libcriu2-3.16.1-bp154.1.33 >  A bx!M@eeeuE͟׊X|\:z c5|9f*)̆Hƹh&ki"u/nX0:QPvŴTev.*io!W0ktX` 7Z9 öBn-k T6`{m8gcrq:DKia__tx90w^B%ZļPw "u'`^zw<\ad̔`:MA)w/{;7`¾Heq@jNbxhp;ЖrBzV|'Zz9p@?d   .     $ , n   ; (^8h/9$/:(/>@FG0H8I@XDYP\x]^bcQdefluvwlxty|zClibcriu23.16.1bp154.1.33Library for CRIUThis package contains the library for CRIU, Checkpoint/Restore In Userspace Tools.bxsheep85;SUSE Linux Enterprise 15 SP4openSUSELGPL-2.1-onlyhttps://bugs.opensuse.orgSystem/Librarieshttps://criu.org/linuxx86_64;bxbx67bf385129a3d529e33a02e3b126000a4800533ed2c1161d7ce0d6ce72562401libcriu.so.2.0rootrootrootrootcriu-3.16.1-bp154.1.33.src.rpmlibcriu.so.2()(64bit)libcriu2libcriu2(x86-64)@@@@@    /sbin/ldconfig/sbin/ldconfiglibc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libprotobuf-c.so.1()(64bit)libprotobuf-c.so.1(LIBPROTOBUF_C_1.0.0)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.3aLaim@aex`8@_0@_k8^^@]҇]o@\![[ @ZZZ@Z>E@Z7YYYoIYV=@YI@XXDXXf@X@XN@X)@XWڍ@W:WWaC@W;W @V@Vf@VMU@Uc@UlI@U?v@U#U@T|X@tiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.deDirk Mueller tiwai@suse.deGuillaume GARDET tiwai@suse.deantoine.belvire@opensuse.orgtiwai@suse.detiwai@suse.deavindra@opensuse.orgtiwai@suse.detiwai@suse.deavindra@opensuse.orgavindra@opensuse.orgaavindraa@gmail.comaavindraa@gmail.comtiwai@suse.debwiedemann@suse.comtiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.decbosdonnat@suse.comtiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.de- Enable nftables for SLE15-SP3 / openSUSE Leap 15.3, too (bsc#1193486)- Update to criu 3.16.1: see details at https://criu.org/Download/criu/3.16.1 Bugfixes: * Switch criu-ns helper script from unversioned 'python' to 'python3' for easier distribution packaging Improvements: * Add '--join-ns' interface to libcriu to allow joining namespaces via libcriu like CLI and RPC already allow - Change Source URL to github- Update to criu 3.16: see details at https://criu.org/Download/criu/3.16 New features: * criu-ns helper script * support checkpoint/restore of stacked apparmor profiles * add nftables based network locking/unlocking * allow restoring of precreated veth devices Improvements: * better support for restoring containers into existing pods * pidfd based pid reuse detection for RPC clients * license change for all files in the images/ directory to MIT * use clang-format for automatic code indentation - Drop criu-protobuf-c-1.4-underscore-fix.patch as obsoleted- Fix the build with protobuf-c 1.4: criu-protobuf-c-1.4-underscore-fix.patch- Update to criu 3.15: see details at https://criu.org/Download/criu/3.15 New features: * Introduced criu-image-streamer * Added MIPS support * Allow checkpointing out of existing PID namespace and restoring into existing PID namespace * Added additional file validation mechanisms * Added support to checkpoint and restore BPF hash maps (BPF_MAP_TYPE_HASH) and array maps (BPF_MAP_TYPE_ARRAY) * Initial cgroups v2 support - Fix build with nftables package: 0002-Fix-build-with-nftables-installed-in-different-direc.patch- fix filelist mismatch after libexecdir change- Update to criu 3.14: New features: * C/R of memfd memory mappings and file descriptors * Add time namespace support * Add the read pre-dump mode which uses process_vm_readv * Add --cgroup-yard option * Add support of the cgroup v2 freezer * Add support of opened O_PATH fds Bugfixes: * Fix C/R ia32 processes on AMD #398 * Fix cross-compilation * Many fixes here and there Improvements: * Use clone3() with set_tid to restore processes * Clean up compel headers * Use the new mount API - Add libgnutls-devel to buildreq- Disable LTO on aarch64 and armv7 - Add '-Wno-error=deprecated' to fix build on armv7 - Exclude armv6 since criu/arch/arm/bitops.S uses 'dmb ish' which is armv7+- Update to criu 3.13: New features: * VDSO: arm32 support * Add TLS support for page server communications * "Ignore" mode for --manage-cgroups * Restore SO_BROADCAST option for inet sockets Bugfixes: * Auxiliary events were left in inotify queues * Lazy-pages daemon didn't detect stack pages and surrounders properly and marked them as "lazy" * Memory and resource leakage were detected by coverity, cppcheck and clang Improvements: * Use gettimeofday() directly from vdso for restore timings * Reformat all .py code into pep8 style- Fix build on Tumbleweed: Add -ffat-lto-objects to lto cflags.