User:Skinsbursky/sandbox

Checkpoint/Restore In Userspace, or CRIU, is a software tool for Linux operating systems. Using this tool, you can freeze a running application (or part of it) and checkpoint it to a hard drive as a collection of files. You can then use the files to run the application from the point it was frozen at. The main peculiarity of the CRIU project is that it is mainly implemented in user space. The project is currently under development.

History
The initial version of CRIU software was presented to the Linux developers community by Pavel Emelianov, the OpenVZ team leader, on 15 July 2011. In September 2011, the project was presented at the Linux Plumbers Conference.

In general, most of the attendees took a positive view of the project, which is proved by the fact that a number of kernel patches required for implementing the project were included in the mainline kernel. Linus Torvalds, however, was a bit skeptical about the project. In particular, he wrote:

„A note on this: this is a project by various mad Russians to perform c/r mainly from userspace, with various oddball helper code added into the kernel where the need is demonstrated. … However I'm less confident than the developers that it will all eventually work! So what I'm asking them to do is to wrap each piece of new code inside CONFIG_CHECKPOINT_RESTORE. So if it all eventually comes to tears and the project as a whole fails, it should be a simple matter to go through and delete all trace of it.“

Use
The CRIU tool is being developed as part of the OpenVZ project. Though its main focus is to support the migration of containers, it allows you to check-point and restore the current state of running processes and process groups. The tool can currently be used on x86-64 systems only and supports the following features:


 * Processes, their hierarchy, PID, user and group authenticators (uid, gid, sid, etc.), system capabilities
 * Application memory, including memory-mapped files and shared memory
 * Open files
 * Pipes and FIFOs
 * Unix domain sockets
 * Network sockets, including the TCP ones in ESTABLISHED state (see below)
 * System IPC
 * Timers

To support some of these features, additional kernel patches have to be applied to the kernel. The CRIU developers are currently focusing on including these patches in the mainline kernel. Some of the required patches have been already accepted and are part of the kernel (e.g., shared memory, Unix sockets, TCP/IP sockets).

Migration of TCP connections
One of the initial project goals was to support the migration of TCP connections, the biggest challenge being to suspend and then restore only one side of a connection. This was necessary for performing the live migration of containers (along with all their active network connections) between physical servers, the main scenario of using the checkpointing/restoring feature by Parallels. To cope with this problem, a new feature, "TCP repair mode", was implemented. The feature was included in the v3.5 mainline Linux kernel and provides users with additional means to disassemble and reconstruct TCP sockets without the necessity of exchanging network packets with the opposite side of the connection.