The release of CRIU 3.16 (Checkpoint and Restore In Userspace) toolkit, designed to save and restore processes in user space, has been published. The toolkit allows you to save the state of one or a group of processes, and then resume work from the saved position, including after rebooting the system or on another server without breaking the already established network connections. The project code is distributed under the GPLv2 license.
Among the areas of application of CRIU technology, it is noted that the OS is rebooted without disrupting the continuity of the execution of long-running processes, Live-migration of isolated containers, accelerating the launch of slow processes (you can start working from the state saved after initialization), updating the kernel without restarting services, periodically saving the state of long-running computing tasks to resume work in the event of a crash, balancing the load on nodes in clusters, duplicating processes on another machine (fork to a remote system), creating snapshots of user applications in the process for analyzing them on another system or in case you need to cancel further actions in program. CRIU is used in container management systems such as OpenVZ, LXC/LXD, and Docker. The changes necessary for CRIU to work are included in the main composition of the Linux kernel.
In the new release:
- Added criu-ns command to restore a saved snapshot of a process with a new PID and in a separate mount namespace. Starting with a different PID may be required, for example, if the old PID is already in use in the system.
- The ability to save and restore state snapshots of nested apparmor profiles has been implemented.
- Implemented locking and unlocking network resources based on nftables.
- Added support for restoring pre-created veth devices.
- Improved support for restoring containers to existing pods.
- For RPC clients, the ability to determine PID reuse has been added, implemented using the pidfd mechanism.
- The license for all proto files in the images/ directory has been changed to MIT.
Source: opennet.ru