- Update to criu 3.12: New features: * build CRIU with Android NDK * C/R of IP RAW sockets * lsm: dump and restore any SELinux process label * support restoring ghost files on readonly mounts Bugfixes: * Do not lock network if running in the host network namespace * Fix RPC configuration file handling * util: don't leak file descriprots to third-party tools * small fixes here and there Improvements: * travis: switch to the Ubuntu Xenial * travis-ci: Enable ia32 tests * Many improvements and bug fixes in the libcriu * Changes in the API and ABI (SONAME increased from 1 to 2) - Updated to libcriu2 subpackage to follow SONAME 2 - Dropped obsoleted patch: criu-asciidoctor.patch- Update to criu 3.10: New features: * Support Python3 in ZDTM and CRIT * Keep names for UNIX sockets, that are unlinked from the FS * IPVv6 support for page server * Set page server socket fd via CLI * Large pages support for aarch64/ppc64 * C/R of Per-thread seccomp chains Bugfixes: * Failed non-container restore could kill random task on the host * Failure to dump namespaces was erroneously ignored * CRIT didn't show cpuinfo image file * Tasks that got PID-reuse couldn't be dumped iteratively because previous images were missing - Update to criu 3.11: New features: * cpuinfo: Detect compact frames and handle noxsaves * Add support for configuration files * Add support for external net namespaces * Punch holes in input files when restoring anonymous non-shared memory ( --auto-dedup ) * C/R of + epoll: Add support for duped targets + tun: Add support for multiple net ns + x86: Support extendable fpu frames Bugfixes: * mount: Better handling of mount points propagation * nmk: Make collect-deps to be more precise about targets * lazy-pages: Don't mark current stack page as lazy * x86: CPU -- Rework feature testing * files: Fix O(n^2) restore in terms of the number of fds * fdstore: Unlimit fdstore queue on start * mount: Fix regression where open_mountpoint failed on readonly fs * page server: Handle partial splicing * ... lots of small fixes here and there Improvements: * Remove all magic of service descriptors when it isn't required - Switch to python3 - Use asciidoctor instead of asciidoc for formatting manuals: criu-asciidoctor.patch- update to criu 3.9: New features - C/R of + Tun-Tap devices in sub-netns + File descriptors which were opened with O_TMPFILE Improvements - Restore of inotify watchers - Restore unix sockets in proper mount namespaces - Print CRIU and kernel version also in RPC mode Bugfixes - Random memory corruptions during lazy restore - Workaround the iptables issue - Don't use standard descriptors when tar is running to dump tmpfs mounts - Fail dump if dump_one_file() fails - Fill kerndat with zero-s before reading it from cache - cleanup with spec-cleaner- update to criu 3.8.1: a bug-fix release FDstore was initialized twice (re-initialized) causing e.g. - -shell-job restore to fail- Add python-devel to BuildReq explicitly, as a preparation for fallback to asciidoctor (bsc#1075764)- update to criu 3.8: New features * C/R of - Multiple network namespaces - Overmounted tmpfs mounts - Unix sockets and epoll descriptors in SCM messages Improvements * Rework service descriptors not to cause fdtable enormous grows Bugfixes * FP state wasn't reported on Skylake due to a kernel bug * gcc 8 warning fixes * Resource leaked on error paths * Attributes of sit devices with value 0 were not saved into images (and were restored into default values) * Tasks with pgid of a zombie hung the resture * Ghost files on RO bind-mounts of an RW mount couldn't be restored * Random memory corruptions during lazy restore - cleanup with spec-cleaner - switch to https urls - list binaries and man pages explicitly - remove rest of static libs to fix rpm lint errors- update to criu 3.7: New features * Pipes usage statistics * Run page server as non-daemon via RPC * C/R of - SO_REUSEPORT option - IPv4-mapped inet sockets - Net_prio CGroups - Overmounted shared mountpoints - Non-broken and breaking leases Improvements * Show criu and kernel versions in logs * CRIT decodes socket families, protocols and types * Much less pipes is needed for pre-dump, which is especially useful for big mem migration Bugfixes * Files in /proc/pid/map_file could be opened by non-exiting name (with 0x prefix) and it was fixed in kernel * CRIU log levels were used to configure logging for libsoccr thus breaking its logs * Overflow in various IDs caused bad image names * Compat (32bit) syscalls lost signedness in compel * Corked sockets lost cork flag * Preadv() syscall was declared with error which resulted in dump errors on 32-bit processors * Musl compilation failed * Ghost files in / dump failed * Crash when releasing context for ghost files, due to free()-ing shmalloc()-ed area * Lazy restore could receive partial page and crashed * Erroneous closing of lazy pages connection caused restore to hang * Lazy memory fetch restore could start before tasks are restored - Remove 0001-images.py-remove-shebang.patch * upstreamed in 8e45ce4905d186abafb7c20abb3b00207fefdb53- add 0001-images.py-remove-shebang.patch * fixes a lint warning about a non-executable python file being executable due to a superfluous shebang * upstream: https://lists.openvz.org/pipermail/criu/2017-November/039907.html - run spec-cleaner- update to criu 3.6: New features * C/R for files (except for unix sockets, ttys and epolls) sent over unix sockets * C/R for threads with different creds * Ipv6 over ipv4 tunnel (SIT device) Bugfixes * Some s390x registers were not restored by native sigrestore way * Overflow when parsing