Provided by: criu_2.0-2ubuntu3_amd64 bug


       criu - checkpoint/restore in userspace


       criu <command> [options]


       criu is a tool for checkpointing and restoring running applications. It
       does this by saving their state as a collection of files (see the dump
       command) and creating equivalent processes from those files (see the
       restore command). The restore operation can be performed at a later
       time, on a different system, or both.


       The options are depending on the <command> criu run with.

   Common options
       Common options are applied to any <command>.

           Set logging level to <num>. The higer the level, the more output is
           produced. Either numeric values or multiple v can be used.

           The following levels are available:

           ·   -v1, -v only messages and errors;

           ·   -v2, -vv also warnings (default level);

           ·   -v3, -vvv also information messages and timestamps;

           ·   -v4, -vvvv lots of debug.

       --pidfile <file>
           Write root task, service or page-server pid into a <file>.

       -o, --log-file <file>
           Write logging messages to <file>.

           Write separate logging files per each pid.

       -D, --images-dir <path>
           Use path <path> as a base directory where to look for dump files

       --prev-images-dir <path>
           Use path <path> as a parent directory where to look for dump files
           set. This make sence in case of increment dumps.

       -W, --work-dir <dir>
           Use directory <dir> for putting logs, pidfiles and statistics. If
           not specified, <path> from -D option is taken.

       --close <fd>
           Close file with descriptor <fd> before any actions.

       -L, --libdir <path>
           Path to a plugins directory.

       --action-script <SCRIPT>
           Add an external action script. The environment variable
           CRTOOLS_SCRIPT_ACTION contains one of the actions:

           ·   pre-dump run an action prior to beginning a dump

           ·   post-dump run an action upon dump completion;

           ·   pre-restore run an action prior to beginning a restore

           ·   post-restore run an action upon restore completion;

           ·   network-lock lock network in a target network namespace;

           ·   network-unlock unlock network in a target network namespace;

           ·   setup-namespaces run an action once root task just been created
               with required namespaces, note it is early stage on restore
               nothing were restored yet except namespaces themselves.

       -V, --version
           Print program version and exit.

       -h, --help
           Print a commands list and exit. The commands list is very short one
           just for overview and does not match this manual.

       Launches that named pre-dump procedure, where criu does snapshot of
       memory changes since previous pre-dump. Also criu forms fsnotify cache
       which speedup restore procedure. pre-dump requires at least -t option
       (see dump below). Optionally page-server options may be specified.

           Turn on memory changes tracker in the kernel. If the option is not
           passed the memory tracker get turned on implicitly.

       Starts a checkpoint procedure.

       -t, --tree <pid>
           Checkpoint the whole process tree starting from <pid>.

       -R, --leave-running
           Leave tasks in running state after checkpoint instead of killing
           them. This option is pretty dangerous and should be used if and
           only if you understand what you are doing.

           If task is about to run after been checkpointed it can modify TCP
           connections, delete files and do other dangerous actions. So that
           criu itself can not guarantee that the next restore action will not
           fail. Most likely if a user starts criu with this option passed at
           least the file system snapshot must be done with help of post-dump

           In other words, do not use it until really needed.

       -s, --leave-stopped
           Leave tasks in stopped state after checkpoint instead of killing

       -x, --ext-unix-sk [<inode>,<inode>']
           Dump external unix sockets. Optionally passing <inode> (or comma
           separated series) it assigns inodes which allowed for one sided

           Use cgroup freezer to collect processes.

           Collect cgroups into the image thus they gonna be restored then.
           Without this argument criu will not save cgroups configuration
           associated with a task.

           Checkpoint established TCP connections.

       --veth-pair <IN>=<OUT>
           Correspondence between outside and inside names of veth devices.

           Use any path to a device file if the original one is inaccessible.

           Send pages to a page server (see page-server command).

           Force resolving names for inotify and fsnotify watches.

           Deduplicate "old" data in pages images of previous dump. Which
           implies incremental dump mode (see pre-dump command).

       -l, --file-locks
           Dump file locks. It is necessary to make sure that all file lock
           users are taken into dump, so it is only safe to use this for
           enclojured containers where locks are not holed by someone outside
           of it.

       -M, --ext-mount-map <KEY>:<VAL>
           Setup mapping for external mounts.  <KEY> is a mountpoint inside
           container and corresponding <VAL> is a string that will be written
           into the image as mountpoint's root value.

           Allow one to link unlinked files back when possible (modifies FS
           till restore).

       --ghost-limit size
           Allow one to specify maximum allowed size of deleted file to be
           carried inside image files. By default up to 1M file is allowed. It
           is done in a sake to not carry big files inside images.  size may
           be postfixed with K, M or G (which stands for kilo, mega and
           gigabytes accordingly).

       -j, --shell-job
           Allow one to dump shell jobs. This implies the restored task will
           inherit session and process group ID from the criu itself. Also
           this option allows one to migrate a single external tty connection,
           in other words this option allows one to migrate such application
           as "top" and friends. If passed on dump it must be specified on
           restore as well.

       --cpu-cap [,<cap>]
           Specify cap CPU capability to be written into an image file.
           Basically if <cap> is one of all, cpu or ins, then criu writes CPU
           related information into image file. If the option is omitted or
           set to none then image will not be written. By default criu do not
           write this image.

       Restores previously checkpointed processes.

