Line 16: |
Line 16: |
| ** empty bridges in netns | | ** empty bridges in netns |
| ** FILTER mode of seccomp | | ** FILTER mode of seccomp |
| + | ** IP_FREEBIND socket option |
| | | |
| === Optimizations/improvements === | | === Optimizations/improvements === |
Line 55: |
Line 56: |
| * Tmpfs mount of sub-namespace was restored from wrong image file | | * Tmpfs mount of sub-namespace was restored from wrong image file |
| * Potential stack overflow in libcriu | | * Potential stack overflow in libcriu |
| + | * Partially-restored tasks could be left after failed restore |
| + | * In-container TCP connection sometimes failed to restore |
| + | * Race in sending SIGSTOP vs dump might cause dump to fail |
| + | * Post-restore actions could generate stats files in wrong directories |
| + | * Freeze-cgroup didn't take sub-cgroups' tasks into account |
| + | * Tentative state in IPv6 sockets binding prevented socket from being bound immediately |
| + | * Restoring from images with files pointing to /proc file of dead tasks could crash |
| + | * Tasks with STOP in queue (i.e. -- not ''yet'' stopped) were CONT-ed in case of --leave-running dump |
| + | * Stopped task with one more STOP in queue caused dump to stuck |
| + | * If parent task left the MNT namespace it created for children restore could BUG() |
| + | * Link-local IPv6 addresses sometimes failed to bind() at restore |
| | | |
| === Security === | | === Security === |
| * Service run as root could allow users to violate ptrace policies | | * Service run as root could allow users to violate ptrace policies |
| * Service run as root could give users access to privileged files and directories | | * Service run as root could give users access to privileged files and directories |