Mirrors/criu
1
0
Fork 0
mirror of https://github.com/checkpoint-restore/criu.git synced 2026-01-23 02:14:37 +00:00
Code Issues Projects Releases Wiki Activity

criu(8): Add info about unprivileged mode limitations

Browse source 
Signed-off-by: Younes Manton <ymanton@ca.ibm.com>
This commit is contained in:
Younes Manton 2022-12-16 08:55:55 -08:00 committed by Andrei Vagin
parent d088a711b0
commit 317170ce09
1 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

10
Documentation/criu.txt
View file

@ -906,6 +906,16 @@ Currently *criu* can benefit from the following additional capabilities:
- *CAP_SETUID*
- *CAP_SYS_RESOURCE*
Note that for some operations, having a capability in a namespace other than
the init namespace (i.e. the default/root namespace) is not sufficient. For
example, in order to read symlinks in proc/[pid]/map_files CRIU requires
CAP_CHECKPOINT_RESTORE in the init namespace; having CAP_CHECKPOINT_RESTORE
while running in another user namespace (e.g. in a container) does not allow
CRIU to read symlinks in /proc/[pid]/map_files.
Without access to /proc/[pid]/map_files checkpointing/restoring processes
that have mapped deleted files may not be possible.
Independent of the capabilities it is always necessary to use "*--unprivileged*" to
accept *criu*'s limitation in non-root mode.