Mirrors/criu
1
0
Fork 0
mirror of https://github.com/checkpoint-restore/criu.git synced 2026-01-23 02:14:37 +00:00
Code Issues Projects Releases Wiki Activity
No description
5380 commits 13 branches 71 tags 73 MiB
Find a file
Tycho Andersen 0d8aec0c3a seccomp: add initial support for SECCOMP_MODE_STRICT 
Unfortunately, SECCOMP_MODE_FILTER is not currently exposed to userspace,
so we can't checkpoint that. In any case, this is what we need to do for
SECCOMP_MODE_STRICT, so let's do it.

This patch works by first disabling seccomp for any processes who are going
to have seccomp filters restored, then restoring the process (including the
seccomp filters), and finally resuming the seccomp filters before detaching
from the process.

v2 changes:

* update for kernel patch v2
* use protobuf enum for seccomp type
* don't parse /proc/pid/status twice

v3 changes:

* get rid of extra CR_STAGE_SECCOMP_SUSPEND stage
* only suspend seccomp in finalize_restore(), just before the unmap
* restore the (same) seccomp state in threads too; also add a note about
  how this is slightly wrong, and that we should at least check for a
  mismatch

Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
2015-06-24 17:38:32 +03:00
arch pie/x86_64: syscall clobbers rcx and r11 2015-06-16 12:17:34 +03:00
contrib Try to determine the bind mount file for dockerinit 2015-01-12 13:20:06 +03:00
Documentation Revert "cgroups: Add ability to reuse existing cgroup yard directory" 2015-06-16 19:15:20 +03:00
include seccomp: add initial support for SECCOMP_MODE_STRICT 2015-06-24 17:38:32 +03:00
lib libcriu: add skip_mnt and enable_fs support 2015-05-07 18:37:16 +03:00
pie seccomp: add initial support for SECCOMP_MODE_STRICT 2015-06-24 17:38:32 +03:00
protobuf seccomp: add initial support for SECCOMP_MODE_STRICT 2015-06-24 17:38:32 +03:00
pycriu crit: Avoid full exception trace when meeting unknown magic in image (v2) 2015-05-30 00:32:27 +03:00
scripts seccomp: add initial support for SECCOMP_MODE_STRICT 2015-06-24 17:38:32 +03:00
test proc: mount proc with minimal permissions 2015-06-19 12:20:15 +03:00
.gitignore Makefile: allow optional local rules 2015-05-05 13:43:55 +03:00
.mailmap repo: Add mailmap file 2012-03-25 23:31:20 +04:00
.travis.yml travis: add python-ipaddr as a dep 2015-02-09 14:07:07 +03:00
action-scripts.c scripts: Exit early if no scripts passed 2014-11-14 15:51:28 +04:00
aio.c aio: Fix vma->start printing format on arm 2014-12-30 15:38:25 +03:00
bfd.c Use run-time page size where it matters 2015-04-22 15:39:05 +03:00
cgroup.c Revert "cgroups: Add ability to reuse existing cgroup yard directory" 2015-06-16 19:15:20 +03:00
COPYING Add LGPL licence for library directory 2013-04-01 12:29:06 +04:00
cr-check.c Fix pr_perror() usage 2015-05-05 13:36:29 +03:00
cr-dedup.c page-read: Explicitly mark ENOENT with return code 2015-03-13 14:42:11 +03:00
cr-dump.c seccomp: add initial support for SECCOMP_MODE_STRICT 2015-06-24 17:38:32 +03:00
cr-errno.c cr-errno: initial commit 2014-12-19 18:58:46 +03:00
cr-exec.c seccomp: add initial support for SECCOMP_MODE_STRICT 2015-06-24 17:38:32 +03:00
