1CRIU(8) CRIU Manual CRIU(8)
2
6 criu - checkpoint/restore in userspace
7
9 criu command [option ...]
10
12 criu is a tool for checkpointing and restoring running applications. It
13 does this by saving their state as a collection of files (see the dump
14 command) and creating equivalent processes from those files (see the
15 restore command). The restore operation can be performed at a later
16 time, on a different system, or both.
17
19 Most of the long flags can be prefixed with no- to negate the option
20 (example: --display-stats and --no-display-stats).
21 Common options
23 Common options are applicable to any command.
24 -v[v...], --verbosity
26 Increase verbosity up from the default level. In case of short
27 option, multiple v can be used, each increasing verbosity by one.
28 -vnum, --verbosity=num
30 Set verbosity level to num. The higher the level, the more output
31 is produced.
32 The following levels are available:
34 · -v0 no output;
36 · -v1 only errors;
38 · -v2 above plus warnings (this is the default level);
40 · -v3 above plus information messages and timestamps;
42 · -v4 above plus lots of debug.
44 --config file
46 Pass a specific configuration file to criu.
47 --no-default-config
49 Disable parsing of default configuration files.
50 --pidfile file
52 Write root task, service or page-server pid into a file.
53 -o, --log-file file
55 Write logging messages to a file.
56 --display-stats
58 During dump, as well as during restore, criu collects some statis‐
59 tics, like the time required to dump or restore the process, or the
60 number of pages dumped or restored. This information is always
61 saved to the stats-dump and stats-restore files, and can be shown
62 using crit(1). The option --display-stats prints out this informa‐
63 tion on the console at the end of a dump or restore operation.
64 -D, --images-dir path
66 Use path as a base directory where to look for sets of image files.
67 --prev-images-dir path
69 Use path as a parent directory where to look for sets of image
70 files. This option makes sense in case of incremental dumps.
71 -W, --work-dir dir
73 Use directory dir for putting logs, pidfiles and statistics. If not
74 specified, path from -D option is taken.
75 --close fd
77 Close file descriptor fd before performing any actions.
78 -L, --libdir path
80 Path to plugins directory.
81 --enable-fs [fs[,fs...]]
83 Specify a comma-separated list of filesystem names that should be
84 auto-detected. The value all enables auto-detection for all
85 filesystems.
86 Note: This option is not safe, use at your own risk. Auto-detecting
88 a filesystem mount assumes that the mountpoint can be restored with
89 mount(src, mountpoint, flags, options). When used, dump is expected
90 to always succeed if a mountpoint is to be auto-detected, however
91 restore may fail (or do something wrong) if the assumption for
92 restore logic is incorrect. This option is not compatable with
93 --external dev.
94 --action-script script
96 Add an external action script to be executed at certain stages. The
97 environment variable CRTOOLS_SCRIPT_ACTION is available to the
98 script to find out which action is being executed, and its value
99 can be one of the following:
100 pre-dump
102 run prior to beginning a dump
103 post-dump
105 run upon dump completion
106 pre-restore
108 run prior to beginning a restore
109 post-restore
111 run upon restore completion
112 pre-resume
114 run when all processes and resources are restored but tasks are
115 stopped waiting for final kick to run. Must not fail.
116 post-resume
118 called at the very end, when everything is restored and pro‐
119 cesses were resumed
120 network-lock
122 run to lock network in a target network namespace
123 network-unlock
125 run to unlock network in a target network namespace
126 setup-namespaces
128 run once root task has just been created with required names‐
129 paces. Note it is an early stage of restore, when nothing is
130 restored yet, except for namespaces themselves
131 post-setup-namespaces
133 called after the namespaces are configured
134 orphan-pts-master
136 called after master pty is opened and unlocked. This hook can
137 be used only in the RPC mode, and the notification message con‐
138 tains a file descriptor for the master pty
139 -V, --version
141 Print program version and exit.
142 -h, --help
144 Print some help and exit.
145 pre-dump
147 Performs the pre-dump procedure, during which criu creates a snapshot
148 of memory changes since the previous pre-dump. Note that during this
149 criu also creates the fsnotify cache which speeds up the restore proce‐
150 dure. pre-dump requires at least -t option (see dump below). In addi‐
151 tion, page-server options may be specified.
152 --track-mem
154 Turn on memory changes tracker in the kernel. If the option is not
155 passed the memory tracker get turned on implicitly.
