2,257
edits
Changes
Jump to navigation
Jump to search
mLine 2:
Line 2: − + + − + − + + + + + + + + + + + + + + + + + + + − + + + + + + + − + + + + + + + + + + + + + + + + − + + − +
no edit summary
=== New features ===
=== New features ===
* 2.0 -- new code layout for sub-projects (e.g. [Compel])
* New code layout for sub-projects (e.g. [[Compel]])
* [[Unprivileged dump]]
* Dump/check cpuinfo support for PPC
* Dump/check cpuinfo support for PPC
* Explorers for [CRIT]
* Explorers for [[CRIT]]
* Added "post-setup-namespaces" to [action scripts]
* Added "post-setup-namespaces" to [[action scripts]]
* Added timeout for dump procedure (5 sec by default)
* Ability to override LSM profile on restore with CLI/RPC option
* [[External bind mounts]] can be fs-root mounts too
* Skip netns' internals on dump and restore (for Docker [[integration]])
* Advanced support for [[external files]]
** [[External resources|External TTYs]]
* C/R for
** Mode and uid/gid of cgroup files and dirs
** Freeze cgroup state (frozen/thawed)
** Task's loginuid and oom score
** Per-thread credentials
** Filter mode of seccomp
** Ghost file in removed directory
** Ghost files lutimes
** Binfmt-misc FS contents
** Netfilter conntracks and expectations
** Multi-headed cgroups
** CGroup namespaces (no nesting)
=== Optimizations/improvements ===
=== Optimizations/improvements ===
*
* Align parasite stack on 16 bits for correctness
* Compilation with native libc syscall wrappers and helpers
* Parasite code injection done via memfd system call
* Make vaddr to pfn conversion with one less syscall
* CRIT shows device numbers in "maj:min" manner
* CRIT shows mmap's status in verbose
* Docker files for builds on all supported arches
=== Fixes ===
=== Fixes ===
*
* Absent readlink syscall on ARM (use readlinkat instead) could cause dump to fail
* Wrong argument to timer_create system call could cause restore to crash
* Extra tasks in freeze cgroup caused dump to fail/hand/crash
* Unaligned restore-time object allocations caused lock operations to fail
* Opened /proc/pid dir of dead task failed the dump
* Unaligned stacks caused criu to fail on aarch64
* Changed device numbers on restore side could cause random failures
* Fixes in mount points sharing/slavery/propagation restore
* Race between mntns creation and fds closing in different tasks could cause restore to fail
* Hard kernel limit on TCP repair recv queue restore could cause big queue restore to fail
* Unconnected dgram UNIX socket with data lost packets on restore
* CRIT didn't show IPC objects
* CRIT didn't convert IP addresses in images
* Logs from PIE code contained corrupted addresses and sizes
* Not loaded netfilter modules could cause dump/restore to stuck on dumping netlink socket
* Shared external mounts were restored with error
=== Security ===
=== Security ===
*
* [[User-mode]]
* When checking for namespaces' CRIU entered userns with host creds
=== Deprecated/removed ===
=== Deprecated/removed ===
* Completely removed 'show' action. Use [CRIT] instead.
* Completely removed 'show' action. Use [[CRIT]] instead.