1. XenForo 1.5.14 中文版——支持中文搜索!现已发布!查看详情
  2. Xenforo 爱好者讨论群:215909318 XenForo专区
XenForo 1.5.14 中文版 Xenforo 爱好者

新闻 CRIU 2.0 发布 功能得以完善 下载

本帖由 漂亮的石头2016-03-10 发布。版面名称:软件资讯

  1. 漂亮的石头

    漂亮的石头 版主 管理成员

    注册:
    2012-02-10
    帖子:
    487,458
    赞:
    47
    CRIU 2.0发布,我们重组了criu-2的所有代码,新功能得以完善,漏洞得到修复。

    更新日志:


    • New code layout for sub-projects (e.g. Compel)


    • Unprivileged dump


    • Dump/check cpuinfo support for PPC


    • Explorers for CRIT


    • Added "post-setup-namespaces" to action scripts


    • Added timeout for dump procedure (5 sec by default)


    • Ability to override LSM profile on restore with CLI/RPC option


    • External bind mounts can be fs-root mounts too


    • Skip netns' internals on dump and restore (for Docker integration)


    • Advanced support for external files


    • C/R for


      • Mode and uid/gid of cgroup files and dirs


      • Freeze cgroup state (frozen/thawed)


      • Task's loginuid and oom score


      • Per-thread credentials


      • Filter mode of seccomp


      • Ghost file in removed directory


      • Ghost files lutimes


      • Binfmt-misc FS contents


      • Netfilter conntracks and expectations


      • Multi-headed cgroups


      • CGroup namespaces (no nesting)

    优化/提高:


    • Align parasite stack on 16 bits for correctness


    • Compilation with native libc syscall wrappers and helpers


    • Parasite code injection done via memfd system call


    • Make vaddr to pfn conversion with one less syscall


    • CRIT shows device numbers in "maj:min" manner


    • CRIT shows mmap's status in verbose


    • Docker files for builds on all supported arches

    修复:


    • Absent readlink syscall on ARM (use readlinkat instead) could cause dump to fail


    • Wrong argument to timer_create system call could cause restore to crash


    • Extra tasks in freeze cgroup caused dump to fail/hand/crash


    • Unaligned restore-time object allocations caused lock operations to fail


    • Opened /proc/pid dir of dead task failed the dump


    • Unaligned stacks caused criu to fail on aarch64


    • Changed device numbers on restore side could cause random failures


    • Fixes in mount points sharing/slavery/propagation restore


    • Race between mntns creation and fds closing in different tasks could cause restore to fail


    • Hard kernel limit on TCP repair recv queue restore could cause big queue restore to fail


    • Unconnected dgram UNIX socket with data lost packets on restore


    • CRIT didn't show IPC objects


    • CRIT didn't convert IP addresses in images


    • Logs from PIE code contained corrupted addresses and sizes


    • Not loaded netfilter modules could cause dump/restore to stuck on dumping netlink socket


    • Shared external mounts were restored with error

    安全:


    • User-mode


    • When checking for namespaces' CRIU entered userns with host creds

    弃用/移除:


    • Completely removed 'show' action. Use CRIT instead.
    CRIU 2.0 发布 功能得以完善下载地址
     
    漂亮的石头, 2016-03-10
    #1
正在加载...