Changes

178 bytes added ,  10:07, 17 November 2015
no edit summary
Line 15: Line 15:  
** ignore_routes_with_linkdown netns devconf
 
** ignore_routes_with_linkdown netns devconf
 
** empty bridges in netns
 
** empty bridges in netns
 +
** FILTER mode of seccomp
    
=== Optimizations/improvements ===
 
=== Optimizations/improvements ===
Line 27: Line 28:  
* Read pages.img in more optimal manner rather than page-by-page
 
* Read pages.img in more optimal manner rather than page-by-page
 
* Less "Error"-s in logs, that actually don't lead to errors
 
* Less "Error"-s in logs, that actually don't lead to errors
 +
* Slightly faster /proc/pid/status parsing
 +
* Dead/live-locks on internal criu locks now emits a warning into logs
    
=== Fixes ===
 
=== Fixes ===
Line 51: Line 54:  
* Controlling tty could be restored on wrong tty end
 
* Controlling tty could be restored on wrong tty end
 
* Tmpfs mount of sub-namespace was restored from wrong image file
 
* Tmpfs mount of sub-namespace was restored from wrong image file
 +
* Potential stack overflow in libcriu
    
=== Security ===
 
=== Security ===
 
* Service run as root could allow users to violate ptrace policies
 
* Service run as root could allow users to violate ptrace policies
 
* Service run as root could give users access to privileged files and directories
 
* Service run as root could give users access to privileged files and directories