autofs info from /proc file * Dumps of anon shared memory with sysvipc one raced with each other clashing and corrupting image file names * The "dumpable" flag was not restore on shmem regions * Trash bits leaked into image when dumping fsnotify on some kernels * Lock/unlock of iptables from different criu processes raced with each other * Closed TCP connection with non-empty send queue blocked the dump * When --empty-ns for netns was set on dump only, the restore failed (Docker case) - includes changes from 3.5: see https://criu.org/Download/criu/3.5 for details- update to criu 3.4: New features: * Support for s390x architecture Improvements: * Unexpected death of restored tasks is reported with more details in logs * Merged many images containing info about files into one big files.img * When helper utility fails (ip, iptables, tar) its name is printed in logs Bugfixes: * Compilation failed on newer glibcs (ucontext_t) * Dying helper task could deadlock the restore process * Install-related makefile variables weren't configurable for distro build * SIT (ipv6-to-v4 tunnel) presence on host blocked dump of any containers * Potential NULL dereference when dumping net namespace * Dump via page server might not work across different criu versions * Failure to restore a subtask could be ignored by the restore command * EOF on page-server socket wasn't handled - Dropped obsoleted patch: criu-correct-ppc64-AT_VECTOR_SIZE_ARCH.patch - Add s390x to exclusivearch- update to criu 3.3 * Add --tcp-close option to help migration of Docker containers * Allow to override build time to fix build-compare (boo#1047218)- update to criu 3.2.1: bug fix release, * Restoring a stack fails on recent kernels due to kernel changes * Restoring on a host with LSM profiles failed- update to criu 3.1: New features: * Each boolean option now has the --no-$option pair * RSS explorer in CRIT * Multiple plugins in compel * Run-time check of 32-mmap BUG on x86 * C/R of 32-bit futex robust list on x86 Optimizations/improvements: * Start time is improved significantly with kerndat cache * Sigaction image is merged into Core * Unneeded stages are skipped during restore * Restore w/o namespaces uses host /proc * Restore w/o namespaces doesn't parse host mounts (not needed) * Single-threaded tasks do not parse /proc/pid/task/ in vain * BFD engine is used for more /proc files * More verbosity in libsoccr * Fsnotify dump w/o namespaces doesn't walk mounts tree Bugfixes: * Python bindings left zombie in self-dump mode * The last_pid sys-control was reset by restore * Threads caps were compared with mistake * make install put crit/pycriu to wrong place if DESTDIR was not set * Fsnotifies C/R w/o namespaces restored with errors * Inherited control terminal restore was failed (but dump succeeded) - update to criu 3.2: Optimizations/improvements: * Invisible files restore is de-serialized * VMAs restore performance is improved significantly - Mappings of the same file re-use the descriptor, not re-open it every time - Not-COW-ed mappings are restored in-place and are not mremmap()ed - Empty RO mappings are mmap()ed as such and thus not re-mprotect()ed at the end * More verbosity in case TCP locking fails (#292) * More verbosity in case VDSO magic mismatch * Restore or legacy epoll target descriptors and fsnotify marks is unified with common case Bugfixes: * Restoring fanotify marks from old images (<1.3) dropped the mark * Binfmt_misc mount could be mounted into wrong place * Compilation failed with gcc 6.3.0 (#315) * Waiting helpers could race with sigchild handler and would result in restore failure * Missing VVAR page in 32bit tasks wasn't skipped and resulted in restore failure * After restore consumption of files is increased (was fixed as side effect of mmap optimization) Deprecation/Removal: * Deprecated separate images for fsnotify marks - Fix the installation of python stuff: criu-py-install-fix.diff - Fix the build for ppc64: criu-correct-ppc64-AT_VECTOR_SIZE_ARCH.patch- update to criu 3.0: New features: * Compel library * Support for x86 32-bit arch * Version check via RPC * ASAN support * Force VDSO trampolines via fault injection * C/R of shutdown-ed UDP sockets * C/R of bind-mounts made from external mounts Optimizations/improvements: * SysVIPC shmem segments are now dumped as any other shmem (taking holes into account and sitting in common memory dumps) * CRIT show decodes socket's states and types and task's states into strings * CRIT show prints unix sockets names in more human-readable form Bugfixes: * Unix sockets' names appeared in logs with mistakes * Contents of SysVIPC shmem segments was dumped twice * Dumping of any memory segment more than 4Gigs failed * Migration of unaligned SysvSHM segment on Armv7 failed Deprecation/removal: * Exec action is removed, use compel instead - Create libcompel1 sub-package- update to criu 2.12.1: Fixes: * Content for external bind mounts was erroneously dumped, which could lead to dump failures