From 04a6fcdc823106335269039ab0b1b498424c1323 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 17 Nov 2023 11:16:26 +0100 Subject: [PATCH] Sync from SUSE:ALP:Source:Standard:1.0 criu revision bac26ba49d10223ccbb5ee080a3a072d --- .gitattributes | 23 + ...ftables-installed-in-different-direc.patch | 42 + criu-3.18.tar.gz | 3 + criu-amdgpu-plugin-fix.patch | 28 + criu-ns-python3-shebang.patch | 12 + criu-py-install-fix.diff | 56 + criu.changes | 1345 +++++++++++++++++ criu.spec | 206 +++ plugin-dir-path.patch | 43 + 9 files changed, 1758 insertions(+) create mode 100644 .gitattributes create mode 100644 0002-Fix-build-with-nftables-installed-in-different-direc.patch create mode 100644 criu-3.18.tar.gz create mode 100644 criu-amdgpu-plugin-fix.patch create mode 100644 criu-ns-python3-shebang.patch create mode 100644 criu-py-install-fix.diff create mode 100644 criu.changes create mode 100644 criu.spec create mode 100644 plugin-dir-path.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..fecc750 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/0002-Fix-build-with-nftables-installed-in-different-direc.patch b/0002-Fix-build-with-nftables-installed-in-different-direc.patch new file mode 100644 index 0000000..590ed6f --- /dev/null +++ b/0002-Fix-build-with-nftables-installed-in-different-direc.patch @@ -0,0 +1,42 @@ +From 95191250537d1cd872668647da76234241f16661 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Tue, 1 Dec 2020 16:32:19 +0100 +Subject: [PATCH] Fix build with nftables installed in different directory + +The cflags needs to be passed to the build test. + +Signed-off-by: Takashi Iwai +--- + Makefile.config | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +--- a/Makefile.config ++++ b/Makefile.config +@@ -38,13 +38,16 @@ else + endif + + ifeq ($(call pkg-config-check,libnftables),y) ++ CFLAGS_NFTABLES := $(shell $(PKG_CONFIG) --cflags libnftables) + LIB_NFTABLES := $(shell $(PKG_CONFIG) --libs libnftables) +- ifeq ($(call try-cc,$(FEATURE_TEST_NFTABLES_LIB_API_0),$(LIB_NFTABLES)),true) ++ ifeq ($(call try-cc,$(FEATURE_TEST_NFTABLES_LIB_API_0),$(CFLAGS_NFTABLES) $(LIB_NFTABLES)),true) + LIBS_FEATURES += $(LIB_NFTABLES) + FEATURE_DEFINES += -DCONFIG_HAS_NFTABLES_LIB_API_0 +- else ifeq ($(call try-cc,$(FEATURE_TEST_NFTABLES_LIB_API_1),$(LIB_NFTABLES)),true) ++ FEATURE_CFLAGS += $(CFLAGS_NFTABLES) ++ else ifeq ($(call try-cc,$(FEATURE_TEST_NFTABLES_LIB_API_1),$(CFLAGS_NFTABLES) $(LIB_NFTABLES)),true) + LIBS_FEATURES += $(LIB_NFTABLES) + FEATURE_DEFINES += -DCONFIG_HAS_NFTABLES_LIB_API_1 ++ FEATURE_CFLAGS += $(CFLAGS_NFTABLES) + else + $(warning Warn: you have libnftables installed but it has incompatible API) + $(warning Warn: Building without nftables support) +@@ -75,7 +78,7 @@ endif + endif + + export DEFINES += $(FEATURE_DEFINES) +-export CFLAGS += $(FEATURE_DEFINES) ++export CFLAGS += $(FEATURE_DEFINES) $(FEATURE_CFLAGS) + + FEATURES_LIST := TCP_REPAIR STRLCPY STRLCAT PTRACE_PEEKSIGINFO \ + SETPROCTITLE_INIT MEMFD TCP_REPAIR_WINDOW MEMFD_CREATE \ diff --git a/criu-3.18.tar.gz b/criu-3.18.tar.gz new file mode 100644 index 0000000..6985818 --- /dev/null +++ b/criu-3.18.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6a9997981c9fe4730c848ce59346b3a22fad69b803607cb67a3f6ec0557fa474 +size 1354367 diff --git a/criu-amdgpu-plugin-fix.patch b/criu-amdgpu-plugin-fix.patch new file mode 100644 index 0000000..53457a3 --- /dev/null +++ b/criu-amdgpu-plugin-fix.patch @@ -0,0 +1,28 @@ +--- + plugins/amdgpu/Makefile | 3 ++- + plugins/amdgpu/kfd_ioctl.h | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/plugins/amdgpu/Makefile ++++ b/plugins/amdgpu/Makefile +@@ -5,7 +5,8 @@ PLUGIN_SOBJ := amdgpu_plugin.so + PLUGIN_INCLUDE := -iquote../../include + PLUGIN_INCLUDE += -iquote../../criu/include + PLUGIN_INCLUDE += -iquote../../criu/arch/$(ARCH)/include/ +-PLUGIN_INCLUDE += -iquote../../ ++PLUGIN_INCLUDE += -iquote../../include ++PLUGIN_INCLUDE += -iquote../.. + + COMPEL := ../../compel/compel-host + LIBDRM_INC := -I/usr/include/libdrm +--- a/plugins/amdgpu/kfd_ioctl.h ++++ b/plugins/amdgpu/kfd_ioctl.h +@@ -23,7 +23,7 @@ + #ifndef KFD_IOCTL_H_INCLUDED + #define KFD_IOCTL_H_INCLUDED + +-#include ++#include + #include + + /* diff --git a/criu-ns-python3-shebang.patch b/criu-ns-python3-shebang.patch new file mode 100644 index 0000000..34c60b9 --- /dev/null +++ b/criu-ns-python3-shebang.patch @@ -0,0 +1,12 @@ +--- + scripts/criu-ns | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/scripts/criu-ns ++++ b/scripts/criu-ns +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python3 ++#!/usr/bin/python3 + import ctypes + import ctypes.util + import errno diff --git a/criu-py-install-fix.diff b/criu-py-install-fix.diff new file mode 100644 index 0000000..1c3c243 --- /dev/null +++ b/criu-py-install-fix.diff @@ -0,0 +1,56 @@ +--- + lib/Makefile | 7 ++++++- + scripts/crit-setup.py | 25 +++++++++++++++++++++++++ + 2 files changed, 31 insertions(+), 1 deletion(-) + +--- a/lib/Makefile ++++ b/lib/Makefile +@@ -2,6 +2,10 @@ CRIU_SO := libcriu.so + CRIU_A := libcriu.a + UAPI_HEADERS := lib/c/criu.h images/rpc.proto images/rpc.pb-c.h criu/include/version.h + ++# ++# File to keep track of files installed by setup.py ++CRIT_SETUP_FILES := lib/.crit-setup.files ++ + all-y += lib-c lib-a lib-py + + # +@@ -56,7 +60,8 @@ install: lib-c lib-a lib-py crit/crit li + $(Q) install -m 644 lib/c/criu.pc $(DESTDIR)$(LIBDIR)/pkgconfig + ifeq ($(PYTHON),python3) + $(E) " INSTALL " crit +- $(Q) $(PYTHON) -m pip install --upgrade --force-reinstall --prefix=$(DESTDIR)$(PREFIX) ./crit ++ # $(Q) $(PYTHON) -m pip install --upgrade --force-reinstall --prefix=$(DESTDIR)$(PREFIX) ./crit ++ $(Q) $(PYTHON) scripts/crit-setup.py install --root=$(DESTDIR) --prefix=$(PREFIX) --record $(CRIT_SETUP_FILES) + endif + .PHONY: install + +--- /dev/null ++++ b/scripts/crit-setup.py +@@ -0,0 +1,25 @@ ++import os ++from distutils.core import setup ++ ++criu_version = "0.0.1" ++env = os.environ ++ ++if 'CRIU_VERSION_MAJOR' in env and 'CRIU_VERSION_MINOR' in env: ++ criu_version = '{}.{}'.format( ++ env['CRIU_VERSION_MAJOR'], ++ env['CRIU_VERSION_MINOR'] ++ ) ++ ++ if 'CRIU_VERSION_SUBLEVEL' in env and env['CRIU_VERSION_SUBLEVEL']: ++ criu_version += '.' + env['CRIU_VERSION_SUBLEVEL'] ++ ++setup(name="crit", ++ version=criu_version, ++ description="CRiu Image Tool", ++ author="CRIU team", ++ author_email="criu@openvz.org", ++ license="GPLv2", ++ url="https://github.com/checkpoint-restore/criu", ++ package_dir={'pycriu': 'lib/py'}, ++ packages=["pycriu", "pycriu.images"], ++ scripts=["crit/crit"]) diff --git a/criu.changes b/criu.changes new file mode 100644 index 0000000..95a0d3f --- /dev/null +++ b/criu.changes @@ -0,0 +1,1345 @@ +------------------------------------------------------------------- +Tue Jun 6 15:31:57 UTC 2023 - Takashi Iwai + +- Update to criu 3.18: + New features: + * Allow CRIU to be used as non-root + * Add SIGTSTP support + * Add opt to skip file r/w/x check on restore + Bugfixes: + * Many fixes here and there + Improvements: + * cgroup2: Dump cgroup controllers of every threads in a process + * save IP_FREEBIND option for SOCK_RAW sockets also + * support IP_PKTINFO and IPV6_RECVPKTINFO options + * Implement hw breakpoint for arm64 platform + * Set only used XFEATURE_* in xstate_bv + * Checkpoint and restore some global properties + * A checkpoint optimization for highly sparse ghost files (--ghost-fiemap) +- Refresh criu-py-install-fix.diff: + a workaround for non-working python-pip inside build environment by + reviving the old setup script +- Fix shebang of criu-ns script: + criu-ns-python3-shebang.patch +- Drop obsoleted patches: + criu-fix-conflicting-headers.patch + mount-add-definition-for-FSOPEN_CLOEXEC.patch + +------------------------------------------------------------------- +Fri Sep 30 14:17:33 UTC 2022 - Takashi Iwai + +- Disable LTO, as it results in segfaults (bsc#1203854) + +------------------------------------------------------------------- +Wed Sep 14 07:20:38 UTC 2022 - Takashi Iwai + +- Fix build with glibc 2.36: backports of two upstream fixes + criu-fix-conflicting-headers.patch + mount-add-definition-for-FSOPEN_CLOEXEC.patch + +------------------------------------------------------------------- +Thu Aug 11 07:06:26 UTC 