156 --pre-dump-mode=mode
158 There are two mode to operate pre-dump algorithm. The splice mode
159 is parasite based, whereas read mode is based on process_vm_readv
160 syscall. The read mode incurs reduced frozen time and reduced mem‐
161 ory pressure as compared to splice mode. Default is splice mode.
162 dump
164 Performs a checkpoint procedure.
165 -t, --tree pid
167 Checkpoint the whole process tree starting from pid.
168 -R, --leave-running
170 Leave tasks in running state after checkpoint, instead of killing.
171 This option is pretty dangerous and should be used only if you
172 understand what you are doing.
173 Note if task is about to run after been checkpointed, it can modify
175 TCP connections, delete files and do other dangerous actions.
176 Therefore, criu can not guarantee that the next restore action will
177 succeed. Most likely if this option is used, at least the file sys‐
178 tem snapshot must be made with the help of post-dump action script.
179 In other words, do not use it unless really needed.
181 -s, --leave-stopped
183 Leave tasks in stopped state after checkpoint, instead of killing.
184 --external type[id]:value
186 Dump an instance of an external resource. The generic syntax is
187 type of resource, followed by resource id (enclosed in literal
188 square brackets), and optional value (prepended by a literal
189 colon). The following resource types are currently supported: mnt,
190 dev, file, tty, unix. Syntax depends on type. Note to restore
191 external resources, either --external or --inherit-fd is used,
192 depending on resource type.
193 --external mnt[mountpoint]:name
195 Dump an external bind mount referenced by mountpoint, saving it to
196 image under the identifier name.
197 --external mnt[]:flags
199 Dump all external bind mounts, autodetecting those. Optional flags
200 can contain m to also dump external master mounts, s to also dump
201 external shared mounts (default behavior is to abort dumping if
202 such mounts are found). If flags are not provided, colon is
203 optional.
204 --external dev[major/minor]:name
206 Allow to dump a mount namespace having a real block device mounted.
207 A block device is identified by its major and minor numbers, and
208 criu saves its information to image under the identifier name.
209 --external file[mnt_id:inode]
211 Dump an external file, i.e. an opened file that is can not be
212 resolved from the current mount namespace, which can not be dumped
213 without using this option. The file is identified by mnt_id (a
214 field obtained from /proc/pid/fdinfo/N) and inode (as returned by
215 stat(2)).
216 --external tty[rdev:dev]
218 Dump an external TTY, identified by st_rdev and st_dev fields
219 returned by stat(2).
220 --external unix[id]
222 Tell criu that one end of a pair of UNIX sockets (created by sock‐
223 etpair(2)) with the given id is OK to be disconnected.
224 --freeze-cgroup
226 Use cgroup freezer to collect processes.
227 --manage-cgroups
229 Collect cgroups into the image thus they gonna be restored then.
230 Without this option, criu will not save cgroups configuration asso‐
231 ciated with a task.
232 --cgroup-props spec
234 Specify controllers and their properties to be saved into the image
235 file. criu predefines specifications for common controllers, but
236 since the kernel can add new controllers and modify their proper‐
237 ties, there should be a way to specify ones matched the kernel.
238 spec argument describes the controller and properties specification
240 in a simplified YAML form:
241 "c1":
243 - "strategy": "merge"
244 - "properties": ["a", "b"]
245 "c2":
246 - "strategy": "replace"
247 - "properties": ["c", "d"]
248 where c1 and c2 are controllers names, and a, b, c, d are their
250 properties.
251 Note the format: double quotes, spaces and new lines are required.
253 The strategy specifies what to do if a controller specified already
254 exists as a built-in one: criu can either merge or replace such.
255 For example, the command line for the above example should look
257 like this:
258 --cgroup-props "\"c1\":\n - \"strategy\": \"merge\"\n - \"properties\": [\"a\", \"b\"]\n \"c2\":\n - \"strategy\": \"replace\"\n - \"properties\": [\"c\", \"d\"]"
260 --cgroup-props-file file
262 Same as --cgroup-props, except the specification is read from the
263 file.
264 --cgroup-dump-controller name
266 Dump a controller with name only, skipping anything else that was
267 discovered automatically (usually via /proc). This option is useful
268 when one needs criu to skip some controllers.