or huuuge images * Unneeded collection of host mounts on restore could cause restore to fail- update to criu 2.12: New features: * C/R of external TTYs (for Docker C/R) Optimizations/improvements: * Sanitized the way the -v works Fixes: * Checking features via RPC crashed * Resting pipes in user-namespaces could fail on modern kernels * Shutdown state for UNIX sockets could be lost on restore * Dump of huge (over 2Gb) SysV shmem segments didn't work- Update to criu 2.11: New features: * Added "pre-resume" to action scripts * New --status-fd option for better control of page server * C/R OFD file locks, RO root mount for mount namespaces Optimizations/improvements: * More strict checks for extra CLI options * Report errors when probing locks * Restorer logs now contain timestamps Fixes: * Regression: v2.10 was broken on ARM * Use-after-free when restoring ghost directory * Array out-of-bound access when restoring VETH device * Page server exit code could be screwed up * Clang over-optimized string.h routines resulting in random crashes * Parasite failed to send FDs via socket on Alpine Linux * Restore of huge file tables could get stuck * Restore of epoll in epoll could fail * Errno value could be lost when reporting failure to restore invisible files * Dump of sched params didn't work on Alpine * Restore of huge memory dumps (over 2G) failed * Installation guessed /lib vs /lib64 with errors * Migration between xsave and noxsave didn't work for wrong cpu feature being checked - Update to criu 2.11.1: Fixes: * Page server start via RPC was broken * Fedora build didn't work * Ppc64LE restorer switch crashed- Update to criu 2.10: New features: * C/R of SOCK_PACKET sockets * Libsoccr -- library for C/R of TCP sockets Optimizations/improvements: * Logs cleaned up (removed bunch of useless, fixed '\n' in perrors) * Action scripts errors are printed in logs * Removed several iovec-s copying over the pagemap code * Restore degraded linearly on Xen guests. Breakpoints disabled until solution Fixes: * Py bindings fault on restore error delivery * Fd leaked on file restore error path * Fd leaked when restoring invisible files (gets closed with criu exit though) * Link remap restore could fail on kernels 4.8 and higher * Impossible to restore after restore error with link remap file in images * When going daemon a descriptor could be leaked * Custom setting of mmap_min_addr could make restore to fail * Sending pages over UNIX socket could race and fail with EAGAIN * Error getting ID of /proc/pid/ns/foo link not propagated and could result in bogus NS ID generated - Add libnet-devel to buildreq for dependency- Update to criu 2.9: New features: * CRIU can now be built with clang on all supported architectures * Ignore missing sysctls on restore with --weak-sysctl C/R overmounted mountpoints Optimizations/improvements: * Batch restore of memory contents from pages.img files * Link-remap type for invisible files is explicit in images Man page for CRIT Fixes: * C/R with --empty-ns still handled iptables configuration * SCM messages inside UNIX socket got lost after C/R (now dump aborted) * Empty unixsk.img file appeared when dumping tasks without unix sockets * Install procedure wasn't PEP-394 compliant * CRIU blocking netfilter rules were added at the tail of the chain resulting in unlocked TCP connections * Dump/Restore spurious failures when open() returned 0 descriptor * When dumping shmem lots of zero pages were written into image files * Ghost directory with more than zero ghost parents caused restore to fail * Shared mount could escape to different group on restore- Update to criu 2.8: New features: * Ability to configure CRIU build * Show statistics on the screen with --display-stats * C/R of Mac-Vlan devices Optimizations/improvements: * x86 can now be built with clang * When dumping files useless garbage was sent with descriptors from parasite * The clear_tid_address and regs are printed in hex with CRIT * Big code rework for compel (part 1) * Removed duplicate error messages from opening /proc files Fixes: * Restoring cgroup NS could use old path prefix * criu check crashed on btrfs mounts * RO external mounts in userns couldn't be restored * Unmounted on host binfmt_misc could cause dump to fail * Off-by-one could cause criu crash when dumping shared / bind-mount * Mount namespace' roots could have flags changed on restore * Dying tasks could erroneously be tried to dump * Swapped shared memory pages were not dumped * Errno value can be sometimes spoiled by RPC * Restore of netns with newer iproute2 tool could fail Deprecated: * --ext-unix-sk, --veth-pair and --ext-mount-map, by --external - Set BINFMT_MISC_VIRTUALIZED config to build- Update to criu 2.7: New features: * Option --cgroup-root now makes sense on dump too * CLOCK_BOOTTIME timer supported Optimizations/improvements: * Output of iptables command leaked into logs for no use * Helper dev environment installation script for Debian * Man-page updated