Provided by: criu_2.0-2ubuntu3_amd64 bug


       criu - checkpoint/restore in userspace


       criu <command> [options]


       criu is a tool for checkpointing and restoring running applications. It does this by
       saving their state as a collection of files (see the dump command) and creating equivalent
       processes from those files (see the restore command). The restore operation can be
       performed at a later time, on a different system, or both.


       The options are depending on the <command> criu run with.

   Common options
       Common options are applied to any <command>.

           Set logging level to <num>. The higer the level, the more output is produced. Either
           numeric values or multiple v can be used.

           The following levels are available:

           ·   -v1, -v only messages and errors;

           ·   -v2, -vv also warnings (default level);

           ·   -v3, -vvv also information messages and timestamps;

           ·   -v4, -vvvv lots of debug.

       --pidfile <file>
           Write root task, service or page-server pid into a <file>.

       -o, --log-file <file>
           Write logging messages to <file>.

           Write separate logging files per each pid.

       -D, --images-dir <path>
           Use path <path> as a base directory where to look for dump files set.

       --prev-images-dir <path>
           Use path <path> as a parent directory where to look for dump files set. This make
           sence in case of increment dumps.

       -W, --work-dir <dir>
           Use directory <dir> for putting logs, pidfiles and statistics. If not specified,
           <path> from -D option is taken.

       --close <fd>
           Close file with descriptor <fd> before any actions.

       -L, --libdir <path>
           Path to a plugins directory.

       --action-script <SCRIPT>
           Add an external action script. The environment variable CRTOOLS_SCRIPT_ACTION contains
           one of the actions:

           ·   pre-dump run an action prior to beginning a dump

           ·   post-dump run an action upon dump completion;

           ·   pre-restore run an action prior to beginning a restore

           ·   post-restore run an action upon restore completion;

           ·   network-lock lock network in a target network namespace;

           ·   network-unlock unlock network in a target network namespace;

           ·   setup-namespaces run an action once root task just been created with required
               namespaces, note it is early stage on restore nothing were restored yet except
               namespaces themselves.

       -V, --version
           Print program version and exit.

       -h, --help
           Print a commands list and exit. The commands list is very short one just for overview
           and does not match this manual.

       Launches that named pre-dump procedure, where criu does snapshot of memory changes since
       previous pre-dump. Also criu forms fsnotify cache which speedup restore procedure.
       pre-dump requires at least -t option (see dump below). Optionally page-server options may
       be specified.

           Turn on memory changes tracker in the kernel. If the option is not passed the memory
           tracker get turned on implicitly.

       Starts a checkpoint procedure.

       -t, --tree <pid>
           Checkpoint the whole process tree starting from <pid>.

       -R, --leave-running
           Leave tasks in running state after checkpoint instead of killing them. This option is
           pretty dangerous and should be used if and only if you understand what you are doing.

           If task is about to run after been checkpointed it can modify TCP connections, delete
           files and do other dangerous actions. So that criu itself can not guarantee that the
           next restore action will not fail. Most likely if a user starts criu with this option
           passed at least the file system snapshot must be done with help of post-dump script.

           In other words, do not use it until really needed.

       -s, --leave-stopped
           Leave tasks in stopped state after checkpoint instead of killing them.

       -x, --ext-unix-sk [<inode>,<inode>']
           Dump external unix sockets. Optionally passing <inode> (or comma separated series) it
           assigns inodes which allowed for one sided dump.

           Use cgroup freezer to collect processes.

           Collect cgroups into the image thus they gonna be restored then. Without this argument
           criu will not save cgroups configuration associated with a task.

           Checkpoint established TCP connections.

       --veth-pair <IN>=<OUT>
           Correspondence between outside and inside names of veth devices.

           Use any path to a device file if the original one is inaccessible.

           Send pages to a page server (see page-server command).

           Force resolving names for inotify and fsnotify watches.

           Deduplicate "old" data in pages images of previous dump. Which implies incremental
           dump mode (see pre-dump command).

       -l, --file-locks
           Dump file locks. It is necessary to make sure that all file lock users are taken into
           dump, so it is only safe to use this for enclojured containers where locks are not
           holed by someone outside of it.

       -M, --ext-mount-map <KEY>:<VAL>
           Setup mapping for external mounts.  <KEY> is a mountpoint inside container and
           corresponding <VAL> is a string that will be written into the image as mountpoint's
           root value.

           Allow one to link unlinked files back when possible (modifies FS till restore).

       --ghost-limit size
           Allow one to specify maximum allowed size of deleted file to be carried inside image
           files. By default up to 1M file is allowed. It is done in a sake to not carry big
           files inside images.  size may be postfixed with K, M or G (which stands for kilo,
           mega and gigabytes accordingly).

       -j, --shell-job
           Allow one to dump shell jobs. This implies the restored task will inherit session and
           process group ID from the criu itself. Also this option allows one to migrate a single
           external tty connection, in other words this option allows one to migrate such
           application as "top" and friends. If passed on dump it must be specified on restore as

       --cpu-cap [,<cap>]
           Specify cap CPU capability to be written into an image file. Basically if <cap> is one
           of all, cpu or ins, then criu writes CPU related information into image file. If the
           option is omitted or set to none then image will not be written. By default criu do
           not write this image.

       Restores previously checkpointed processes.

