CRIU 2.0 发布 功能得以完善
欢迎加入运维网交流群:263444886CRIU 2.0发布,我们重组了criu-2的所有代码,新功能得以完善,漏洞得到修复。
更新日志:
[*] New code layout for sub-projects (e.g. Compel)
[*] Unprivileged dump
[*] Dump/check cpuinfo support for PPC
[*] Explorers for CRIT
[*] Added "post-setup-namespaces" to action scripts
[*] Added timeout for dump procedure (5 sec by default)
[*] Ability to override LSM profile on restore with CLI/RPC option
[*] External bind mounts can be fs-root mounts too
[*] Skip netns' internals on dump and restore (for Docker integration)
[*] Advanced support for external files
[*] External TTYs
[*] C/R for
[*] Mode and uid/gid of cgroup files and dirs
[*] Freeze cgroup state (frozen/thawed)
[*] Task's loginuid and oom score
[*] Per-thread credentials
[*] Filter mode of seccomp
[*] Ghost file in removed directory
[*] Ghost files lutimes
[*] Binfmt-misc FS contents
[*] Netfilter conntracks and expectations
[*] Multi-headed cgroups
[*] CGroup namespaces (no nesting)
优化/提高:
[*] Align parasite stack on 16 bits for correctness
[*] Compilation with native libc syscall wrappers and helpers
[*] Parasite code injection done via memfd system call
[*] Make vaddr to pfn conversion with one less syscall
[*] CRIT shows device numbers in "maj:min" manner
[*] CRIT shows mmap's status in verbose
[*] Docker files for builds on all supported arches
修复:
[*] Absent readlink syscall on ARM (use readlinkat instead) could cause dump to fail
[*] Wrong argument to timer_create system call could cause restore to crash
[*] Extra tasks in freeze cgroup caused dump to fail/hand/crash
[*] Unaligned restore-time object allocations caused lock operations to fail
[*] Opened /proc/pid dir of dead task failed the dump
[*] Unaligned stacks caused criu to fail on aarch64
[*] Changed device numbers on restore side could cause random failures
[*] Fixes in mount points sharing/slavery/propagation restore
[*] Race between mntns creation and fds closing in different tasks could cause restore to fail
[*] Hard kernel limit on TCP repair recv queue restore could cause big queue restore to fail
[*] Unconnected dgram UNIX socket with data lost packets on restore
[*] CRIT didn't show IPC objects
[*] CRIT didn't convert IP addresses in images
[*]
Logs from PIE code contained corrupted addresses and>
[*] Not loaded netfilter modules could cause dump/restore to stuck on dumping netlink socket
[*] Shared external mounts were restored with error
安全:
[*] User-mode
[*] When checking for namespaces' CRIU entered userns with host creds
弃用/移除:
[*] Completely removed 'show' action. Use CRIT instead.
页:
[1]