and prettified :) Fixes: * Unmounted binfmt_misc with rules wasn't dumped at all * Malloc() error could result in crash * Device cgroup restore could fail restoring empty record * Some entries in device cgroups were restored twice * Potential crash when dumping cgroup bindmounts * Sign error caused dump to fail on btrfs partitions * Shared mounts with the same mount path failed the dump * Threads were restored with unshared FS (cwd and root) * Shared memory changes tracking disabled (regression found) * Restore of autofs can hang * LSM profile propagation could be lost * Mountpoint with lots of options blocked the dump (too small buffer for parsing) * External slave mount (with external master) blocked the dump * Mounts with STRICTATIME restored with others flags dropped Deprecated: * No reg-file entry for TTYs- Update to criu 2.6: New features: * Ability to leave process stopped after restore * Memory changes tracking for anonymous shared memory * Deprecation option/environment * First error message is reported back via RPC * C/R of More IPCNS sysctls, xIDs of PTYs, TMEM on PPC64LE Optimizations/improvements: * Use service FD for transport sockets on restore * Ability to turn pagemap-cache off (some kernels are buggy) * The criu --help text has become better Fixes: * R/O-mounted root could block the dump * Restore of cgroup.mm.oom_control could fail * Cgroup fs bind mounts were detected with error * Unaligned futex-es in parasite could cause dump to crash * When compiled with gcc-4.9 parasite code crashed * Failure to freeze cgroup didn't result in aborting of dump * Wrong ns list was parsed when dumping userns (invisible since nesting works only for mntns) * Non-inheritable non-tty as stdin caused shell-job restore to erroneously fail Error path in criu dedup could crash Deprecated: * Per-pid rlimit, itimers and posix-timers * Separate image for epoll tfds (target file descriptors)- Update to criu 2.5: New features: * C/R of fs.mqueue.msg*_default sysctls, Unix sockets with overwritten paths, and Link-remap files in removed directories Optimizations/improvements: * Micro-optimization on namespace ID evaluation * Restoring shared files uses one socket instead of per-fd ones * More verbosity when refusing to dump a file descriptor Fixes: * Restore could fail on openat() with ENXIO when multiple mnt namespaces get restored * The criu exec action got broken * Link-remap and ghost files remained on FS after restore failure * TCP window could remain clamped after restore resulting in connection lockup/slowdown * Dump could stuck when injecting a parasite * The --timeout option wasn't taken into account when freezing tasks using freezecg * Race in freezeing/seizing could result in lost tasks * Memory leaks here and there on error paths * Double free in xvstrcat (crash) * VDSO length was mis-calculated * Symlink on --root path could make restore erroneously fail * Potential memory corruption on reading mntns images * When restoring on systems with low pid_max limit restore could fail * RO-protected SysV shmem segments could be restored with PROT_EXEC * File mode of mapped file was evaluated with errors * Restore of cgroups' mem.swappines and ..use_hierarchy blocked sub-groups creation * Impossible to restore cgoup mem.swappines default value * Zombies living in orphan sessions/groups failed the restore- Update to criu 2.4: New features: * Generate core from images * Ability to forcibly drop half-open TCP connections on C/R * Ability to specify cgroup ctls to dump via API Opened/mapped files' mode is compared between dump and restore times * AutoFS mountpoints * New cgroups (perf_event, net_cls, net_prio and pids) * Memcgroup optional properties * Devices cgroup Optimizations/improvements: * Pagemap image entries are cached in memory Fixes: * Configured kmem cgroup limit restore failed * Mem cgroup oom_control * Cgroup's pids.max was not C/R-ed * Failure to write cgroup property was ignored * No init PID in pre-dump action script * Sigactions inheritance didn't work on ARM * Opened "/proc" dir blocked the dump * Working with iptables was racy * Sibling mounts detection error on dump * Devconf accept_redirects devconf could be restored with errors * "All" devconfs could be overridden by "Default" * Name-less unix sockets got auto-bound * Mode was lost for PTY device file on restore * Newer protobuf compilers didn't recognize PB files * External mounts could be remounted with MS_PRIVATE * Build fail on Alpine Linux Deprecated/removed: * Per-pid file locks images * Per-pid fdinfo images * Ancient pagemap/pages images - Enable builds on 32bit ARM- Update to criu 2.3: New features * Ability not to show payload for some objects in CRIT * Pidfile is written at the end of restore * Ability to join existing namespaces on restore * C/R of Data sitting in TTYs, Partially write-protected SysVIPC segments, Debugfs and tracefs mounts, Overmounted tmpfs, IPv6 devconf sysctls, External block devices, Unix sockets with