CRIU

Checkpoint/Restore In Userspace (CRIU) (pronounced kree-oo, ), is a software tool for the Linux operating system. Using this tool, it is possible to freeze a running application (or part of it) and checkpoint it to persistent storage as a collection of files. One can then use the files to restore and run the application from the point it was frozen at. The distinctive feature of the CRIU project is that it is mainly implemented in user space, rather than in the kernel.

History
The initial version of CRIU software was presented to the Linux developers community by Pavel Emelyanov, the OpenVZ kernel team leader, on 15 July 2011.

In September 2011, the project was presented at the Linux Plumbers Conference. In general, most of the attendees took a positive view of the project, which is proven by the fact that a number of kernel patches required for implementing the project were included in the mainline kernel. Andrew Morton, however, was a bit skeptical:

"A note on this: this is a project by various mad Russians to perform c/r mainly from userspace, with various oddball helper code added into the kernel where the need is demonstrated... However I'm less confident than the developers that it will all eventually work! So what I'm asking them to do is to wrap each piece of new code inside CONFIG_CHECKPOINT_RESTORE. So if it all eventually comes to tears and the project as a whole fails, it should be a simple matter to go through and delete all trace of it."

- Andrew Morton

Use
The CRIU tool is being developed as part of the OpenVZ project, with the aim of replacing the in-kernel checkpoint/restore. Though its main focus is to support the migration of containers, allowing users to check-point and restore the current state of running processes and process groups. The tool can currently be used on x86-64 and ARM systems and supports the following features:


 * Processes: their hierarchy, PIDs, user and group authenticators (UID, GID, SID, etc.), system capabilities, threads, and running and stopped states
 * Application memory: memory-mapped files and shared memory
 * Open files
 * Pipes and FIFOs
 * Unix domain sockets
 * Network sockets, including TCP sockets in ESTABLISHED state (see below)
 * System V IPC
 * Timers
 * Signals
 * Terminals
 * Linux kernel-specific system calls:,  ,   and

, no kernel patching is required because all of the required functionality has already been merged into the Linux kernel mainline since kernel version 3.11, which was released on September 2, 2013.

TCP connection migration
One of the initial project goals was to support the migration of TCP connections, the biggest challenge being to suspend and then restore only one side of a connection. This was necessary for performing the live migration of containers (along with all their active network connections) between physical servers, the main scenario of using the checkpoint/restore feature in OpenVZ. To cope with this problem, a new feature, "TCP repair mode", was implemented. The feature was included in version 3.5 of the Linux kernel mainline and provides users with additional means to disassemble and reconstruct TCP sockets without the necessity of exchanging network packets with the opposite side of the connection.