       --inherit-fd fd[<num>]:<existing>
           Inherit file descriptors. This allows one to treat file descriptor
           <num> as being already opened via <existing> one and instead of
           trying to open we inherit it.

       -d, --restore-detached
           Detach criu itself once restore is complete.

       -S, --restore-sibling
           Restore root task as a sibling (make sense with --restore-detached)

       -r, --root <path>
           Change the root filesystem to <path> (when run in mount namespace).

       --manage-cgroups [<mode>]
           Restore cgroups configuration associated with a task from the
           image. Controllers are always restored in optimistic way — if
           already present in system criu reuses it, otherwise it will be

           The <mode> may be one of below.

           ·   none. Do not restore cgroup properties but require cgroup to
               pre-exist at the moment of restore procedure.

           ·   props. Restore cgroup properties and require cgroup to

           ·   soft. Restore cgroup properties if only cgroup has been created
               by criu, otherwise do not restore properies. This is the
               default if mode is unspecified.

           ·   full. Always restore all cgroups and their properties.

           ·   strict. Restore all cgroups and their properties from the
               scratch, requiring them to not present in the system.

       --cgroup-root [<controller>:]/<newroot>
           Change the root cgroup the controller will be installed into. No
           controller means that root is the default for all controllers not

           Restore previously dumped established TCP connections. This implies
           that the network has been locked between dump and restore phases so
           other side of a connection simply notice a kind of lag.

       --veth-pair <IN>=<OUT>
           Correspondence between outside and inside names of veth devices.

       -l, --file-locks
           Restore file locks from the image.

       -M, --ext-mount-map <KEY>:<VAL>
           Setup mapping for external mounts.  <KEY> is the value from the
           image (<VAL> from dump) and the <VAL> is the path on host that will
           be bind-mounted into container (to the mountpoint path from image).

       --ext-mount-map auto
           This is a special case. If this flag is passed, when an external
           mount is missing from the command line --ext-mount-map <KEY>:<VAL>
           syntax, criu attempts to automatically resolve this mount from its

       --enable-external-sharing, --enable-external-masters
           These flags enable external shared or slave mounts to be resolved
           automatically when --ext-mount-map auto is passed.

           As soon as a page is restored it get punched out from image.

       -j, --shell-job
           Restore shell jobs, in other words inherit session and process
           group ID from the criu itself.

       --cpu-cap [<cap>,<cap>]
           Specify <cap> CPU capability to be present on the CPU the process
           is restoring. To inverse capability prefix it with ^. This option
           implies that --cpu-cap has been passed on dump as well, except fpu
           option case.

           ·   all. Require all capabilities. This is default mode if
               --cpu-cap is passed without arguments. Most safe mode.

           ·   cpu. Require the CPU to have all capabilities in image to match
               runtime CPU.

           ·   fpu. Requre the CPU to have comaptible FPU. For example the
               process might be dumped with xsave capability but attempted to
               restore without it present on target CPU. In such case we
               refuse to procceed. This is default mode if --cpu-cap is not
               present in command line. Note this argument might be passed
               even if on the dump no --cpu-cap have been specified becase FPU
               frames are always encoded into images.

           ·   ins. Require CPU compatibility on instructions level.

           ·   none. Ignore capabilities. Most dangerous mode. The behaviour
               is implementation dependent. Try to not use it until really

               One possible need of using this option is when --cpu-cap=cpu
               has been passed on dump then images are migrated to a less
               capable processor and one need to restore this application, by
               default criu will refuse to proceed without relaxing capability
               with --cpu-cap=none parameter.

       Tests whether the kernel support is up to date.

           Do not check not yet merged features.

       --feature <name>
           Check a particular feature. Instead of checking everything one may
           specify which exactly feature is to be tested. The <name> may be:
           mnt_id, aio_remap, timerfd, tun, userns.

       Launches criu in page server mode.

           Runs page server as a daemon (background process).

       --address <address>
           Page server IP address.

       --port <number>
           Page server port number.

       Executes a system call inside a destination task's context.

       Launches criu in RPC daemon mode where criu is listeninп for RPC
       commands over socket to perform. This is convenient for the case where
       daemon itself is running in a privilege (superuser) mode but clients
       are not.

       Starts pagemap data deduplication procedure, where criu scans over all
       pagemap files and tries to minimalize the number of pagemap entries by
       obtaining the references from a parent pagemap image.

   cpuinfo dump
       Fetches current CPU features and write them into an image file.

   cpuinfo check
       Fetches current CPU features (ie CPU the criu is running on) and test
       if they are compatible with ones present in image file.


       To run a system call in another task's context use

               criu exec -t pid syscall-string

       command. The syscall-string should look like

               syscall-name syscall-arguments ...

       Each command line argument is transformed into the system call argument
       by the following rules:

       ·   If one starts with &, the rest of it gets copied to the target
           task's address space and the respective syscall argument is the
           pointer to this string;

       ·   Otherwise it is treated as a number (converted with strtol) and is
           directly passed into the system call.


       To checkpoint a program with pid of 1234 and write all image files into
       directory checkpoint:

               criu dump -D checkpoint -t 1234

       To restore this program detaching criu itself:

               criu restore -d -D checkpoint

       To close a file descriptor number 1 in task with pid 1234:

               criu exec -t 1234 close 1

       To open a file named /foo/bar for read-write in the task with pid 1234:

               criu exec -t 1234 open '&/foo/bar' 2


       OpenVZ team.


       Copyright (C) 2011-2015, Parallels Inc.