This release of CRIU (4.1.1) addresses a critical compatibility issue
introduced in the Linux kernel and back-ported to all stable releases.
The kernel commit (12f147ddd6de "do_change_type(): refuse to operate on
unmounted/not ours mounts") addressed the security issue introduced
almost 20 years ago. Unfortunately, this change inadvertently broke the
restore functionality of mount namespaces within CRIU. Users attempting
to restore a container on updated kernels would encounter the error:
"mnt-v2: Failed to make mount 476 slave: Invalid argument."
This release contains the necessary adjustments to CRIU, allowing it to
work seamlessly with kernels incorporating this security change.
OBS-URL: https://build.opensuse.org/package/show/devel:tools/criu?expand=0&rev=136
- add
0001-net-nftables-avoid-restore-failure-if-the-CRIU-nft-t.patch
(bsc#1241515)
- fix filelist mismatch after libexecdir change
--shell-job restore to fail
* C/R of shared bind-mounts
bind mounts detection
Ability to ignore FPU restoration
* Punch pages from mem images on restore (optimizes live-migration)
* Packed timers into core image
* Post-restore script fails too late (if does it)
* Default log file for service when starting via systemd
* Using subdirs in log file name via RPC breaks security
* Stacked images don't work on non-shared FS (missing pagemap-s)
* Various fixes (and improvements) in build system
external net devices and unknown file types
* Filtering of criu show output
* Coverity checks fail here and there
Generic memory allocation for restorer
VDSO proxy was unmapped at the very end of restore
SEQPACKET unix sockets support
Enhanced logging in parasite
different distros)
OBS-URL: https://build.opensuse.org/request/show/1280078
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/criu?expand=0&rev=67
0001-net-nftables-avoid-restore-failure-if-the-CRIU-nft-t.patch
(bsc#1241515)
- fix filelist mismatch after libexecdir change
--shell-job restore to fail
* C/R of shared bind-mounts
bind mounts detection
Ability to ignore FPU restoration
* Punch pages from mem images on restore (optimizes live-migration)
* Packed timers into core image
* Post-restore script fails too late (if does it)
* Default log file for service when starting via systemd
* Using subdirs in log file name via RPC breaks security
* Stacked images don't work on non-shared FS (missing pagemap-s)
* Various fixes (and improvements) in build system
external net devices and unknown file types
* Filtering of criu show output
* Coverity checks fail here and there
Generic memory allocation for restorer
VDSO proxy was unmapped at the very end of restore
SEQPACKET unix sockets support
Enhanced logging in parasite
different distros)
OBS-URL: https://build.opensuse.org/package/show/devel:tools/criu?expand=0&rev=134
New features:
* RISC-V Support
* PIDFD Support
* arm64: C/R PAC keys
Bugfixes:
* vdso: handle vvar_vclock vma-s
* seize: Take --timeout option into account when freezing processes
* net: use unique lock chain names (nftables)
* Fixes here and there.
Improvements:
* CUDA Enhancements
* Allow setting the default network locking backend
* Enable coredump generation for aarch64 and arm
* vdso: switch from DT_HASH to DT_GNU_HASH
- Drop superfluous patches:
vdso-handle-vvar_vclock-vma-s.patch
0001-cr_options-switch-networking-default-backend-to-nfta.patch
- Enable riscv build
OBS-URL: https://build.opensuse.org/package/show/devel:tools/criu?expand=0&rev=130
New features:
* Shadow stack support
* CUDA plugin: Introduced a plugin to support checkpointing and restoring
NVIDIA CUDA applications.
Bugfixes:
* cgroup: Add support for restoring a thread in a correct v1 cgroup
* mem: fix some VMAs being incorrectly mapped wtih PROT_WRITE
* criu: fix a fatal failure if nft doesn't work
* net: Fix TOCTOU race condition in unix_conf_op
* pagemap-cache: handle short reads
* Fixes here and there.