2022 - Takashi Iwai + +- Update to criu 3.17.1: + * Fixes for pre-dump read mode + * Fixes for mount-v2 + * amdgpu plugin build and installation fixes + * Some minor CI related fixes + +------------------------------------------------------------------- +Wed May 18 07:01:20 UTC 2022 - Takashi Iwai + +- Update to criu 3.17: + New features: + * Introduced mount-v2 engine + * Added support for MAP_HUGETLB mappings + * Added support for Linux Restartable Sequences + * Added support for SOCK_SEQPACKET unix sockets + * CRIU AMD GPU plugin + Bugfixes: + * GCC 12 compatibility fixes + * cgroup: fix --manage-cgroups=ignore + * several memory leaks fixed in net, files, mount, tun and config + subsystems + * Improvements: + * bpf: switch from deprecated bpf_create_map_xattr to bpf_map_create + * bpfmap: handle map_extra field + * setsockopt(SO_BUF_LOCK) support for tcp sockets +- New criu-plugin-amdgpu sub-package for AMDGPU ROCm plugin, enabled + only for x86_64 and aarch64. +- Build fixes for plugins: + criu-amdgpu-plugin-fix.patch +- Change the plugin install path to $libdir/criu: + plugin-dir-path.patch + +------------------------------------------------------------------- +Wed Dec 15 08:29:36 CET 2021 - tiwai@suse.de + +- Drop ix86 build, which has been failing almost always + +------------------------------------------------------------------- +Tue Dec 7 15:10:26 CET 2021 - tiwai@suse.de + +- Enable nftables for SLE15-SP3 / openSUSE Leap 15.3, too (bsc#1193486) + +------------------------------------------------------------------- +Fri Oct 15 10:09:52 CEST 2021 - tiwai@suse.de + +- Update to criu 3.16.1: + see details at https://criu.org/Download/criu/3.16.1 + Bugfixes: + * Switch criu-ns helper script from unversioned 'python' to + 'python3' for easier distribution packaging + Improvements: + * Add '--join-ns' interface to libcriu to allow joining namespaces + via libcriu like CLI and RPC already allow +- Change Source URL to github + +------------------------------------------------------------------- +Tue Oct 12 11:23:19 CEST 2021 - tiwai@suse.de + +- Update to criu 3.16: + see details at https://criu.org/Download/criu/3.16 + New features: + * criu-ns helper script + * support checkpoint/restore of stacked apparmor profiles + * add nftables based network locking/unlocking + * allow restoring of precreated veth devices + Improvements: + * better support for restoring containers into existing pods + * pidfd based pid reuse detection for RPC clients + * license change for all files in the images/ directory to MIT + * use clang-format for automatic code indentation +- Drop criu-protobuf-c-1.4-underscore-fix.patch + as obsoleted + +------------------------------------------------------------------- +Wed May 26 18:23:43 CEST 2021 - tiwai@suse.de + +- Fix the build with protobuf-c 1.4: + criu-protobuf-c-1.4-underscore-fix.patch + +------------------------------------------------------------------- +Tue Dec 1 15:58:59 CET 2020 - tiwai@suse.de + +- Update to criu 3.15: + see details at https://criu.org/Download/criu/3.15 + New features: + * Introduced criu-image-streamer + * Added MIPS support + * Allow checkpointing out of existing PID namespace and restoring + into existing PID namespace + * Added additional file validation mechanisms + * Added support to checkpoint and restore BPF hash maps + (BPF_MAP_TYPE_HASH) and array maps (BPF_MAP_TYPE_ARRAY) + * Initial cgroups v2 support +- Fix build with nftables package: + 0002-Fix-build-with-nftables-installed-in-different-direc.patch + +------------------------------------------------------------------- +Wed Sep 23 12:17:11 UTC 2020 - Dirk Mueller + +- fix filelist mismatch after libexecdir change + +------------------------------------------------------------------- +Wed May 20 16:49:38 CEST 2020 - tiwai@suse.de + +- Update to criu 3.14: + New features: + * C/R of memfd memory mappings and file descriptors + * Add time namespace support + * Add the read pre-dump mode which uses process_vm_readv + * Add --cgroup-yard option + * Add support of the cgroup v2 freezer + * Add support of opened O_PATH fds + Bugfixes: + * Fix C/R ia32 processes on AMD #398 + * Fix cross-compilation + * Many fixes here and there + Improvements: + * Use clone3() with set_tid to restore processes + * Clean up compel headers + * Use the new mount API +- Add libgnutls-devel to buildreq + +------------------------------------------------------------------- +Wed May 13 07:39:45 UTC 2020 - Guillaume GARDET + +- Disable LTO on aarch64 and armv7 +- Add '-Wno-error=deprecated' to fix build on armv7 +- Exclude armv6 since criu/arch/arm/bitops.S uses 'dmb ish' which + is armv7+ + +------------------------------------------------------------------- +Mon Nov 18 16:47:34 CET 2019 - tiwai@suse.de + +- Update to criu 3.13: + New features: + * VDSO: arm32 support + * Add TLS support for page server communications + * "Ignore" mode for --manage-cgroups + * Restore SO_BROADCAST option for inet sockets + Bugfixes: + * Auxiliary events were left in inotify queues + * Lazy-pages daemon didn't detect stack pages and surrounders + properly and marked them as "lazy" + * Memory and resource leakage were detected by coverity, cppcheck + and clang + Improvements: + * Use gettimeofday() directly from vdso for restore timings + * Reformat all .py code into pep8 style + +------------------------------------------------------------------- +Wed Sep 4 19:27:24 UTC 2019 - antoine.belvire@opensuse.org + +- Fix build on Tumbleweed: Add -ffat-lto-objects to lto cflags. + +------------------------------------------------------------------- +Mon May 6 20:13:44 CEST 2019 - tiwai@suse.de + +- Update to criu 3.12: + New features: + * build CRIU with Android NDK + * C/R of IP RAW sockets + * lsm: dump and restore any SELinux process label + * support restoring ghost files on readonly mounts + Bugfixes: + * Do not lock network if running in the host network namespace + * Fix RPC configuration file handling + * util: don't leak file descriprots to third-party tools + * small fixes here and there + Improvements: + * travis: switch to the Ubuntu Xenial + * travis-ci: Enable ia32 tests + * Many improvements and bug fixes in the libcriu + * Changes in the API and ABI (SONAME increased from 1 to 2) +- Updated to libcriu2 subpackage to follow SONAME 2 +- Dropped obsoleted patch: + criu-asciidoctor.patch + +------------------------------------------------------------------- +Mon Nov 19 17:46:08 CET 2018 - tiwai@suse.de + +- Update to criu 3.10: + New features: + * Support Python3 in ZDTM and CRIT + * Keep names for UNIX sockets, that are unlinked from the FS + * IPVv6 support for page server + * Set page server socket fd via CLI + * Large pages support for aarch64/ppc64 + * C/R of Per-thread seccomp chains + Bugfixes: + * Failed non-container restore could kill random task on the host + * Failure to dump namespaces was erroneously ignored + * CRIT didn't show cpuinfo image file + * Tasks that got PID-reuse couldn't be dumped iteratively because + previous images were missing + +- Update to criu 3.11: + New features: + * cpuinfo: Detect compact frames and handle noxsaves + * Add support for configuration files + * Add support for external net namespaces + * Punch holes in input files when restoring anonymous non-shared + memory ( --auto-dedup ) + * C/R of + + epoll: Add support for duped targets + + tun: Add support for multiple net ns + + x86: Support extendable fpu frames + Bugfixes: + * mount: Better handling of mount points propagation + * nmk: Make collect-deps to be more precise about targets + * lazy-pages: Don't mark current stack page as lazy + * x86: CPU -- Rework feature testing + * files: Fix O(n^2) restore in terms of the number of fds + * fdstore: Unlimit fdstore queue on start + * mount: Fix regression where open_mountpoint failed on readonly fs + * page server: Handle partial splicing + * ... lots of small fixes here and there + Improvements: + * Remove all magic of service descriptors when it isn't required + +- Switch to python3 + +- Use asciidoctor instead of asciidoc for formatting manuals: + criu-asciidoctor.patch + +------------------------------------------------------------------- +Mon May 28 21:15:10 UTC 2018 - avindra@opensuse.org + +- update