cr-restore.c seccomp: add initial support for SECCOMP_MODE_STRICT 2015-06-24 17:38:32 +03:00
cr-service.c add RPC options for for --enable-fs and --skip_mount 2015-04-27 14:57:27 +03:00
cr-show.c show: read a second magic when it's required 2015-04-21 16:15:44 +03:00
CREDITS Add the CREDITS file 2012-07-30 13:52:37 +04:00
crit crit: Avoid full exception trace when meeting unknown magic in image (v2) 2015-05-30 00:32:27 +03:00
crtools crtools: rename binary to criu 2013-04-30 20:17:55 +04:00
crtools.c Revert "cgroups: Add ability to reuse existing cgroup yard directory" 2015-06-16 19:15:20 +03:00
Dockerfile test: add ability to execute tests in a docker container 2015-03-24 11:05:47 +03:00
eventfd.c img: Rename fdset -> imgset 2014-09-30 21:48:10 +04:00
eventpoll.c img: Remove O_OPT and COLLECT_OPTIONAL 2015-03-13 14:42:01 +03:00
fifo.c img: Introduce the struct cr_img 2014-09-30 21:48:13 +04:00
file-ids.c files-ids: generate id-s accoding with mnt_id, st->st_dev and st->st_ino 2014-04-21 22:39:28 +04:00
file-lock.c lock: parse the lock field in fdinfo if it's avaliable (v2) 2015-04-27 14:53:24 +03:00
files-ext.c img: Introduce the struct cr_img 2014-09-30 21:48:13 +04:00
files-reg.c Fix check for open_image() ret 2015-05-05 13:37:16 +03:00
files.c files: Print file type for BUG 2015-05-29 13:57:18 +03:00
fsnotify.c Fix pr_perror() usage 2015-05-05 13:36:29 +03:00
image-desc.c img: Introduce v1.1 images (v2) 2015-04-14 15:18:32 +03:00
image.c img: Remove empty lazy images after dump 2015-05-30 00:31:52 +03:00
ipc_ns.c sysctl: Pass number of requests in argument 2015-05-05 14:14:24 +03:00
irmap.c img: Introduce empty images 2015-03-13 14:42:54 +03:00
kcmp-ids.c kcmp: Fix ret code comparison 2014-04-22 12:51:15 +04:00
kerndat.c lsm: get host lsm type from the host mntns 2015-05-19 22:36:59 +03:00
libnetlink.c nlk: Add error callback to do_rtnl_req 2015-01-22 18:54:37 +03:00
log.c log_init(): don't leak fd on error 2015-05-08 15:32:26 +03:00
lsm.c Fix antique style declarations in lsm.[ch] 2015-06-02 15:21:10 +03:00
Makefile make: Be able to force turning off piegen 2015-06-19 12:22:54 +03:00
Makefile.config seccomp: add initial support for SECCOMP_MODE_STRICT 2015-06-24 17:38:32 +03:00
Makefile.crtools pie: piegen -- Slightly rework the building procedure 2015-06-08 23:53:27 +03:00
Makefile.inc install: install criu-service logrotate config 2014-02-18 12:39:50 +04:00
mem.c vma: Unify private VMAs testing 2015-04-01 12:36:46 +03:00
mount.c mnt: tune the root mount before mounting a root yard 2015-06-11 19:48:42 +03:00
namespaces.c Fix pr_perror() usage 2015-05-05 13:36:29 +03:00
net.c net: don't call netns_entry__free_unpacked for uninitialized pointer (v2) 2015-06-11 19:50:03 +03:00
netfilter.c iptables: use cr_system instead of system 2013-10-02 20:09:37 +04:00
page-pipe.c log: Use pr_quelled helper 2014-09-03 20:56:58 +04:00
page-read.c img: Introduce empty images 2015-03-13 14:42:54 +03:00
page-xfer.c cr_page_server(): avoid using uninit variable 2015-05-07 18:37:46 +03:00
pagemap-cache.c pagemap-cache: Use page.h helpers 2014-02-21 16:29:41 +04:00