       --inherit-fd fd[<num>]:<existing>
           Inherit file descriptors. This allows one to treat file descriptor <num> as being
           already opened via <existing> one and instead of trying to open we inherit it.

       -d, --restore-detached
           Detach criu itself once restore is complete.

       -S, --restore-sibling
           Restore root task as a sibling (make sense with --restore-detached) only.

       -r, --root <path>
           Change the root filesystem to <path> (when run in mount namespace).

       --manage-cgroups [<mode>]
           Restore cgroups configuration associated with a task from the image. Controllers are
           always restored in optimistic way — if already present in system criu reuses it,
           otherwise it will be created.

           The <mode> may be one of below.

           ·   none. Do not restore cgroup properties but require cgroup to pre-exist at the
               moment of restore procedure.

           ·   props. Restore cgroup properties and require cgroup to pre-exist.

           ·   soft. Restore cgroup properties if only cgroup has been created by criu, otherwise
               do not restore properies. This is the default if mode is unspecified.

           ·   full. Always restore all cgroups and their properties.

           ·   strict. Restore all cgroups and their properties from the scratch, requiring them
               to not present in the system.

       --cgroup-root [<controller>:]/<newroot>
           Change the root cgroup the controller will be installed into. No controller means that
           root is the default for all controllers not specified.

           Restore previously dumped established TCP connections. This implies that the network
           has been locked between dump and restore phases so other side of a connection simply
           notice a kind of lag.

       --veth-pair <IN>=<OUT>
           Correspondence between outside and inside names of veth devices.

       -l, --file-locks
           Restore file locks from the image.

       -M, --ext-mount-map <KEY>:<VAL>
           Setup mapping for external mounts.  <KEY> is the value from the image (<VAL> from
           dump) and the <VAL> is the path on host that will be bind-mounted into container (to
           the mountpoint path from image).

       --ext-mount-map auto
           This is a special case. If this flag is passed, when an external mount is missing from
           the command line --ext-mount-map <KEY>:<VAL> syntax, criu attempts to automatically
           resolve this mount from its namespace.

       --enable-external-sharing, --enable-external-masters
           These flags enable external shared or slave mounts to be resolved automatically when
           --ext-mount-map auto is passed.

           As soon as a page is restored it get punched out from image.

       -j, --shell-job
           Restore shell jobs, in other words inherit session and process group ID from the criu

       --cpu-cap [<cap>,<cap>]
           Specify <cap> CPU capability to be present on the CPU the process is restoring. To
           inverse capability prefix it with ^. This option implies that --cpu-cap has been
           passed on dump as well, except fpu option case.

           ·   all. Require all capabilities. This is default mode if --cpu-cap is passed without
               arguments. Most safe mode.

           ·   cpu. Require the CPU to have all capabilities in image to match runtime CPU.

           ·   fpu. Requre the CPU to have comaptible FPU. For example the process might be
               dumped with xsave capability but attempted to restore without it present on target
               CPU. In such case we refuse to procceed. This is default mode if --cpu-cap is not
               present in command line. Note this argument might be passed even if on the dump no
               --cpu-cap have been specified becase FPU frames are always encoded into images.

           ·   ins. Require CPU compatibility on instructions level.

           ·   none. Ignore capabilities. Most dangerous mode. The behaviour is implementation
               dependent. Try to not use it until really required.

               One possible need of using this option is when --cpu-cap=cpu has been passed on
               dump then images are migrated to a less capable processor and one need to restore
               this application, by default criu will refuse to proceed without relaxing
               capability with --cpu-cap=none parameter.

       Tests whether the kernel support is up to date.

           Do not check not yet merged features.

       --feature <name>
           Check a particular feature. Instead of checking everything one may specify which
           exactly feature is to be tested. The <name> may be: mnt_id, aio_remap, timerfd, tun,

       Launches criu in page server mode.

           Runs page server as a daemon (background process).

       --address <address>
           Page server IP address.

       --port <number>
           Page server port number.

       Executes a system call inside a destination task's context.

       Launches criu in RPC daemon mode where criu is listeninп for RPC commands over socket to
       perform. This is convenient for the case where daemon itself is running in a privilege
       (superuser) mode but clients are not.

       Starts pagemap data deduplication procedure, where criu scans over all pagemap files and
       tries to minimalize the number of pagemap entries by obtaining the references from a
       parent pagemap image.

   cpuinfo dump
       Fetches current CPU features and write them into an image file.

   cpuinfo check
       Fetches current CPU features (ie CPU the criu is running on) and test if they are
       compatible with ones present in image file.


       To run a system call in another task's context use

               criu exec -t pid syscall-string

       command. The syscall-string should look like

               syscall-name syscall-arguments ...

       Each command line argument is transformed into the system call argument by the following

       ·   If one starts with &, the rest of it gets copied to the target task's address space
           and the respective syscall argument is the pointer to this string;

       ·   Otherwise it is treated as a number (converted with strtol) and is directly passed
           into the system call.


       To checkpoint a program with pid of 1234 and write all image files into directory

               criu dump -D checkpoint -t 1234

       To restore this program detaching criu itself:

               criu restore -d -D checkpoint

       To close a file descriptor number 1 in task with pid 1234:

               criu exec -t 1234 close 1

       To open a file named /foo/bar for read-write in the task with pid 1234:

               criu exec -t 1234 open '&/foo/bar' 2


       OpenVZ team.


       Copyright (C) 2011-2015, Parallels Inc.