to criu 3.9: + New features + - C/R of + + Tun-Tap devices in sub-netns + + File descriptors which were opened with O_TMPFILE + Improvements + - Restore of inotify watchers + - Restore unix sockets in proper mount namespaces + - Print CRIU and kernel version also in RPC mode + Bugfixes + - Random memory corruptions during lazy restore + - Workaround the iptables issue + - Don't use standard descriptors when tar is running to dump + tmpfs mounts + - Fail dump if dump_one_file() fails + - Fill kerndat with zero-s before reading it from cache +- cleanup with spec-cleaner + +------------------------------------------------------------------- +Thu Apr 5 12:30:17 CEST 2018 - tiwai@suse.de + +- update to criu 3.8.1: a bug-fix release + FDstore was initialized twice (re-initialized) causing e.g. + --shell-job restore to fail + +------------------------------------------------------------------- +Tue Mar 20 22:50:51 CET 2018 - tiwai@suse.de + +- Add python-devel to BuildReq explicitly, as a preparation for + fallback to asciidoctor (bsc#1075764) + +------------------------------------------------------------------- +Tue Mar 13 16:21:20 UTC 2018 - avindra@opensuse.org + +- update to criu 3.8: + New features + * C/R of + - Multiple network namespaces + - Overmounted tmpfs mounts + - Unix sockets and epoll descriptors in SCM messages + Improvements + * Rework service descriptors not to cause fdtable enormous grows + Bugfixes + * FP state wasn't reported on Skylake due to a kernel bug + * gcc 8 warning fixes + * Resource leaked on error paths + * Attributes of sit devices with value 0 were not saved into + images (and were restored into default values) + * Tasks with pgid of a zombie hung the resture + * Ghost files on RO bind-mounts of an RW mount couldn't be + restored + * Random memory corruptions during lazy restore +- cleanup with spec-cleaner +- switch to https urls +- list binaries and man pages explicitly +- remove rest of static libs to fix rpm lint errors + +------------------------------------------------------------------- +Fri Dec 22 23:57:01 UTC 2017 - avindra@opensuse.org + +- update to criu 3.7: + New features + * Pipes usage statistics + * Run page server as non-daemon via RPC + * C/R of + - SO_REUSEPORT option + - IPv4-mapped inet sockets + - Net_prio CGroups + - Overmounted shared mountpoints + - Non-broken and breaking leases + Improvements + * Show criu and kernel versions in logs + * CRIT decodes socket families, protocols and types + * Much less pipes is needed for pre-dump, which is especially + useful for big mem migration + Bugfixes + * Files in /proc/pid/map_file could be opened by non-exiting + name (with 0x prefix) and it was fixed in kernel + * CRIU log levels were used to configure logging for libsoccr + thus breaking its logs + * Overflow in various IDs caused bad image names + * Compat (32bit) syscalls lost signedness in compel + * Corked sockets lost cork flag + * Preadv() syscall was declared with error which resulted in + dump errors on 32-bit processors + * Musl compilation failed + * Ghost files in / dump failed + * Crash when releasing context for ghost files, due to free()-ing + shmalloc()-ed area + * Lazy restore could receive partial page and crashed + * Erroneous closing of lazy pages connection caused restore to + hang + * Lazy memory fetch restore could start before tasks are restored +- Remove 0001-images.py-remove-shebang.patch + * upstreamed in 8e45ce4905d186abafb7c20abb3b00207fefdb53 + +------------------------------------------------------------------- +Sun Nov 12 01:05:43 UTC 2017 - aavindraa@gmail.com + +- add 0001-images.py-remove-shebang.patch + * fixes a lint warning about a non-executable python file being + executable due to a superfluous shebang + * upstream: https://lists.openvz.org/pipermail/criu/2017-November/039907.html +- run spec-cleaner + +------------------------------------------------------------------- +Sat Nov 4 22:41:24 UTC 2017 - aavindraa@gmail.com + +- update to criu 3.6: + New features + * C/R for files (except for unix sockets, ttys and epolls) sent + over unix sockets + * C/R for threads with different creds + * Ipv6 over ipv4 tunnel (SIT device) + Bugfixes + * Some s390x registers were not restored by native sigrestore way + * Overflow when parsing autofs info from /proc file + * Dumps of anon shared memory with sysvipc one raced with each + other clashing and corrupting image file names + * The "dumpable" flag was not restore on shmem regions + * Trash bits leaked into image when dumping fsnotify on some + kernels + * Lock/unlock of iptables from different criu processes raced with + each other + * Closed TCP connection with non-empty send queue blocked the dump + * When --empty-ns for netns was set on dump only, the restore + failed (Docker case) +- includes changes from 3.5: + see https://criu.org/Download/criu/3.5 for details + +------------------------------------------------------------------- +Tue Aug 22 17:21:54 CEST 2017 - tiwai@suse.de + +- update to criu 3.4: + New features: + * Support for s390x architecture + Improvements: + * Unexpected death of restored tasks is reported with more + details in logs + * Merged many images containing info about files into one big + files.img + * When helper utility fails (ip, iptables, tar) its name is + printed in logs + Bugfixes: + * Compilation failed on newer glibcs (ucontext_t) + * Dying helper task could deadlock the restore process + * Install-related makefile variables weren't configurable for + distro build + * SIT (ipv6-to-v4 tunnel) presence on host blocked dump of any + containers + * Potential NULL dereference when dumping net namespace + * Dump via page server might not work across different criu + versions + * Failure to restore a subtask could be ignored by the restore + command + * EOF on page-server socket wasn't handled +- Dropped obsoleted patch: + criu-correct-ppc64-AT_VECTOR_SIZE_ARCH.patch +- Add s390x to exclusivearch + +------------------------------------------------------------------- +Wed Jul 19 11:16:42 UTC 2017 - bwiedemann@suse.com + +- update to criu 3.3 + * Add --tcp-close option to help migration of Docker containers + * Allow to override build time to fix build-compare (boo#1047218) + +------------------------------------------------------------------- +Fri Jun 30 11:33:54 CEST 2017 - tiwai@suse.de + +- update to criu 3.2.1: bug fix release, + * Restoring a stack fails on recent kernels due to kernel changes + * Restoring on a host with LSM profiles failed + +------------------------------------------------------------------- +Tue Jun 20 12:26:00 CEST 2017 - tiwai@suse.de + +- update to criu 3.1: + New features: + * Each boolean option now has the --no-$option pair + * RSS explorer in CRIT + * Multiple plugins in compel + * Run-time check of 32-mmap BUG on x86 + * C/R of 32-bit futex robust list on x86 + Optimizations/improvements: + * Start time is improved significantly with kerndat cache + * Sigaction image is merged into Core + * Unneeded stages are skipped during restore + * Restore w/o namespaces uses host /proc + * Restore w/o namespaces doesn't parse host mounts (not needed) + * Single-threaded tasks do not parse /proc/pid/task/ in vain + * BFD engine is used for more /proc files + * More verbosity in libsoccr + * Fsnotify dump w/o namespaces doesn't walk mounts tree + Bugfixes: + * Python bindings left zombie in self-dump mode + * The last_pid sys-control was reset by restore + * Threads caps were compared with mistake + * make install put crit/pycriu to wrong place if DESTDIR was not set + * Fsnotifies C/R w/o namespaces restored with errors + * Inherited control terminal restore was failed (but dump succeeded) + +- update to criu 3.2: + Optimizations/improvements: + * Invisible files restore is de-serialized + * VMAs restore performance is improved significantly + - Mappings of the same file re-use the descriptor, not re-open it + every time + - Not-COW-ed mappings are restored in-place and are not mremmap()ed + - Empty RO mappings are mmap()ed as such and thus not re-mprotect()ed + at the end + * More verbosity in case TCP locking fails (#292) + * More verbosity in case VDSO magic mismatch + * Restore or legacy epoll target descriptors and fsnotify marks is + unified