mismatched shutdown state Optimizations/improvements: * Relaxed calculation of AIO ring size * Tree-based search of tasks by real pid * Less mem-to-mem copies on restore * Saner devconf image format * More verbose explanation of why task cannot be seized * PID is printed in PIE logs Fixes: * Too many mmap-ed files blocked the dump * Potential memory corruption when working with IPv6 sockets * Overmounted bind mounts could cause restore to fail * Overmounted bind mounts could result in badly restored mount tree * Incomplete restoration of RO bind mounts options Deprecated/removed: * Greedy mode of pagemap (non-root) caused dump to fail (disabled)- Update to criu 2.2: mostly bugfixes New features: * "Post-resume" added to action scripts * Root task's PID in environment for action scripts * Devconfs drop_gratuitous_arp and drop_unicast_in_l2_multicast * Serial ttys Optimizations/improvements * Lighter link-remaps restore on newer kernels Fixes: * Race when restoring userns vs setting ns' maps * Tasks with zero fds failed the dump * Restore of TCP recv queue could fail due to kernel mem alloc constraints * No errors were written to logs when launching helper (tar/iptables) app in userns restore * User-mode dumped no memory pages sometimes * Bind mounts considered not as bind sometimes * Two mounts in the same directory blocked the dump * Off-by in on /dev/tty{1,63} dumping * Forking of cgroupns task was done with screwed clone flags Deprecated/removed: * Greedy mode of pagemap dumping (on some kernels we do not support user-mode) * Removed the --namespaces option- Update to criu 2.1: New features: * Checking now classifies features to important/extra/experimental * Ability to bring some disk files into images. * C/R of Completed AIO requests and fallback gre and gretap net devices Optimizations/improvements: * Code coverage collecting now works * Use native rtnl library for netlink messages processing * Using --output - now results in stdout as log, not a file with the name "-" * Signals are printed by names in logs Fixes: * Make tar generated tarbal with bad name * CG restore code lacked rollback in some places * Error code from raw syscalls was treated with errors resulting in wrong criu check reports * Dumping task with HUGE amount of file descriptors failed * Task could be stopped after pre-dump if respective option was used * A /proc/pid directory from dead process conflicting with a new alive one could cause dump to fail * Zombie from alien session/process group caused restore to fail * CGroup fs was wrongly mounted in CGNS on restore * Irmap scan was mis-checking devices numbers * Use-after-free in irmap scan * Btrfs bindmounts detection was mistaken due to 'subvol=' options met * Propagation of mountpoint's shared groups was lost for propagated mounts * Unaligned allocations of restore shared memory could result in codedumps when used by futexes * Temporary mountpoints could result in spurious propagations * When aborting the dump criu could crash on use-after-free objects * Locking the network could stuck doing the DNS resolve * Several build fixes Deprecated/removed * The images from criu prior to 0.4 are deprecated * The --namespaces option makes no sense and is also deprecated * The --ms option for check action is deprecated- Update to criu 2.0: New features: * New code layout for sub-projects (e.g. Compel) * Unprivileged dump * Dump/check cpuinfo support for PPC * Explorers for CRIT * Added "post-setup-namespaces" to action scripts * Added timeout for dump procedure (5 sec by default) * Ability to override LSM profile on restore with CLI/RPC option * External bind mounts can be fs-root mounts too * Skip netns' internals on dump and restore (for Docker integration) * Advanced support for external files * More C/R supports Optimizations/improvements: * Align parasite stack on 16 bits for correctness * Compilation with native libc syscall wrappers and helpers * Parasite code injection done via memfd system call * Make vaddr to pfn conversion with one less syscall * CRIT shows device numbers in "maj:min" manner * CRIT shows mmap's status in verbose * Docker files for builds on all supported arches Fixes: * Absent readlink syscall on ARM (use readlinkat instead) could cause dump to fail * Wrong argument to timer_create system call could cause restore to crash * Extra tasks in freeze cgroup caused dump to fail/hand/crash * Unaligned restore-time object allocations caused lock operations to fail * Opened /proc/pid dir of dead task failed the dump * Unaligned stacks caused criu to fail on aarch64 * Changed device numbers on restore side could cause random failures * Fixes in mount points sharing/slavery/propagation restore * Race between mntns creation and fds closing in different tasks could cause restore to fail * Hard kernel limit on TCP repair recv queue restore could cause big queue restore to fail * Unconnected dgram UNIX socket with data lost packets on restore * CRIT didn't show IPC objects * CRIT didn't convert IP addresses in images * Logs from PIE code contained corrupted addresses and sizes * Not loaded netfilter modules could cause dump/restore to stuck on dumping netlink socket * Shared external mounts were restored with error Security: * When checking for namespaces' CRIU entered userns with host creds * Deprecated/removed: * Completely removed 'show' action. Use CRIT instead.