269 --cgroup-yard path
271 Instead of trying to mount cgroups in CRIU, provide a path to a
272 directory with already created cgroup yard. Useful if you don’t
273 want to grant CAP_SYS_ADMIN to CRIU. For every cgroup mount there
274 should be exactly one directory. If there is only one controller in
275 this mount, the dir’s name should be just the name of the con‐
276 troller. If there are multiple controllers comounted, the directory
277 name should have them be separated by a comma.
278 For example, if /proc/cgroups looks like this:
280 #subsys_name hierarchy num_cgroups enabled
282 cpu 1 1 1
283 devices 2 2 1
284 freezer 2 2 1
285 then you can create the cgroup yard by the following commands:
287 mkdir private_yard
289 cd private_yard
290 mkdir cpu
291 mount -t cgroup -o cpu none cpu
292 mkdir devices,freezer
293 mount -t cgroup -o devices,freezer none devices,freezer
294 --tcp-established
296 Checkpoint established TCP connections.
297 --skip-in-flight
299 This option skips in-flight TCP connections. If any TCP connections
300 that are not yet completely established are found, criu ignores
301 these connections, rather than errors out. The TCP stack on the
302 client side is expected to handle the re-connect gracefully.
303 --evasive-devices
305 Use any path to a device file if the original one is inaccessible.
306 --page-server
308 Send pages to a page server (see the page-server command).
309 --force-irmap
311 Force resolving names for inotify and fsnotify watches.
312 --auto-dedup
314 Deduplicate "old" data in pages images of previous dump. This
315 option implies incremental dump mode (see the pre-dump command).
316 -l, --file-locks
318 Dump file locks. It is necessary to make sure that all file lock
319 users are taken into dump, so it is only safe to use this for
320 enclosed containers where locks are not held by any processes out‐
321 side of dumped process tree.
322 --link-remap
324 Allows to link unlinked files back, if possible (modifies filesys‐
325 tem during restore).
326 --ghost-limit size
328 Set the maximum size of deleted file to be carried inside image. By
329 default, up to 1M file is allowed. Using this option allows to not
330 put big deleted files inside images. Argument size may be postfixed
331 with a K, M or G, which stands for kilo-, mega, and gigabytes,
332 accordingly.
333 -j, --shell-job
335 Allow one to dump shell jobs. This implies the restored task will
336 inherit session and process group ID from the criu itself. This
337 option also allows to migrate a single external tty connection, to
338 migrate applications like top. If used with dump command, it must
339 be specified with restore as well.
340 --cpu-cap [cap[,cap...]]
342 Specify CPU capabilities to write to an image file. The argument is
343 a comma-separated list of:
344 · none to ignore capabilities at all; the image will not be pro‐
346 duced on dump, neither any check performed on restore;
347 · fpu to check if FPU module is compatible;
349 · ins to check if CPU supports all instructions required;
351 · cpu to check if CPU capabilities are exactly matching;
353 · all for all above set.
355 By default the option is set to fpu and ins.
357 --cgroup-root [controller:]/newroot
359 Change the root for the controller that will be dumped. By default,
360 criu simply dumps everything below where any of the tasks live.
361 However, if a container moves all of its tasks into a cgroup direc‐
362 tory below the container engine’s default directory for tasks, per‐
363 missions will not be preserved on the upper directories with no
364 tasks in them, which may cause problems.
365 --lazy-pages
367 Perform the dump procedure without writing memory pages into the
368 image files and prepare to service page requests over the network.
369 When dump runs in this mode it presumes that lazy-pages daemon will
370 connect to it and fetch memory pages to lazily inject them into the
371 restored process address space. This option is intended for
372 post-copy (lazy) migration and should be used in conjunction with
373 restore with appropriate options.
374 restore
376 Restores previously checkpointed processes.
377 --inherit-fd fd[N]:resource
379 Inherit a file descriptor. This option lets criu use an already
380 opened file descriptor N for restoring a file identified by
381 resource. This option can be used to restore an external resource
382 dumped with the help of --external file, tty, and unix options.
383 The resource argument can be one of the following:
385 · tty[rdev:dev]
387 · pipe[inode]
389 · socket[inode*]*
391 · file[mnt_id:inode]
393 · path/to/file
395 Note that square brackets used in this option arguments are liter‐
397 als and usually need to be escaped from shell.
398 -d, --restore-detached
400 Detach criu itself once restore is complete.
401 -s, --leave-stopped
403 Leave tasks in stopped state after restore (rather than resuming
404 their execution).
