Line 4: |
Line 4: |
| * Ability to check CRIU features via [[RPC]] | | * Ability to check CRIU features via [[RPC]] |
| * New zdtm.py test suite | | * New zdtm.py test suite |
− | * C/R of read-only bind mounts
| |
− | * C/R of IPv6 routes and iptables rules
| |
− | * C/R of ip rules (it ip tool supports such)
| |
| * Pre-dump and pre-restore [[action scripts]] | | * Pre-dump and pre-restore [[action scripts]] |
| * The "info" action in [[CRIT]] showing stats about image file | | * The "info" action in [[CRIT]] showing stats about image file |
Line 12: |
Line 9: |
| * Python API -- pycriu | | * Python API -- pycriu |
| * Ability to add custom paths to irmap scan | | * Ability to add custom paths to irmap scan |
− | * C/R of ignore_routes_with_linkdown netns devconf | + | * C/R of |
| + | ** read-only bind mounts |
| + | ** IPv6 routes and iptables rules |
| + | ** ip rules (it ip tool supports such) |
| + | ** ignore_routes_with_linkdown netns devconf |
| + | ** empty bridges in netns |
| + | ** FILTER mode of seccomp |
| + | ** IP_FREEBIND socket option |
| | | |
| === Optimizations/improvements === | | === Optimizations/improvements === |
Line 24: |
Line 28: |
| * Improved page-server dump speed by keeping control over the Nagle algorithm | | * Improved page-server dump speed by keeping control over the Nagle algorithm |
| * Read pages.img in more optimal manner rather than page-by-page | | * Read pages.img in more optimal manner rather than page-by-page |
| + | * Less "Error"-s in logs, that actually don't lead to errors |
| + | * Slightly faster /proc/pid/status parsing |
| + | * Dead/live-locks on internal criu locks now emits a warning into logs |
| | | |
| === Fixes === | | === Fixes === |
Line 45: |
Line 52: |
| * Unsupported filesystems silently failed the dump | | * Unsupported filesystems silently failed the dump |
| * External tmpfs (and some other) mounts generated tarballs with their contents | | * External tmpfs (and some other) mounts generated tarballs with their contents |
| + | * Privately mapped files were picked from wrong mount namespace |
| + | * Controlling tty could be restored on wrong tty end |
| + | * Tmpfs mount of sub-namespace was restored from wrong image file |
| + | * Potential stack overflow in libcriu |
| + | * Partially-restored tasks could be left after failed restore |
| + | * In-container TCP connection sometimes failed to restore |
| + | * Race in sending SIGSTOP vs dump might cause dump to fail |
| + | * Post-restore actions could generate stats files in wrong directories |
| + | * Freeze-cgroup didn't take sub-cgroups' tasks into account |
| + | * Tentative state in IPv6 sockets binding prevented socket from being bound immediately |
| + | * Restoring from images with files pointing to /proc file of dead tasks could crash |
| + | * Tasks with STOP in queue (i.e. -- not ''yet'' stopped) were CONT-ed in case of --leave-running dump |
| + | * Stopped task with one more STOP in queue caused dump to stuck |
| + | * If parent task left the MNT namespace it created for children restore could BUG() |
| + | * Link-local IPv6 addresses sometimes failed to bind() at restore |
| | | |
| === Security === | | === Security === |
| * Service run as root could allow users to violate ptrace policies | | * Service run as root could allow users to violate ptrace policies |
| * Service run as root could give users access to privileged files and directories | | * Service run as root could give users access to privileged files and directories |