There are various use-cases related to tracing which could benefit from introducing a notion of "tracer namespace" rather than playing tricks with ptrace. This idea was introduced in the LPC 2021 Tracing MC.
For instance, it would be interesting to offer the ability to trace system calls, uprobes, and user events using a kernel tracer controlled from within a container. Tracing a hierarchy...
Re-parenting may put processes having same inherit-only resource into completely different and far away locations in the process tree, so that they don't have ancestor/descendant relations between each other anymore.
In mainstream CRIU currently we don't have nested pid-namespaces support and re-parenting to child-sub-reaper support. We just handle the most common case where task was...
openat2(2), it is now possible for a container runtime to be absolutely sure that they are accessing the procfs path they intended by using
RESOLVE_NO_XDEV|RESOLVE_NO_SYMLINKS (the main limitation before this was the fact that there was no way to safely do the equivalent of
RESOLVE_NO_XDEV in userspace on Linux, and implementing the necessary behaviour in userspace was...
rstat is a framework how generic hierarchical stats collection is implemented
It is light on the writer (update) side since it works with per-cgroup per-cpu
structures only (mostly).
It is quick on the reader side since it aggregates only cgroups active since
the previous read in a given subtree.
It is used for accounting CPU time on the unified hierachy, blkcg and memcg...
This talk will discuss on-going changes to CRIU to introduce an "unprivileged" mode, utilizing a minimal set of Linux capabilities that allow for non-root users to checkpoint and restore processes.
It will also touch on a particularly motivating use-case; improving JVM start-up time.
Introducing per-memory-space virtual CPU IDs allocation domains helps solving user-space per-core data structure memory scaling issues as long as the data structure is private to a memory space (typically a single process). However, this does not help in use-cases where the data structure sits in shared memory used across processes.
In order to address this part of the problem, a...
Bringing up FUSE mounts C/R support
Each filesystem support in CRIU brings their own problems. Block-device based filesystems
comparably easy to handle, we just need to save mount options and use it at the restore stage,
it is also possible to provide such filesystems as an external mounts. Some virtual filesystems
should be handled specially, for instance for tmpfs we...