CRIU

Changes

Download/criu/1.8 (edit)

Revision as of 09:49, 23 November 2015

201 bytes added ,  09:49, 23 November 2015
no edit summary
Line 16: Line 16:  
** empty bridges in netns
 
** empty bridges in netns
 
** FILTER mode of seccomp
 
** FILTER mode of seccomp
 +
** IP_FREEBIND socket option
    
=== Optimizations/improvements ===
 
=== Optimizations/improvements ===
Line 60: Line 61:  
* Post-restore actions could generate stats files in wrong directories
 
* Post-restore actions could generate stats files in wrong directories
 
* Freeze-cgroup didn't take sub-cgroups' tasks into account
 
* Freeze-cgroup didn't take sub-cgroups' tasks into account
 +
* Tentative state in IPv6 sockets binding prevented socket from being bound immediately
 +
* Restoring from images with files pointing to /proc file of dead tasks could crash
    
=== Security ===
 
=== Security ===
 
* Service run as root could allow users to violate ptrace policies
 
* Service run as root could allow users to violate ptrace policies
 
* Service run as root could give users access to privileged files and directories
 
* Service run as root could give users access to privileged files and directories
Retrieved from "https://criu.org/Special:MobileDiff/2684"