with common case + Bugfixes: + * Restoring fanotify marks from old images (<1.3) dropped the mark + * Binfmt_misc mount could be mounted into wrong place + * Compilation failed with gcc 6.3.0 (#315) + * Waiting helpers could race with sigchild handler and would result + in restore failure + * Missing VVAR page in 32bit tasks wasn't skipped and resulted in + restore failure + * After restore consumption of files is increased (was fixed as + side effect of mmap optimization) + Deprecation/Removal: + * Deprecated separate images for fsnotify marks + +- Fix the installation of python stuff: + criu-py-install-fix.diff +- Fix the build for ppc64: + criu-correct-ppc64-AT_VECTOR_SIZE_ARCH.patch + +------------------------------------------------------------------- +Mon Apr 24 22:31:21 CEST 2017 - tiwai@suse.de + +- update to criu 3.0: + New features: + * Compel library + * Support for x86 32-bit arch + * Version check via RPC + * ASAN support + * Force VDSO trampolines via fault injection + * C/R of shutdown-ed UDP sockets + * C/R of bind-mounts made from external mounts + Optimizations/improvements: + * SysVIPC shmem segments are now dumped as any other shmem + (taking holes into account and sitting in common memory dumps) + * CRIT show decodes socket's states and types and task's states + into strings + * CRIT show prints unix sockets names in more human-readable form + Bugfixes: + * Unix sockets' names appeared in logs with mistakes + * Contents of SysVIPC shmem segments was dumped twice + * Dumping of any memory segment more than 4Gigs failed + * Migration of unaligned SysvSHM segment on Armv7 failed + Deprecation/removal: + * Exec action is removed, use compel instead +- Create libcompel1 sub-package + +------------------------------------------------------------------- +Fri Mar 31 14:49:05 CEST 2017 - tiwai@suse.de + +- update to criu 2.12.1: + Fixes: + * Content for external bind mounts was erroneously dumped, which + could lead to dump failures or huuuge images + * Unneeded collection of host mounts on restore could cause + restore to fail + +------------------------------------------------------------------- +Tue Mar 21 12:06:28 CET 2017 - tiwai@suse.de + +- update to criu 2.12: + New features: + * C/R of external TTYs (for Docker C/R) + Optimizations/improvements: + * Sanitized the way the -v works + Fixes: + * Checking features via RPC crashed + * Resting pipes in user-namespaces could fail on modern kernels + * Shutdown state for UNIX sockets could be lost on restore + * Dump of huge (over 2Gb) SysV shmem segments didn't work + +------------------------------------------------------------------- +Tue Feb 28 15:35:27 CET 2017 - tiwai@suse.de + +- Update to criu 2.11: + New features: + * Added "pre-resume" to action scripts + * New --status-fd option for better control of page server + * C/R OFD file locks, RO root mount for mount namespaces + Optimizations/improvements: + * More strict checks for extra CLI options + * Report errors when probing locks + * Restorer logs now contain timestamps + Fixes: + * Regression: v2.10 was broken on ARM + * Use-after-free when restoring ghost directory + * Array out-of-bound access when restoring VETH device + * Page server exit code could be screwed up + * Clang over-optimized string.h routines resulting in random + crashes + * Parasite failed to send FDs via socket on Alpine Linux + * Restore of huge file tables could get stuck + * Restore of epoll in epoll could fail + * Errno value could be lost when reporting failure to restore + invisible files + * Dump of sched params didn't work on Alpine + * Restore of huge memory dumps (over 2G) failed + * Installation guessed /lib vs /lib64 with errors + * Migration between xsave and noxsave didn't work for wrong cpu + feature being checked +- Update to criu 2.11.1: + Fixes: + * Page server start via RPC was broken + * Fedora build didn't work + * Ppc64LE restorer switch crashed + +------------------------------------------------------------------- +Wed Jan 25 07:52:51 CET 2017 - tiwai@suse.de + +- Update to criu 2.10: + New features: + * C/R of SOCK_PACKET sockets + * Libsoccr -- library for C/R of TCP sockets + Optimizations/improvements: + * Logs cleaned up (removed bunch of useless, fixed '\n' in + perrors) + * Action scripts errors are printed in logs + * Removed several iovec-s copying over the pagemap code + * Restore degraded linearly on Xen guests. Breakpoints disabled + until solution + Fixes: + * Py bindings fault on restore error delivery + * Fd leaked on file restore error path + * Fd leaked when restoring invisible files (gets closed with criu + exit though) + * Link remap restore could fail on kernels 4.8 and higher + * Impossible to restore after restore error with link remap file + in images + * When going daemon a descriptor could be leaked + * Custom setting of mmap_min_addr could make restore to fail + * Sending pages over UNIX socket could race and fail with EAGAIN + * Error getting ID of /proc/pid/ns/foo link not propagated and + could result in bogus NS ID generated +- Add libnet-devel to buildreq for dependency + +------------------------------------------------------------------- +Mon Dec 12 22:59:04 CET 2016 - tiwai@suse.de + +- Update to criu 2.9: + New features: + * CRIU can now be built with clang on all supported architectures + * Ignore missing sysctls on restore with --weak-sysctl + C/R overmounted mountpoints + Optimizations/improvements: + * Batch restore of memory contents from pages.img files + * Link-remap type for invisible files is explicit in images + Man page for CRIT + Fixes: + * C/R with --empty-ns still handled iptables configuration + * SCM messages inside UNIX socket got lost after C/R (now dump + aborted) + * Empty unixsk.img file appeared when dumping tasks without unix + sockets + * Install procedure wasn't PEP-394 compliant + * CRIU blocking netfilter rules were added at the tail of the + chain resulting in unlocked TCP connections + * Dump/Restore spurious failures when open() returned 0 descriptor + * When dumping shmem lots of zero pages were written into image + files + * Ghost directory with more than zero ghost parents caused + restore to fail + * Shared mount could escape to different group on restore + +------------------------------------------------------------------- +Mon Nov 14 16:28:06 CET 2016 - tiwai@suse.de + +- Update to criu 2.8: + New features: + * Ability to configure CRIU build + * Show statistics on the screen with --display-stats + * C/R of Mac-Vlan devices + Optimizations/improvements: + * x86 can now be built with clang + * When dumping files useless garbage was sent with descriptors from + parasite + * The clear_tid_address and regs are printed in hex with CRIT + * Big code rework for compel (part 1) + * Removed duplicate error messages from opening /proc files + Fixes: + * Restoring cgroup NS could use old path prefix + * criu check crashed on btrfs mounts + * RO external mounts in userns couldn't be restored + * Unmounted on host binfmt_misc could cause dump to fail + * Off-by-one could cause criu crash when dumping shared / bind-mount + * Mount namespace' roots could have flags changed on restore + * Dying tasks could erroneously be tried to dump + * Swapped shared memory pages were not dumped + * Errno value can be sometimes spoiled by RPC + * Restore of netns with newer iproute2 tool could fail + Deprecated: + * --ext-unix-sk, --veth-pair and --ext-mount-map, by --external +- Set BINFMT_MISC_VIRTUALIZED config to build + +------------------------------------------------------------------- +Tue Oct 18 17:40:14 CEST 2016 - tiwai@suse.de + +- Update to criu 2.7: + New features: + * Option --cgroup-root now makes sense on dump too + * CLOCK_BOOTTIME timer supported + Optimizations/improvements: + * Output of iptables command leaked into logs for no use + * Helper dev environment installation script for Debian + * Man-page updated and prettified :) + Fixes: + * Unmounted binfmt_misc with rules wasn't dumped at all + * Malloc() error could result in crash + * Device cgroup restore could fail restoring empty record + * Some entries in device cgroups were restored twice + * Potential crash when dumping cgroup bindmounts + * Sign error caused dump to fail on btrfs