Line 21: |
Line 21: |
| First, we create container: | | First, we create container: |
| | | |
− | $ docker run -d --name looper --security-opt seccomp:unconfined busybox \ | + | $ docker run -d --name looper busybox /bin/sh -c 'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done' |
− | /bin/sh -c 'i=0; while true; do echo $i; i=$(expr $i + 1); sleep 1; done'
| |
| | | |
| You can verify the container is running by printings its logs: | | You can verify the container is running by printings its logs: |
Line 59: |
Line 58: |
| | | |
| You should be able to print the logs from <code>looper-clone</code> and see that they start from wherever the logs of <code>looper</code> end. | | You should be able to print the logs from <code>looper-clone</code> and see that they start from wherever the logs of <code>looper</code> end. |
| + | |
| + | === Passing additional options === |
| + | |
| + | [[Configuration files]] can be used to set additional CRIU options when performing checkpoint/restore of Docker containers. These options should be added in the file <code>/etc/criu/runc.conf</code> (in order to '''overwrite''' the ones set by runc/Docker). Note that the options stored in <code>~/.criu/default.conf</code> or <code>/etc/criu/default.conf</code> will be '''overwritten''' by the ones set via [[RPC]] by Docker. |
| + | |
| + | For example, in order to checkpoint and restore a container with established TCP connections CRIU requires the <code>--tcp-established</code> option to be set. However, this option is set to false by default and it is currently not possible to change this behaviour via the command-line interface of Docker. This feature can be enabled by adding <code>tcp-established</code> in the file <code>/etc/criu/runc.conf</code>. Note that for this functionality to work, the version of [[https://github.com/opencontainers/runc runc]] must be recent enough to have the commit [[https://github.com/opencontainers/runc/commit/e157963054e1be28bcd6612f15df1ea561c62571 e157963]] applied. |
| + | |
| + | An alternative solution is to use [https://podman.io/ Podman] which has support to specify <code>--tcp-established</code> on the command-line. |
| | | |
| === Synopsis === | | === Synopsis === |
Line 95: |
Line 102: |
| === TTY === | | === TTY === |
| | | |
− | Checkpointing an interactive container is currently not supported. | + | Checkpointing an interactive container is supported by CRIU, runc and containerd, but not yet enabled in Docker. |
| + | (See [[https://github.com/moby/moby/pull/38405 PR 38405]] for more information.) |
| | | |
| === Seccomp === | | === Seccomp === |