Changes

1,005 bytes added , 08:51, 30 November 2015

no edit summary

Line 15: Line 15:

** ignore_routes_with_linkdown netns devconf

** empty bridges in netns

+

** FILTER mode of seccomp

+

** IP_FREEBIND socket option

=== Optimizations/improvements ===

Line 27: Line 29:

* Read pages.img in more optimal manner rather than page-by-page

* Less "Error"-s in logs, that actually don't lead to errors

+

* Slightly faster /proc/pid/status parsing

+

* Dead/live-locks on internal criu locks now emits a warning into logs

=== Fixes ===

Line 51: Line 55:

* Controlling tty could be restored on wrong tty end

* Tmpfs mount of sub-namespace was restored from wrong image file

+

* Potential stack overflow in libcriu

+

* Partially-restored tasks could be left after failed restore

+

* In-container TCP connection sometimes failed to restore

+

* Race in sending SIGSTOP vs dump might cause dump to fail

+

* Post-restore actions could generate stats files in wrong directories

+

* Freeze-cgroup didn't take sub-cgroups' tasks into account

+

* Tentative state in IPv6 sockets binding prevented socket from being bound immediately

+

* Restoring from images with files pointing to /proc file of dead tasks could crash

+

* Tasks with STOP in queue (i.e. -- not ''yet'' stopped) were CONT-ed in case of --leave-running dump

+

* Stopped task with one more STOP in queue caused dump to stuck

+

* If parent task left the MNT namespace it created for children restore could BUG()

+

* Link-local IPv6 addresses sometimes failed to bind() at restore

=== Security ===

* Service run as root could allow users to violate ptrace policies

* Service run as root could give users access to privileged files and directories

Xemul

Bureaucrats, Administrators

2,257

edits

Changes

Download/criu/1.8 (edit)

Revision as of 08:51, 30 November 2015

Navigation menu

Search