD are handled correctly. Also we expect to cover things like
SO_PASSRIGHTS and SO_PASSPIDFD.
There is some extra source of complexity here pidfds can be "stale" (see PIDFD_STALE in Linux kernel)
and we need to ensure that we properly cover those cases.
'''Links:'''
* [1] openvz-criu https://bitbucket.org/openvz/criu.ovz/history-node/918653a0a343194385592d7b50b5bd7a8fbe1cc1/criu/sk-unix.c?at=hci-dev
* [2] openvz-criu https://bitbucket.org/openvz/criu.ovz/history-node/918653a0a343194385592d7b50b5bd7a8fbe1cc1/criu/sk-queue.c?at=hci-dev
* [3] Linux kernel https://github.com/torvalds/linux/commit/5e2ff6704a275be009be8979af17c52361b79b89
* [4] Linux kernel https://github.com/torvalds/linux/commit/c679d17d3f2d895b34e660673141ad250889831f
'''Details:'''
* Skill level: intermediate / advanced
* Language: C
* Expected size: 350 hours
* Suggested by: Alexander Mikhalitsyn <alexander@mihalicyn.com>
* Mentors: Andrei Vagin <avagin@gmail.com>, Alexander Mikhalitsyn <alexander@mihalicyn.com>
== Suspended project ideas ==
== Suspended project ideas ==