Improvements:
* Pagemap cache: Added support for PAGEMAP_SCAN ioctl
* zdtm: Added tests for IP_TTL restore
* irmap: hardcode some more interesting paths
* util: use close_range when it's supported
* Fixes and improvements in amdgpu-plugin
- Make criu-plugin-cuda subpackage
OBS-URL: https://build.opensuse.org/package/show/devel:tools/criu?expand=0&rev=121
- Update to criu 3.19:
New features:
* LoongArch64 support
* C/R membarrier() registrations
* Restore THP_DISABLE prctl
* prctl: Migrate prctl(NO_NEW_PRIVS) setting
Bugfixes:
* Many fixes and improvements from the Google team
* Fix dumping hugetlb-based memfd on kernels < 4.16
* Fixes here and there
Improvements:
* drop python 2 support
* support XSAVE on newer Intel CPUs
- Refreshed criu-py-install-fix.diff;
workarounds appled to both crit and lib/pycriu
- Drop obsoleted patch criu-amdgpu-plugin-fix.patch
OBS-URL: https://build.opensuse.org/request/show/1129641
OBS-URL: https://build.opensuse.org/package/show/devel:tools/criu?expand=0&rev=119
- Update to criu 3.18:
New features:
* Allow CRIU to be used as non-root
* Add SIGTSTP support
* Add opt to skip file r/w/x check on restore
Bugfixes:
* Many fixes here and there
Improvements:
* cgroup2: Dump cgroup controllers of every threads in a process
* save IP_FREEBIND option for SOCK_RAW sockets also
* support IP_PKTINFO and IPV6_RECVPKTINFO options
* Implement hw breakpoint for arm64 platform
* Set only used XFEATURE_* in xstate_bv
* Checkpoint and restore some global properties
* A checkpoint optimization for highly sparse ghost files (--ghost-fiemap)
- Refresh criu-py-install-fix.diff:
a workaround for non-working python-pip inside build environment by
reviving the old setup script
- Fix shebang of criu-ns script:
criu-ns-python3-shebang.patch
- Drop obsoleted patches:
criu-fix-conflicting-headers.patch
mount-add-definition-for-FSOPEN_CLOEXEC.patch
OBS-URL: https://build.opensuse.org/request/show/1091121
OBS-URL: https://build.opensuse.org/package/show/devel:tools/criu?expand=0&rev=117
- Update to criu 3.17:
New features:
* Introduced mount-v2 engine
* Added support for MAP_HUGETLB mappings
* Added support for Linux Restartable Sequences
* Added support for SOCK_SEQPACKET unix sockets
* CRIU AMD GPU plugin
Bugfixes:
* GCC 12 compatibility fixes
* cgroup: fix --manage-cgroups=ignore
* several memory leaks fixed in net, files, mount, tun and config
subsystems
* Improvements:
* bpf: switch from deprecated bpf_create_map_xattr to bpf_map_create
* bpfmap: handle map_extra field
* setsockopt(SO_BUF_LOCK) support for tcp sockets
- New criu-plugin-amdgpu sub-package for AMDGPU ROCm plugin, enabled
only for x86_64 and aarch64.
- Build fixes for plugins:
criu-amdgpu-plugin-fix.patch
- Change the plugin install path to $libdir/criu:
plugin-dir-path.patch
OBS-URL: https://build.opensuse.org/request/show/977879
OBS-URL: https://build.opensuse.org/package/show/devel:tools/criu?expand=0&rev=109
- Update to criu 3.16.1:
see details at https://criu.org/Download/criu/3.16.1
Bugfixes:
* Switch criu-ns helper script from unversioned 'python' to
'python3' for easier distribution packaging
Improvements:
* Add '--join-ns' interface to libcriu to allow joining namespaces
via libcriu like CLI and RPC already allow
- Change Source URL to github
- Update to criu 3.16:
see details at https://criu.org/Download/criu/3.16
New features:
* criu-ns helper script
* support checkpoint/restore of stacked apparmor profiles
* add nftables based network locking/unlocking
* allow restoring of precreated veth devices
Improvements:
* better support for restoring containers into existing pods
* pidfd based pid reuse detection for RPC clients
* license change for all files in the images/ directory to MIT
* use clang-format for automatic code indentation
- Drop 0002-Fix-build-with-nftables-installed-in-different-direc.patch
as obsoleted
OBS-URL: https://build.opensuse.org/request/show/925414
OBS-URL: https://build.opensuse.org/package/show/devel:tools/criu?expand=0&rev=105
- Update to criu 3.15:
see details at https://criu.org/Download/criu/3.15
New features:
* Introduced criu-image-streamer
* Added MIPS support
* Allow checkpointing out of existing PID namespace and restoring
into existing PID namespace
* Added additional file validation mechanisms
* Added support to checkpoint and restore BPF hash maps
(BPF_MAP_TYPE_HASH) and array maps (BPF_MAP_TYPE_ARRAY)
* Initial cgroups v2 support
- Fix build with nftables package:
0002-Fix-build-with-nftables-installed-in-different-direc.patch
OBS-URL: https://build.opensuse.org/request/show/852394
OBS-URL: https://build.opensuse.org/package/show/devel:tools/criu?expand=0&rev=101
- Update to criu 3.14:
New features:
* C/R of memfd memory mappings and file descriptors
* Add time namespace support
* Add the read pre-dump mode which uses process_vm_readv
* Add --cgroup-yard option
* Add support of the cgroup v2 freezer
* Add support of opened O_PATH fds
Bugfixes:
* Fix C/R ia32 processes on AMD #398
* Fix cross-compilation
* Many fixes here and there
Improvements:
* Use clone3() with set_tid to restore processes
* Clean up compel headers
* Use the new mount API
- Add libgnutls-devel to buildreq
OBS-URL: https://build.opensuse.org/request/show/807784
OBS-URL: https://build.opensuse.org/package/show/devel:tools/criu?expand=0&rev=97
- Update to criu 3.13:
New features:
* VDSO: arm32 support
* Add TLS support for page server communications
* "Ignore" mode for --manage-cgroups
* Restore SO_BROADCAST option for inet sockets
Bugfixes:
* Auxiliary events were left in inotify queues
* Lazy-pages daemon didn't detect stack pages and surrounders
properly and marked them as "lazy"
* Memory and resource leakage were detected by coverity, cppcheck
and clang
Improvements:
* Use gettimeofday() directly from vdso for restore timings
* Reformat all .py code into pep8 style
OBS-URL: https://build.opensuse.org/request/show/749339
OBS-URL: https://build.opensuse.org/package/show/devel:tools/criu?expand=0&rev=93