partitions + * Shared mounts with the same mount path failed the dump + * Threads were restored with unshared FS (cwd and root) + * Shared memory changes tracking disabled (regression found) + * Restore of autofs can hang + * LSM profile propagation could be lost + * Mountpoint with lots of options blocked the dump (too small + buffer for parsing) + * External slave mount (with external master) blocked the dump + * Mounts with STRICTATIME restored with others flags dropped + Deprecated: + * No reg-file entry for TTYs + +------------------------------------------------------------------- +Thu Sep 15 22:36:21 CEST 2016 - tiwai@suse.de + +- Update to criu 2.6: + New features: + * Ability to leave process stopped after restore + * Memory changes tracking for anonymous shared memory + * Deprecation option/environment + * First error message is reported back via RPC + * C/R of More IPCNS sysctls, xIDs of PTYs, TMEM on PPC64LE + Optimizations/improvements: + * Use service FD for transport sockets on restore + * Ability to turn pagemap-cache off (some kernels are buggy) + * The criu --help text has become better + Fixes: + * R/O-mounted root could block the dump + * Restore of cgroup.mm.oom_control could fail + * Cgroup fs bind mounts were detected with error + * Unaligned futex-es in parasite could cause dump to crash + * When compiled with gcc-4.9 parasite code crashed + * Failure to freeze cgroup didn't result in aborting of dump + * Wrong ns list was parsed when dumping userns (invisible + since nesting works only for mntns) + * Non-inheritable non-tty as stdin caused shell-job restore + to erroneously fail Error path in criu dedup could crash + Deprecated: + * Per-pid rlimit, itimers and posix-timers + * Separate image for epoll tfds (target file descriptors) + +------------------------------------------------------------------- +Tue Aug 23 17:00:30 CEST 2016 - tiwai@suse.de + +- Update to criu 2.5: + New features: + * C/R of fs.mqueue.msg*_default sysctls, Unix sockets with + overwritten paths, and Link-remap files in removed directories + Optimizations/improvements: + * Micro-optimization on namespace ID evaluation + * Restoring shared files uses one socket instead of per-fd ones + * More verbosity when refusing to dump a file descriptor + Fixes: + * Restore could fail on openat() with ENXIO when multiple mnt + namespaces get restored + * The criu exec action got broken + * Link-remap and ghost files remained on FS after restore failure + * TCP window could remain clamped after restore resulting in + connection lockup/slowdown + * Dump could stuck when injecting a parasite + * The --timeout option wasn't taken into account when freezing + tasks using freezecg + * Race in freezeing/seizing could result in lost tasks + * Memory leaks here and there on error paths + * Double free in xvstrcat (crash) + * VDSO length was mis-calculated + * Symlink on --root path could make restore erroneously fail + * Potential memory corruption on reading mntns images + * When restoring on systems with low pid_max limit restore could + fail + * RO-protected SysV shmem segments could be restored with + PROT_EXEC + * File mode of mapped file was evaluated with errors + * Restore of cgroups' mem.swappines and ..use_hierarchy blocked + sub-groups creation + * Impossible to restore cgoup mem.swappines default value + * Zombies living in orphan sessions/groups failed the restore + +------------------------------------------------------------------- +Tue Jul 12 12:10:20 CEST 2016 - tiwai@suse.de + +- Update to criu 2.4: + New features: + * Generate core from images + * Ability to forcibly drop half-open TCP connections on C/R + * Ability to specify cgroup ctls to dump via API + Opened/mapped files' mode is compared between dump and restore + times + * AutoFS mountpoints + * New cgroups (perf_event, net_cls, net_prio and pids) + * Memcgroup optional properties + * Devices cgroup + Optimizations/improvements: + * Pagemap image entries are cached in memory + Fixes: + * Configured kmem cgroup limit restore failed + * Mem cgroup oom_control + * Cgroup's pids.max was not C/R-ed + * Failure to write cgroup property was ignored + * No init PID in pre-dump action script + * Sigactions inheritance didn't work on ARM + * Opened "/proc" dir blocked the dump + * Working with iptables was racy + * Sibling mounts detection error on dump + * Devconf accept_redirects devconf could be restored with errors + * "All" devconfs could be overridden by "Default" + * Name-less unix sockets got auto-bound + * Mode was lost for PTY device file on restore + * Newer protobuf compilers didn't recognize PB files + * External mounts could be remounted with MS_PRIVATE + * Build fail on Alpine Linux + Deprecated/removed: + * Per-pid file locks images + * Per-pid fdinfo images + * Ancient pagemap/pages images +- Enable builds on 32bit ARM + +------------------------------------------------------------------- +Wed Jun 15 08:19:40 CEST 2016 - tiwai@suse.de + +- Update to criu 2.3: + New features + * Ability not to show payload for some objects in CRIT + * Pidfile is written at the end of restore + * Ability to join existing namespaces on restore + * C/R of Data sitting in TTYs, Partially write-protected SysVIPC + segments, Debugfs and tracefs mounts, Overmounted tmpfs, IPv6 + devconf sysctls, External block devices, Unix sockets with + mismatched shutdown state + Optimizations/improvements: + * Relaxed calculation of AIO ring size + * Tree-based search of tasks by real pid + * Less mem-to-mem copies on restore + * Saner devconf image format + * More verbose explanation of why task cannot be seized + * PID is printed in PIE logs + Fixes: + * Too many mmap-ed files blocked the dump + * Potential memory corruption when working with IPv6 sockets + * Overmounted bind mounts could cause restore to fail + * Overmounted bind mounts could result in badly restored mount tree + * Incomplete restoration of RO bind mounts options + Deprecated/removed: + * Greedy mode of pagemap (non-root) caused dump to fail (disabled) + +------------------------------------------------------------------- +Tue May 17 14:03:06 CEST 2016 - tiwai@suse.de + +- Update to criu 2.2: mostly bugfixes + New features: + * "Post-resume" added to action scripts + * Root task's PID in environment for action scripts + * Devconfs drop_gratuitous_arp and drop_unicast_in_l2_multicast + * Serial ttys + Optimizations/improvements + * Lighter link-remaps restore on newer kernels + Fixes: + * Race when restoring userns vs setting ns' maps + * Tasks with zero fds failed the dump + * Restore of TCP recv queue could fail due to kernel mem alloc + constraints + * No errors were written to logs when launching helper + (tar/iptables) app in userns restore + * User-mode dumped no memory pages sometimes + * Bind mounts considered not as bind sometimes + * Two mounts in the same directory blocked the dump + * Off-by in on /dev/tty{1,63} dumping + * Forking of cgroupns task was done with screwed clone flags + Deprecated/removed: + * Greedy mode of pagemap dumping (on some kernels we do not + support user-mode) + * Removed the --namespaces option + +------------------------------------------------------------------- +Tue Apr 12 16:35:06 CEST 2016 - tiwai@suse.de + +- Update to criu 2.1: + New features: + * Checking now classifies features to important/extra/experimental + * Ability to bring some disk files into images. + * C/R of Completed AIO requests and fallback gre and gretap net + devices + Optimizations/improvements: + * Code coverage collecting now works + * Use native rtnl library for netlink messages processing + * Using --output - now results in stdout as log, not a file with + the name "-" + * Signals are printed by names in logs + Fixes: + * Make tar generated tarbal with bad name + * CG restore code lacked rollback in some places + * Error code from raw syscalls was treated with errors resulting + in wrong criu check reports + * Dumping task with HUGE amount of file descriptors failed + * Task could be stopped after pre-dump if respective option was used + * A /proc/pid directory from dead process conflicting with a new + alive one could cause dump to fail + * Zombie from alien session/process group caused restore to fail + * CGroup fs was