- Update to criu 1.8: * Ability to check CRIU features via RPC * Pre-dump and pre-restore action scripts * The "info" action in CRIT showing stats about image file * Python API * C/R of read-only bind mounts, IPv6 routes and iptables rules, ip rules (it ip tool supports such), ignore_routes_with_linkdown netns devconf, empty bridges in netns, FILTER mode of seccomp, and IP_FREEBIND socket option * Lots of fixes, two security fixes Service run as root could allow users to violate ptrace policies Service run as root could give users access to privileged files and directories - Remove superfluous dependencies - Clean up spec file, as systemd and logrotate supports have been officially dropped- update to criu 1.7.1: Fixes in mounts, notifies and userns found while testing openvz - update to criu 1.7.2: Fixes for IPC in userns, venet C/R, socket buffers overflow and unix sockets name off-by-one - Add the package dependency on python-protobuf- Disable systemd service as a temporary workaround for possibile security issues (CVE-2015-5228, CVE-2015-5231, bsc#943105) - Update to criu 1.7: * Improved cgroups management * Support for seccomp strict mode * Support for stream unix sockets inheritance * Support uid/gid-restricted mounts in userns * Support deleted bind-mounts * Ability to specify maximum ghost file size * OverlayFS support * Support relative unix sockets' bind paths * Altivec and PSX support for PPC * Small PIE loader * Temporary proc mountpoint is mounted with nosuid, noexec and nodev * Less memory copies when preparing restorer binary * CRIT action "show" for less keystrokes on common use-case * Fsnotify log messages now use hex everywhere :) * CRIT output doesn't mix fields any more * Many fixes - Drop obsoleted patches: crit-install-prefix.diff lsm-prototype-fix.diff 4c5b23e5-criu.pc.diff- Fix version in criu.pc file. 4c5b23e5-criu.pc.diff- update to version 1.6: * PowerPC 64bit LE support * Makefile.local for 3-rd party build rules * Ability to "enable" filesystem on dump (--enable-fs) * Ability to skip mountpoint on dump (--skip-mnt) * Prepare to deprecate "criu show" command * External mounts auto-detection * /dev/tty (current terminal) support * Netdev and netns (all/default) confs C/R * Images v1.1 with extra magic at head * Support fusectl (only ctl) mountpoint * Sub-version format is now as of git-describe * Apparamor labels C/R support - Fix library path for aarch64 and ppc64le - Fix the prototype for lsm.c (to fix build errors): lsm-prototype-fix.diff - Refreshed crit-install-prefix.diff- update to version 1.5.2: * fix error in mutli-threaded tasks restore with --restore-sibling (Docker and LXC cases) * fix too big RPC messages error for service (and swrk)- Fix build failure on FACTORY due to comment-in-comment in google/protobuf/descriptor.proto - update to version 1.5.1: * fix crash with 4.0 kernel * legalize swrk API and add the ability for inheriting fds via it * cgroup yard destruction and properties restore- update to version 1.5: New features * CRIT tool * ability to request CPU compatibility on instructions level only * C/R of empty AIO rings * more detailed errno report via RPC * per-feature "criu check" * inheriting FDs on restore * ability to automatically move veth device to host-side bridge on netns restore * VT terminals support * more user namespaces C/R stuff See more details at http://criu.org/Releases#v._1.5 - fix installation of crit: crit-install-prefix.diff- update to version 1.4: New features: * Dump and check cpuinfo * Initial support for user namespaces * The docker_cr.sh script for Docker * New API for writing plugins (old one is still possible) * Service workers change their title to better look in ps output * Ability to feed socket for pre-dump and page-server in swrk mode * Page-server can auto-bind its port * Ability to perform several actions during one connection to RPC service * C/R of opened /proc/$pid/foo files of dead tasks * C/R of /dev/console * C/R of virtualized devtmpfs (openvz and future upstream kernels) * C/R of empty mqueue fs (posix message queues) * C/R of shared bind-mounts See more details at http://criu.org/Releases#v._1.4/sbin/ldconfig/sbin/ldconfigsheep85 16520865213.16.1-bp154.1.333.16.1-bp154.1.33libcriu.so.2libcriu.so.2.0/usr/lib64/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Backports:SLE-15-SP4/standard/d5ae1ae91d771811d76dfcf5412ebd82-criucpioxz5x86_64-suse-linuxELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=84b6f2cc290823bb36164773acf6f56eb04be0b8, strippedPRRRRRAZm0e,utf-8a47d6db3fe348171523f9f4cfece0d9291929ff40ad12fa043dfa8f6ed86a05d?7zXZ !t/=GG] cr$x#FYLNJ5+'@t1nq^y0+(?Ct'5'^#%yixÅܐS% c h>`a|+\0x>w܎/ Z7к;ƾHA#э`ڬbg~k}G24_+  A:LQ̯-wW*Ͻj8VMvZ_FJmk$x<]vch G׭: p$=`gі,˲[_G}Z^jܘ%/n*bt:Hh`Yq><'>-* wd^02dvY^9m[ ėuJ֛x L{7}^Y ~R{kGF)p7jG T&U51ʺmz׊"+BTLkdVS3rF :D[JMl um?V;g}owp-8\2-B'Fl[`'ɶ)6IZ.0'j +@.1T -$3wCe"3 48aQQ.8+jUC'<j_Dt33o *Cu3%㧠n?S`xh-PdO.