parasite-syscall.c pie: relocs -- Fix compilation on ARM 2015-06-16 11:40:20 +03:00
pipes.c fd: Factor out inheriting FDs code 2015-01-12 14:46:51 +03:00
plugin.c plugin: Rework plugins API, v2 2014-09-03 20:48:36 +04:00
proc_parse.c seccomp: add initial support for SECCOMP_MODE_STRICT 2015-06-24 17:38:32 +03:00
protobuf-desc.c criu: add constants about user namespaces 2014-11-07 17:00:32 +04:00
protobuf.c img: Don't create empty images 2015-03-16 15:58:32 +03:00
pstree.c mnt: Add comment about mntns to tasks assignment 2015-04-01 12:37:23 +03:00
ptrace.c seccomp: add initial support for SECCOMP_MODE_STRICT 2015-06-24 17:38:32 +03:00
rbtree.c code: Fix spaced indentation where found 2012-08-11 21:36:03 +04:00
README.md Updated README 2015-05-19 22:38:06 +03:00
rst-malloc.c whitespace-at-eol cleanup 2013-12-12 10:00:45 +04:00
sd-daemon.c systemd socket activation support 2013-12-12 09:58:50 +04:00
sd-daemon.h systemd socket activation support 2013-12-12 09:58:50 +04:00
security.c security: add cr_fchown 2015-02-10 16:54:31 +03:00
shmem.c page-read: Explicitly mark ENOENT with return code 2015-03-13 14:42:11 +03:00
sigframe.c sigframe: cast the pointer to the field ucontext::uc_sigmask to k_rtsigset_t 2014-04-08 15:36:09 +04:00
signalfd.c img: Remove O_OPT and COLLECT_OPTIONAL 2015-03-13 14:42:01 +03:00
sk-inet.c open_inet_sk(): don't leak socket fd on error 2015-05-08 15:31:53 +03:00
sk-netlink.c img: Remove O_OPT and COLLECT_OPTIONAL 2015-03-13 14:42:01 +03:00
sk-packet.c img: Remove O_OPT and COLLECT_OPTIONAL 2015-03-13 14:42:01 +03:00
sk-queue.c img: Introduce the struct cr_img 2014-09-30 21:48:13 +04:00
sk-tcp.c Do not call listen() when SO_REUSEADDR is off 2015-02-16 13:18:32 +03:00
sk-unix.c unix: Don't dump external peer w/o name 2015-06-08 23:36:21 +03:00
sockets.c sockets: Don't print warning in case collection succeeded 2015-06-08 23:35:20 +03:00
stats.c img: Introduce the struct cr_img 2014-09-30 21:48:13 +04:00
string.c string: Add strlcat helper 2013-11-29 15:36:07 +04:00
sysctl.c sysctl: Make CTL_READ nonfatal 2015-05-12 15:58:58 +03:00
sysfs_parse.c Ignore mnt_id value for AUFS file descriptors. 2015-02-09 14:07:40 +03:00
timerfd.c img: Remove O_OPT and COLLECT_OPTIONAL 2015-03-13 14:42:01 +03:00
tty.c tty: Drop TTY_SUBTYPE_SLAVE from /dev/console and /dev/tty 2015-04-02 20:20:23 +03:00
tun.c tunfile_open(): don't leak fd on error path 2015-05-08 15:32:17 +03:00
util.c proc: Don't use parent proc_self_fd cached descriptor 2015-05-30 00:32:08 +03:00
uts_ns.c sysctl: Pass number of requests in argument 2015-05-05 14:14:24 +03:00

README.md

CRIU (Checkpoint and Restore in Userspace)

An utility to checkpoint/restore tasks. Using this tool, you can freeze a running application (or part of it) and checkpoint it to a hard drive as a collection of files. You can then use the files to restore and run the application from the point it was frozen at. The distinctive feature of the CRIU project is that it is mainly implemented in user space.

The project home is at http://criu.org.

Pages worth starting with are:

How to contribute