wrongly mounted in CGNS on restore + * Irmap scan was mis-checking devices numbers + * Use-after-free in irmap scan + * Btrfs bindmounts detection was mistaken due to 'subvol=' options + met + * Propagation of mountpoint's shared groups was lost for + propagated mounts + * Unaligned allocations of restore shared memory could result in + codedumps when used by futexes + * Temporary mountpoints could result in spurious propagations + * When aborting the dump criu could crash on use-after-free objects + * Locking the network could stuck doing the DNS resolve + * Several build fixes + Deprecated/removed + * The images from criu prior to 0.4 are deprecated + * The --namespaces option makes no sense and is also deprecated + * The --ms option for check action is deprecated + +------------------------------------------------------------------- +Wed Mar 9 20:43:04 CET 2016 - tiwai@suse.de + +- Update to criu 2.0: + New features: + * New code layout for sub-projects (e.g. Compel) + * Unprivileged dump + * Dump/check cpuinfo support for PPC + * Explorers for CRIT + * Added "post-setup-namespaces" to action scripts + * Added timeout for dump procedure (5 sec by default) + * Ability to override LSM profile on restore with CLI/RPC option + * External bind mounts can be fs-root mounts too + * Skip netns' internals on dump and restore (for Docker integration) + * Advanced support for external files + * More C/R supports + Optimizations/improvements: + * Align parasite stack on 16 bits for correctness + * Compilation with native libc syscall wrappers and helpers + * Parasite code injection done via memfd system call + * Make vaddr to pfn conversion with one less syscall + * CRIT shows device numbers in "maj:min" manner + * CRIT shows mmap's status in verbose + * Docker files for builds on all supported arches + Fixes: + * Absent readlink syscall on ARM (use readlinkat instead) could cause dump to fail + * Wrong argument to timer_create system call could cause restore to crash + * Extra tasks in freeze cgroup caused dump to fail/hand/crash + * Unaligned restore-time object allocations caused lock operations to fail + * Opened /proc/pid dir of dead task failed the dump + * Unaligned stacks caused criu to fail on aarch64 + * Changed device numbers on restore side could cause random failures + * Fixes in mount points sharing/slavery/propagation restore + * Race between mntns creation and fds closing in different tasks could cause restore to fail + * Hard kernel limit on TCP repair recv queue restore could cause big queue restore to fail + * Unconnected dgram UNIX socket with data lost packets on restore + * CRIT didn't show IPC objects + * CRIT didn't convert IP addresses in images + * Logs from PIE code contained corrupted addresses and sizes + * Not loaded netfilter modules could cause dump/restore to stuck on dumping netlink socket + * Shared external mounts were restored with error + Security: + * When checking for namespaces' CRIU entered userns with host creds + * Deprecated/removed: + * Completely removed 'show' action. Use CRIT instead. + +------------------------------------------------------------------- +Tue Dec 8 12:01:05 CET 2015 - tiwai@suse.de + +- Update to criu 1.8: + * Ability to check CRIU features via RPC + * Pre-dump and pre-restore action scripts + * The "info" action in CRIT showing stats about image file + * Python API + * C/R of read-only bind mounts, IPv6 routes and iptables rules, + ip rules (it ip tool supports such), ignore_routes_with_linkdown + netns devconf, empty bridges in netns, FILTER mode of seccomp, + and IP_FREEBIND socket option + * Lots of fixes, two security fixes + Service run as root could allow users to violate ptrace policies + Service run as root could give users access to privileged files + and directories +- Remove superfluous dependencies +- Clean up spec file, as systemd and logrotate supports have been + officially dropped + +------------------------------------------------------------------- +Thu Nov 19 16:10:29 CET 2015 - tiwai@suse.de + +- update to criu 1.7.1: + Fixes in mounts, notifies and userns found while testing openvz +- update to criu 1.7.2: + Fixes for IPC in userns, venet C/R, socket buffers overflow and + unix sockets name off-by-one +- Add the package dependency on python-protobuf + +------------------------------------------------------------------- +Fri Sep 11 16:06:30 CEST 2015 - tiwai@suse.de + +- Disable systemd service as a temporary workaround for possibile + security issues (CVE-2015-5228, CVE-2015-5231, bsc#943105) +- Update to criu 1.7: + * Improved cgroups management + * Support for seccomp strict mode + * Support for stream unix sockets inheritance + * Support uid/gid-restricted mounts in userns + * Support deleted bind-mounts + * Ability to specify maximum ghost file size + * OverlayFS support + * Support relative unix sockets' bind paths + * Altivec and PSX support for PPC + * Small PIE loader + * Temporary proc mountpoint is mounted with nosuid, noexec and nodev + * Less memory copies when preparing restorer binary + * CRIT action "show" for less keystrokes on common use-case + * Fsnotify log messages now use hex everywhere :) + * CRIT output doesn't mix fields any more + * Many fixes +- Drop obsoleted patches: + crit-install-prefix.diff + lsm-prototype-fix.diff + 4c5b23e5-criu.pc.diff + +------------------------------------------------------------------- +Fri Jul 31 07:47:22 UTC 2015 - cbosdonnat@suse.com + +- Fix version in criu.pc file. + 4c5b23e5-criu.pc.diff + +------------------------------------------------------------------- +Mon Jun 1 15:26:56 CEST 2015 - tiwai@suse.de + +- update to version 1.6: + * PowerPC 64bit LE support + * Makefile.local for 3-rd party build rules + * Ability to "enable" filesystem on dump (--enable-fs) + * Ability to skip mountpoint on dump (--skip-mnt) + * Prepare to deprecate "criu show" command + * External mounts auto-detection + * /dev/tty (current terminal) support + * Netdev and netns (all/default) confs C/R + * Images v1.1 with extra magic at head + * Support fusectl (only ctl) mountpoint + * Sub-version format is now as of git-describe + * Apparamor labels C/R support +- Fix library path for aarch64 and ppc64le +- Fix the prototype for lsm.c (to fix build errors): + lsm-prototype-fix.diff +- Refreshed crit-install-prefix.diff + +------------------------------------------------------------------- +Tue Apr 28 11:54:14 CEST 2015 - tiwai@suse.de + +- update to version 1.5.2: + * fix error in mutli-threaded tasks restore with --restore-sibling + (Docker and LXC cases) + * fix too big RPC messages error for service (and swrk) + +------------------------------------------------------------------- +Tue Apr 7 15:52:47 CEST 2015 - tiwai@suse.de + +- Fix build failure on FACTORY due to comment-in-comment in + google/protobuf/descriptor.proto +- update to version 1.5.1: + * fix crash with 4.0 kernel + * legalize swrk API and add the ability for inheriting fds via it + * cgroup yard destruction and properties restore + +------------------------------------------------------------------- +Fri Mar 13 10:10:07 CET 2015 - tiwai@suse.de + +- update to version 1.5: New features + * CRIT tool + * ability to request CPU compatibility on instructions level only + * C/R of empty AIO rings + * more detailed errno report via RPC + * per-feature "criu check" + * inheriting FDs on restore + * ability to automatically move veth device to host-side bridge + on netns restore + * VT terminals support + * more user namespaces C/R stuff + See more details at http://criu.org/Releases#v._1.5 +- fix installation of crit: + crit-install-prefix.diff + +------------------------------------------------------------------- +Mon Dec 1 18:17:51 CET 2014 - tiwai@suse.de + +- update to version 1.4: New features: + * Dump and check cpuinfo + * Initial support for user namespaces + * The docker_cr.sh script for Docker + * New API for writing plugins (old one is still possible) + * Service workers change their title to better look in ps output + * Ability to feed socket for pre-dump and page-server in swrk mode + * Page-server can auto-bind its port + * Ability to perform several actions during one connection to RPC service + * C/R of opened /proc/$pid/foo files of dead