[sJf/=ۿ^3?VhI$ȣ#!b{BDmb"Q0PdY\ޯWC=/.2[WsO4=E\_t5MV#Ud[AA| L(3^A , 9Ypj;`1Ǚf޻}d ; \"!Ⱥ+^̺vSP,x =!a ;gH+au+}u 1_̓U[ےӟqNt'쵍g2}d7|(= ѥ)ێ}+ 8PWJMM٤0#8Oi-o,sT#[0wyn{1<,a,%Q$:E; Y*lj_N1*饄0%t.ͬ5x/si;ܣ.k$bCB&JFzӧ7}c6mh:*V݂jowG9J&8c&=֞9%B 3w KisMC7h:1O3I@i4i) `dچz5w{}ٺ9>2čB>L(,(#ɟ*J~tﺒ냤±u yLt_U}Wc71ly +R7bgJvUy d5|4h+ {.M}ax @[`EdՍH2@,S8CeWJ1@!drVN_5_'P Mnh C_ (Md5Eep`wHRE˚fq+0D8(|mxK 1]Az5W:6O1.A+e4K FFu]@'[t @t|;kpB0>w$h`à Ց'xN'u~dEj|d:U9fPXyɠgOLVMɟRh@G{0uwGjNPNg ;u*vY379{B*B%|- KsEF $#oϽ3"5*V@?ڠ-^U{.T 5aG! ;5{sgz{eW')-#ڄRF`/3ms:#_g`"d>佬˅Q-̣9x.fia^{l9_@ԇpsLpTN#"<=.1Tlj.I[35bvi; 9Nef]s jk_v:DNïbyuzQht{MJ -Z&[~jmUDdڄ3a 0)0!wRɡZlo0x3QJo=k,Ẹ@_ Ȱ TU/!aXnMh\M)j) }3I,-Ysy h3&f _3BztGWQ nA,^9A{HpBI&$@Yz>2r%zoFS,aq4lZKf y+0+[@ P9_JX'_vƥ]!Ј&Bcd9Jkerk;c]gA鹹u VWqCvHO@L̡'cع ê콑JIm+u ?݃tFO'\1vD+ퟃ={'Y^L!@6#נrd %N"W,u&oI}Lyh(yJ[Y J@~~h~{e*0 y&&7^}j ,Gքۉk5oAv}B\_Ku9*WNQGwbFYf9UY\7Ia}UJ`.ҲZQBWيWm|t2b%QѱϬ,U@h; Hov9hH{ D  +o %oR߬^m,_sW-,Ok<ԽɗFR6z[⦡$+%]J((5Wn\N64k6ǃ#^ Ry2h%߶eNj ώ5GV!CfD »4TnhL_$,ze %@~Q m@i;Z.`ng_~uD覷*D fHݰS%[?%.q/8P6MA6@Qݒ)s%eT>`$ۆ8 9dg"vm|KuDzr#+SWF*4IqٖD*B? ,̨seY|F9/fLs?m>:'EYYPK` 8ɄW~n瑸"VJ:'K1c+* Z:Slޟ.bk 8U.@6 쇠=rՕTl 6,YTHo{Fwtgx`#nFCΎι^](  +hRkYo%M$陭U?؋}xW,.j;Gkԃh[Y ǹmDfrՈJ@.7<1NmPs CbkۅH'O8OD=dPWƷ`Rm^ͳol1 c5&5z*IFd M#?P ~yR 1e 15?h=&0A {i82\wc$wjnG=J\&C=OlwbJ]$|{- >%x~*Q0ˋ#)jwAW:,B"q`"rM5@8a.qBW˩|Vlc E5LpIdNd%ur셌̸A7|Yy)稜vxK6@k4)=T dJ͠d"@}q_9U~e"G-#2> ؏U`;9Scf_]hԓh햌f~iU[3syHbz[gxx.J 4w/͒R凵,D$^^:lj(]d2CQ]Ï^ԚO`m |d 1%61iu,Ε%P `&^ǒkl">f7L-g0!+o!aC೶Q]YHDF>h\GeX>A^*䇝xw*?E/JsMuY eYH#`.y#N}I^?ǚ[^FՖ:m昑^ˤqf z`BB Zᜇ-0LXEYXZj '59ϬՄ{=ZR&5qshx(W)rkͨMU`_,yg/s%$=b6`Zmoޓ1?M̋>CN2ʣ–6eMXo!# Ð߱j=n٣ ҏK.-MG$Wbv̵@槊I rn ‡K2>N\@#fe8Mj'ByT f8薪~LmƸⓀR@TEqVFژLD:s۲`?cQ8:/aiM}b]nMbhEk+`%u A,;=I+gtW)2*j, V@a~c/ws;VDZXYi෷{^4!;Kxa WL*ri4aR:#^FK'bI IzljELg[yUk%f9f*AJ9 "{A]M႗kך;uixYeR5D$ ,Y)/Io0U% ^!gPs@aGx럼}́;Os tjop 6qn;D[UךEKF l SԘK6#ǹa':Ivc,0N/(GO]ECOܪBt( z 5<\cG1uBjq/?;W[elqB묔مt r*:@>Ba Bb՚|P "i-Moz9%Wu%̌Nv\(`A]9Fk!0MgӽFg ʀMHqsģ"y%O-Kw'ܡjn Po":5v؞Fֵ(H'ֵjbmC4b9ᶾzx봸++R*ڊ%OHw0~9A MEzOǏ@J &Cu'B?eoBC ɥ[#͍>6[ڬVin̻MȢI1\ӽp=g鬾5ILtD.(IJʈqˮ%X$Mu)0[4W_Zu! JC*<>si'_p'H!xɧz0 褟3-8\6]Z]8[-xjВ\f@50nQ5#b TAzTlH!CK կė.Kj%D pkueź-M9R%۸Y}aop0Ge!Uspo:0Gd7-yF<-'Z}X]Z60v:ڎv`p*Zr7Db"U>zF ?IT:c!\jc}٘3˹1X8>uXKѭ/_jIo qhjٰ¶tS`GRQt:Y:!1.B'5$<9YX ws60o!0C;Gכ?ʠ-fGF20i[Nh6۫\19F(QqS3y%IJ]"Ƙ s5DbFѶ|Di82PcީW #ckmCu ݖLHkhED5q`QJHW$b {ɧa7҅58S?](虪SM_rB(I¹Nb5Ktx;ÇNYSu]Rv\sUrFr't>+rhpmTq#X$fJE<eqV/Y5 g|GuLboS G(Fick؏Ғ8dL4<9U80b,ϛ鈺rsoQ̚Fv,f4u+4ʰإyc~p5d6_VK[ץ]~RYgY )sn  TT}v۝|Ӎ"fE2#pbSiф˷K;vfB)OCh3UWBh\{#̘9i1Szx7\>ʎ ^Va9z0yb>x# Go9HSA^GU}&68-A6Jƃ8l[U6Y:-qX~Q,L'ۄ x;oU7Y%%:4!sg{caxn,oA%Ip a0glj&J:GxDv2 uwAdE,3+DK,?!O}[ ;UbQUfl| jIݞ",W)PEADac)jLE6, VS];؊ubSBn #;Re|1qmAFdxڴ4WS}(] toDaq,XGgA!?zvI7YhiIfiNGYe0[ZҘ"| Ơy\>r^!gU7/n5 lb߿wxI*R ٵ;;lYx1|܋9ntO{*SI2@A4(2~-J/v\':^0װMFŦ 0Womג6Ki.Tq&>RN&A}Y`DS(bBe[v&ͺvpM㬘*6`kբc -pXP3OmS[ ڥG sNy/<;eu|=BLg`5xcLgfran- OfK-&?#°\/{?>2V&/uo2*wfU\pR׉}Dzv]D2dV-急Vuurzo5HKF.$Wk0bEl%$S]i(L}lRu'\GÕsJ':dڬ!6MshPـ ._M~Lt9DF],j3%%ͪ.ueW+h܅Zx[׼kɸgK#3|d|S_X|owC>Xu%"8oeS}=4"3o -P| `:|9Jm/W"R\~:-pE'q:A *#7 (F۪럯 IIF}L|Wl}joXZ2jb~dHɲ&2WH>WQ]ζAP=kt`χOdY>lu4'ǂf=x;۝HWBXG={r lZr+wy!mيyz&Y,6s26eA;zᲲj-Nopq3fsc1gMY%.nN`{?nՃ'3ةbip m+9c/ L!XU1( WZz}. l F/vF%&U~BLqv]Ul%lrsmEzSɓRif`cH;ԺQD ]x [OS\F6aB218^}΍$_F*e8,~]?fMBkI \W`]{U5x7o;3Iba_$;e6R(S{k5OpYΕY.ʟ4^{೘Dȳ۟ `ola16_p"=ufIT`X`g@4eAH{y ȩ-.ihYֈtYp"8%hFÑajӂߖ ~{A>Rޟ+SUo']?b ˛xaOd!CJwUc(sqTVIbؠDgLōÜm-E KͦOFpP!H 0f`%iFwu2 O 3absv7ńpHv矖@34%>?Ery KO h@,I->nYaZ coAyY]|CKΐm=4ڜHV^;S: }T#gEJw6X+5䉶O Z<>foKSJ޼Tfn6 `@wM*HgYI*Ɏ:` >GXI?}7Կ8Y\=l. Z]rY7AZ-D@yBCApUb.h1LMukkf7D $;r9(%OƥoɘPcuEٰgd >v7o~NǦEgIzPD3T6TInmV*T[њ}hoBuICj"'N+s׼nsF\}7mDT/ɖ`3L> 1 GMcJ W|%.ll&* Hgm}~)<{!q.sѥq/+`d(t/l]Ad xm,<}lntr|\nGX]*FZ`仳{V E}h~{)ۧI'$R`?"ڞ%^?2JMJK{9>N28zǚAю%5ǽ4>{qPedP̙CEDF.gtʋR/|u7l(meC l!_79ڛiOΙF?L-?-O'}8M 5Z;]H)џUyukb]~CG`5RM@Km%=v5t5>jotE9yďcW'9!L+pܥ'DD8Fv= RqzOИH-L8?Wo2|>KyD 0%h7H"fjHPČqL\lɔuuX'͐ij/Ƭ(ZkƐq k1[cl6qR\^/py_s0yMZ cML>I[8,v[lsgnwX %+ G\bvM"͗xUF1iHBU"T͐j"ڠɲDtc2>[bcⷍB28*/ A͠MWYoFd[ޱveY\$ԸN@9kS9@ժeuR6t6}f6¶~ngH̷>Q6*P?p~7Y/+[(( ԣ O!9>|M)Y:О"NO&(bSF>NØ`;dZIުy=쐼5:hh۫Ypv1/<ȳ '<2N+]ݶěG_VrɧUF| Ȋg11ueˡ^Î@ {MC{@1gQyW͖Zk6Dz#?P~~pu(zQdiF'qE HLg:UʽZ_r\%7 yf笥Ecs4}k0-/6v79(ՁO*PO=u&ڗ.7ڨu5t+6rE518=.ע'[kgO]G<rF ypLPc;}PO].\g~MR6܊B/VQ&d`D7﵇i(*UaXAFRYxTiF8Õ#vb FXUCk,<`Y_8:,NIMM𸫖# kk_C2[}&aEkIĒlV̷=eHJ=ՖPt+(!: 8̓.)(}Uk* x*)ᨏI<7q](W*FtgX$e_Ji()Q!W l (L4EQwlxV-`Cd:l{/Pd鹘NJq)%V| F=Mh|q),oٕF+*IV>s1Wjy)s&dTa[|y ={%6決;_p0%y(vXdk=%7M0Nߴ" +c@Y"N*C,o.Epa=s=vTƬ0˜m8: ,@̍INgv sOP.ΔKWfšW*}7)klW%"K%ԛ\;7oN=4X6̈́%&j¬1bjl,t{{u]Nh5k*:k*Tg+-M$ gr,hGRҰ\o[_jUCP)/_o='{9If8A[u8kK&@><-GWQ;ʸAk1^53c-MΏQ4>KpwŀEEEpX;AOZI?Ys @Y#J\Փ-MDk2@wNYβUb[7̶.6]PBu 5AvYL [}ⅱv™Ut3f}$~?@5tĀ BX"^lzEaCc{Ez$2(fP[ԥ.0sjn˱ud}69Fz`3dzgs $11ܰZv/聁uо g @\G opۊSE,y"BKS\](C5cr "ũTQB0j?wG:R}Lt~дb'%KE='4 YZ