tasks + * C/R of /dev/console + * C/R of virtualized devtmpfs (openvz and future upstream kernels) + * C/R of empty mqueue fs (posix message queues) + * C/R of shared bind-mounts + See more details at http://criu.org/Releases#v._1.4 + +------------------------------------------------------------------- +Mon Sep 15 13:43:00 CEST 2014 - tiwai@suse.de + +- update to version 1.3.1, a stable releasing fixing below: + * Sibling restore mode didn't set up CRIU signals properly + * Unpredictable sibling/child root task restore. Fixed with + explicit CLI option + * Validation for leaf mount points was skipped + * Mount options were corrupted on dump, which resulted in errors + bind mounts detection + +------------------------------------------------------------------- +Tue Sep 2 07:33:29 CEST 2014 - tiwai@suse.de + +- update to version 1.3: + * Docker and LXC support, lots of bug fixes +- cleanup spec file, fix rpmlint warnings + +------------------------------------------------------------------- +Wed Jun 18 16:59:16 CEST 2014 - tiwai@suse.de + +- Update to version 1.3-rc2: + * external bind mounts and tasks-to-cgroups bindings + * many bugfixes in memory restore and mounpoints dump + +------------------------------------------------------------------- +Tue May 6 11:48:37 CEST 2014 - tiwai@suse.de + +- Update to version 1.3-rc1: + New features: + * AArch64 + * Multiple mount namespaces + * FPU state restore control + Restore old FPU state on newer CPUs + Ability to ignore FPU restoration + * Support stopped multi-threaded tasks + * CRIU now can execv() other binary right after restore is complete + * Inode-revese mapping can be enforced to allow live-migration with FS copying + * Gold linker can now be used to compile CRIU + * "Berserker" test to check CRIU scalability + * Punch pages from mem images on restore (optimizes live-migration) + Optimizations: + * Batched deduplication of memory images + * Packed rlimits into core image + * Packed timers into core image + Fixes: + * Bad checks for kcmp() ret codes resulted in errors in file sharing detection + * Multiple mmap-s of same files with different flags blocked the restore + * Integer overflow in huge mapping restore caused restoration failure + * Devpts's newinstance option was lost during dump + * Subsequent dump could try to find old mem dump for newly forked task + * Bad detection of overmounted mountpoints on fsnotify restore + * Page-server could read partial message and failed + * Errors in dumping of two subsequent anon vmas in some cases + * Irmap mis-compared devices for disk FS-s + * TMPFS handles always change during dump/restore + * Pre-dump sometimes hangs on FIFO-s + * Post-restore script fails too late (if does it) + +------------------------------------------------------------------- +Sat Mar 1 09:39:03 CET 2014 - tiwai@suse.de + +- Run spec-cleaner, nothing more than that. + +------------------------------------------------------------------- +Wed Feb 26 17:15:26 CET 2014 - tiwai@suse.de + +- Update to version 1.2: + New features: + * Performance improvements + * Library versioning + * RPC API got closer to CLI + * New "post-restore" call in action scripts + * Logrotate rules file + * Default log file for service when starting via systemd + Bug fixes: + * A lot for ARM cross-compile + * Fsnotifies dumping didn't work on NFS + * Images auto-deduplication only worked one level up + * Packet socket ID was treated as file-descriptor and close()-d + * Badly counted pages stats on restore + * Linked remap name conflict when dump and restore on NFS + * Sporadic failures in memory draining due to huge pipes used + * Broken criu show of repeated fields + * Failure to open mountpoint in foreign pid namespace + * Unlinked bound unix socket dump error + * Small memory leak when writing to incremental image(s) + * Restoring fsnotify for links results in ELOOP + * Host's PATH is not suitable when execv-ing tar/ip/iptable to restore namespace (workaround, proper fix will be in 1.3) + * Using subdirs in log file name via RPC breaks security +- New subpackages: libcriu1 and criu-devel +- Remove obsoleted always-define-ptrace_peeksiginfo_args.diff + +------------------------------------------------------------------- +Tue Jan 28 12:42:34 CET 2014 - tiwai@suse.de + +- Update to version 1.1: BUGs fixed, + * Errors from memory dumping are not handled resulting in + corrupted dumps + * EOF detection in stacked images is done with error + * Stacked images don't work on non-shared FS (missing pagemap-s) + +------------------------------------------------------------------- +Tue Jan 21 12:23:27 CET 2014 - tiwai@suse.de + +- Update to version 1.1-rc2: Bugs fixed, + * Crash in criu check + * RPC check always fail on 3.11 kernel + * Failed fork() didn't abort restore + * Dump fail not reported via RPC + * RPC client disconnect wasn't handled + * Page server could connect to self for writing images + * Hang on pre-dumping task livig in net-namespace + * VDSO page mis-handle on pre-dump + * FPU state loss on pre-dump + * Memory tracking turns ON w/o request + * Various fixes (and improvements) in build system +- Fix missing struct ptrace_peeksiginfo_args on FACTORY: + always-define-ptrace_peeksiginfo_args.diff + +------------------------------------------------------------------- +Wed Jan 8 16:40:12 CET 2014 - tiwai@suse.de + +- Update to version 1.1-rc1: + New features: + * libcriu.so -- wrapper library for RPC clients + * new plugins: external unix sockets, external bind mounts, + external net devices and unknown file types + * Images deduplication in incremental dumps + * Integration with systemd + * Filtering of criu show output + Bug fixes: + * Errors in unlinked files/sockets detection on BTRFS + * NFS silly-rename files are not treated as unlinked + * Freezer fail to seize quickly forking/pthread_create-ing tasks + * Extra stop signal queued for stopped tasks after pre-dump + * Wrong dying task state detection + * Lost RPC dump response + * Crash when reporting restore error via RPC + * Negative return code into shell + * Tasks left in wrong states after failed dump + * A little bit more verbose check action + * Coverity checks fail here and there + +- Drop obsoleted criu-fix-PTRACE_LISTEN-define.diff + +------------------------------------------------------------------- +Wed Nov 27 14:29:51 CET 2013 - tiwai@suse.de + +- Fix rpm group tag to System/Console + +------------------------------------------------------------------- +Mon Nov 25 18:09:55 CET 2013 - tiwai@suse.de + +- updated to version 1.0 + * New features: + -W option to specify working dir + CHECK request in RPC + Optimized headers + More info in logs about undumpable files + More comments about tricky dump/restore places + Generic memory allocation for restorer + * Bugfixes + After --leave-running linked remaps were not cleaned + TCP was left locked after --leave-running + Weak criteria in memory COW detection + Private mapping's premmapped address overwrote file ID + Restorer memory could overlap with timers/signals arrays + RPC worker reused options from service task + Suboptimal memory utilization by restorer arguments + TCP unsent/unacked data boundary was lost + Wrong dev_t decoding on 64 bit + Unpredictable daemons (service and page-service) working dir + Parasite stack could be corrupted by its arguments + Error from exe link restore was ignored + Artificial small limit on the number of shared memory segments + to restore + Bug in ARM VFP restore + VDSO proxy was unmapped at the very end of restore + +------------------------------------------------------------------- +Sun Oct 20 09:41:15 CEST 2013 - tiwai@suse.de + +- updated to version 0.8: + * New features: + RPC service + Ability to work from non-root user (via +s bit) + Handle stopped tasks + Restore tasks' root path + Dump and restore net ns iptables configuration (w/o conntracks) + Support for external net devices in netns (e.g. openvz venet) + Support CORK and NODELAY TCP options + SEQPACKET unix sockets support + * Fixes and improvements + Unload restorer blob after restore + Fixes and enhancements in criu show + Fix in unsorted inotify wd restoring + Fixed trimmed messages in parasite transport + Fine-grained pgrps restore + Fix in large TCP buffers restore + Fixed buffer overflow in IPC ns dumping + Fix in early page server connection close on pre-dump + Fixed race in handling aborted parasite blob + Fixed lost unmapped criu vmas in restore + Fixes in parsing devices in /proc/pid/maps and /proc/locks + Fixed snd/rcv buf sockoptions restore + Enhanced logging in parasite + +------------------------------------------------------------------- +Fri Sep 6 09:08:02 CEST 2013 - tiwai@suse.de + +- updated to version 0.7: + * TUN devices support (requires patched kernel) + * Alternative stack (sigaltstack) C/R + * Shared and master/slave mounts support + * Restore statistics + * Net device address C/R + * Safer and simpler asynchronous parasite + * Fixes in: + - Stack guard page dump/restore + - Page server communications + - COW mappings restore + - Zombies restore + - Aborting failed restore + - TCP connection restore (some require patched kernel) + - Semi-closed Unix sockets with data dump/restore +- Fix build error on FACTORY due to redefinition of PTRACE_LISTEN: + criu-fix-PTRACE_LISTEN-define.diff + +------------------------------------------------------------------- +Mon Jul 8 12:35:16 CEST 2013 - tiwai@suse.de + +- updated to version 0.6: + * Cross-compiling support + * Ready to accept images from OpenVZ RHEL6-based kernel + * Posix CPU timers C/R + * Asynchronous parasite + * Memory changes tracking (requires patched kernel) + * Dump statistics + * Return-arg for remote syscalls execution + * Improved "show" output + * Opened /proc/PID/ns/* files C/R + * Daemon mode for page-server + * Build-time features test (makes it possible to build on + different distros) + +------------------------------------------------------------------- +Wed May 29 09:42:17 CEST 2013 - tiwai@suse.de + +- initial version: 0.5 + diff --git a/criu.spec b/criu.spec new file mode 100644 index 0000000..fead411 --- /dev/null +++ b/criu.spec @@ -0,0 +1,206 @@ +# +# spec file for package criu +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%if 0%{?suse_version} >= 1330 +%define use_asciidoctor 1 +%define make_options USE_ASCIIDOCTOR=1 +%endif + +# currently broken with LTO, resulting in segfaults (bsc#1203854) +%define _lto_cflags %{nil} + +%ifarch x86_64 aarch64 +%define with_amdgpu_plugin 1 +%else +%define with_amdgpu_plugin 0 +%endif + +%define proto_c_ver %(protoc-c --version | head -1 | awk '{print $2}') + +Name: criu +Version: 3.18 +Release: 0 +Summary: Checkpoint/Restore In Userspace Tools +License: GPL-2.0-only +Group: System/Console +URL: https://criu.org/ +Source0: http://github.com/checkpoint-restore/criu/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +Patch1: criu-py-install-fix.diff +Patch2: 0002-Fix-build-with-nftables-installed-in-different-direc.patch +Patch3: criu-amdgpu-plugin-fix.patch +Patch4: plugin-dir-path.patch +Patch5: criu-ns-python3-shebang.patch +BuildRequires: libcap-devel +%if %{with_amdgpu_plugin} +BuildRequires: libdrm-devel +%endif +BuildRequires: libgnutls-devel +BuildRequires: libnet-devel +BuildRequires: libnl3-devel +BuildRequires: pkgconfig +BuildRequires: protobuf-c +BuildRequires: protobuf-devel +BuildRequires: python3-devel +%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150300 +BuildRequires: nftables-devel +%endif +%if 0%{?use_asciidoctor} +BuildRequires: rubygem(asciidoctor) +%else +BuildRequires: asciidoc +BuildRequires: xmlto +%endif +Requires: python3-ipaddr +Requires: python3-protobuf +ExclusiveArch: x86_64 aarch64 ppc64le armv7l armv7hl s390x +%if 0%{?suse_version} > 1320 +BuildRequires: libbsd-devel +%endif + +%description +Checkpoint/Restore In Userspace, or CRIU, is a software tool for Linux +operating system. Using this tool, you can freeze a running application +(or part of it) and checkpoint it to a hard drive as a collection of +files. You can then use the files to restore and run the application from +the point it was frozen at. + +%if %{with_amdgpu_plugin} +%package plugin-amdgpu +Summary: AMDGPU plugin for CRIU +License: GPL-2.0-only +Group: System/Console +Requires: %{name} = %{version} + +%description plugin-amdgpu +This package contains the AMDGPU ROCm support plugin for CRIU. +%endif + +%package -n libcriu2 +Summary: Library for CRIU +License: LGPL-2.1-only +Group: System/Libraries + +%description -n libcriu2 +This package contains the library for CRIU, Checkpoint/Restore In +Userspace Tools. + +%package -n libcompel1 +Summary: Compel library for CRIU +License: LGPL-2.1-only +Group: System/Libraries + +%description -n libcompel1 +This package contains the compel library for CRIU to execute a parasite code. + +%package devel +Summary: Include Files and Libraries mandatory for Development +License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ +Requires: glibc-devel +Requires: libcompel1 = %{version} +Requires: libcriu2 = %{version} + +%description devel +This package contains all necessary include files and libraries needed +to develop applications with CRIU library. + +%prep +%setup -q +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +# default off +echo "BINFMT_MISC_VIRTUALIZED" > .config + +%build +export CFLAGS="%{optflags}" +%ifarch %arm +export CFLAGS="$CFLAGS -Wno-error=deprecated" +%endif +# WERROR=0 is needed for avoiding warning due to doubly _GNU_SOURCE defines +make V=1 %{?_smp_mflags} %{?make_options} WERROR=0 \ + PREFIX=%{_prefix} \ + LIBDIR=%{_libdir} \ + LIBEXECDIR=%{_libexecdir} + +%install +%make_install V=1 %{?make_options} WERROR=0 \ + PREFIX=%{_prefix} \ + LIBDIR=%{_libdir} \ + LIBEXECDIR=%{_libexecdir} +# remove static libs +rm -f %{buildroot}%{_libdir}/lib*.a \ + %{buildroot}%{_libexecdir}/compel/*.a + +# remove stable files +rm -f %{buildroot}%{_includedir}/compel/plugins/std/asm/.gitignore +# for compatiblity +ln -s criu %{buildroot}%{_sbindir}/crtools +ln -s criu.8 %{buildroot}%{_mandir}/man8/crtools.8 + +%if ! %{with_amdgpu_plugin} +rm -f %{buildroot}%{_mandir}/man1/amdgpu_plugin.1 +%endif + +%post -n libcriu2 -p /sbin/ldconfig +%postun -n libcriu2 -p /sbin/ldconfig +%post -n libcompel1 -p /sbin/ldconfig +%postun -n libcompel1 -p /sbin/ldconfig + +%files +%license COPYING +%doc README.md +%{_sbindir}/criu +%{_sbindir}/criu-ns +%{_sbindir}/crtools +%{_bindir}/compel +%{_bindir}/crit +%{_mandir}/man1/compel.1%{?ext_man} +%{_mandir}/man1/crit.1%{?ext_man} +%{_mandir}/man1/criu-ns.1%{?ext_man} +%{_mandir}/man8/criu.8%{?ext_man} +%{_mandir}/man8/crtools.8%{?ext_man} +%{_libexecdir}/criu +%{_libexecdir}/compel +%{python3_sitelib}/crit-*.egg-info +%{python3_sitelib}/pycriu + +%if %{with_amdgpu_plugin} +%files plugin-amdgpu +%doc plugins/amdgpu/README.md +%{_mandir}/man1/amdgpu_plugin.1%{?ext_man} +%dir %{_libdir}/criu +%{_libdir}/criu/amdgpu_plugin.so +%endif + +%files -n libcriu2 +%{_libdir}/libcriu.so.* + +%files -n libcompel1 +%{_libdir}/libcompel.so.* + +%files devel +%{_includedir}/criu +%{_includedir}/compel +%{_libdir}/libcriu.so +%{_libdir}/libcompel.so +%{_libdir}/pkgconfig/*.pc + +%changelog diff --git a/plugin-dir-path.patch b/plugin-dir-path.patch new file mode 100644 index 0000000..f05a473 --- /dev/null +++ b/plugin-dir-path.patch @@ -0,0 +1,43 @@ +--- + Makefile.install | 3 ++- + criu/Makefile | 3 +++ + criu/include/plugin.h | 2 +- + 3 files changed, 6 insertions(+), 2 deletions(-) + +--- a/Makefile.install ++++ b/Makefile.install +@@ -5,9 +5,10 @@ BINDIR ?= $(PREFIX)/bin + SBINDIR ?= $(PREFIX)/sbin + MANDIR ?= $(PREFIX)/share/man + INCLUDEDIR ?= $(PREFIX)/include ++LIBDIR ?= $(PREFIX)/lib + LIBEXECDIR ?= $(PREFIX)/libexec + RUNDIR ?= /run +-PLUGINDIR ?= $(PREFIX)/lib/criu ++PLUGINDIR ?= $(LIBDIR)/criu + + # + # For recent Debian/Ubuntu with multiarch support. +--- a/criu/include/plugin.h ++++ b/criu/include/plugin.h +@@ -6,7 +6,7 @@ + #include "common/list.h" + + #ifndef CR_PLUGIN_DEFAULT +-#define CR_PLUGIN_DEFAULT "/usr/lib/criu/" ++#define CR_PLUGIN_DEFAULT LIBDIR "/criu/" + #endif + + void cr_plugin_fini(int stage, int err); +--- a/criu/Makefile ++++ b/criu/Makefile +@@ -29,6 +29,9 @@ CFLAGS += -iquote $(ARCH_DIR)/include + CFLAGS += -iquote . + CFLAGS += $(shell $(PKG_CONFIG) --cflags libnl-3.0) + CFLAGS += $(CONFIG-DEFINES) ++CFLAGS += -DINCLUDEDIR=\"$(INCLUDEDIR)\" ++CFLAGS += -DLIBEXECDIR=\"$(LIBEXECDIR)\" ++CFLAGS += -DLIBDIR=\"$(LIBDIR)\" + + ifeq ($(GMON),1) + CFLAGS += -pg