405 -S, --restore-sibling
407 Restore root task as a sibling (makes sense only with
408 --restore-detached).
409 --log-pid
411 Write separate logging files per each pid.
412 -r, --root path
414 Change the root filesystem to path (when run in a mount namespace).
415 This option is required to restore a mount namespace. The directory
416 path must be a mount point and its parent must not be overmounted.
417 --external type[id]:value
419 Restore an instance of an external resource. The generic syntax is
420 type of resource, followed by resource id (enclosed in literal
421 square brackets), and optional value (prepended by a literal
422 colon). The following resource types are currently supported: mnt,
423 dev, veth, macvlan. Syntax depends on type. Note to restore exter‐
424 nal resources dealing with opened file descriptors (such as dumped
425 with the help of --external file, tty, and unix options), option
426 --inherit-fd should be used.
427 --external mnt[name]:mountpoint
429 Restore an external bind mount referenced in the image by name,
430 bind-mounting it from the host mountpoint to a proper mount point.
431 --external mnt[]
433 Restore all external bind mounts (dumped with the help of --exter‐
434 nal mnt[] auto-detection).
435 --external dev[name]:/dev/path
437 Restore an external mount device, identified in the image by name,
438 using the existing block device /dev/path.
439 --external veth[inner_dev]:outer_dev@bridge
441 Set the outer VETH device name (corresponding to inner_dev being
442 restored) to outer_dev. If optional @bridge is specified, outer_dev
443 is added to that bridge. If the option is not used, outer_dev will
444 be autogenerated by the kernel.
445 --external macvlan[inner_dev]:outer_dev
447 When restoring an image that have a MacVLAN device in it, this
448 option must be used to specify to which outer_dev (an existing net‐
449 work device in CRIU namespace) the restored inner_dev should be
450 bound to.
451 --manage-cgroups [mode]
453 Restore cgroups configuration associated with a task from the
454 image. Controllers are always restored in an optimistic way — if
455 already present in system, criu reuses it, otherwise it will be
456 created.
457 The mode may be one of the following:
459 none
461 Do not restore cgroup properties but require cgroup to pre-exist at
462 the moment of restore procedure.
463 props
465 Restore cgroup properties and require cgroup to pre-exist.
466 soft
468 Restore cgroup properties if only cgroup has been created by criu,
469 otherwise do not restore properties. This is the default if mode is
470 unspecified.
471 full
473 Always restore all cgroups and their properties.
474 strict
476 Restore all cgroups and their properties from the scratch, requir‐
477 ing them to not present in the system.
478 ignore
480 Don’t deal with cgroups and pretend that they don’t exist.
481 --cgroup-yard path
483 Instead of trying to mount cgroups in CRIU, provide a path to a
484 directory with already created cgroup yard. For more informa‐
485 tion look in the dump section.
486 --cgroup-root [controller:]/newroot
488 Change the root cgroup the controller will be installed into.
489 No controller means that root is the default for all con‐
490 trollers not specified.
491 --tcp-established
493 Restore previously dumped established TCP connections. This
494 implies that the network has been locked between dump and
495 restore phases so other side of a connection simply notice a
496 kind of lag.
497 --tcp-close
499 Restore connected TCP sockets in closed state.
500 --veth-pair IN=OUT
502 Correspondence between outside and inside names of veth
503 devices.
504 -l, --file-locks
506 Restore file locks from the image.
507 --lsm-profile type:name
509 Specify an LSM profile to be used during restore. The type can
510 be either apparmor or selinux.
511 --auto-dedup
513 As soon as a page is restored it get punched out from image.
514 -j, --shell-job
516 Restore shell jobs, in other words inherit session and process
517 group ID from the criu itself.
518 --cpu-cap [cap[,cap...]]
520 Specify CPU capabilities to be present on the CPU the process
521 is restoring. To inverse a capability, prefix it with ^. This
522 option implies that --cpu-cap has been passed on dump as well,
523 except fpu option case. The cap argument can be the following
524 (or a set of comma-separated values):
525 all
527 Require all capabilities. This is default mode if --cpu-cap is
528 passed without arguments. Most safe mode.
529 cpu
531 Require the CPU to have all capabilities in image to match runtime
532 CPU.
533 fpu
535 Require the CPU to have compatible FPU. For example the process
536 might be dumped with xsave capability but attempted to restore
537 without it present on target CPU. In such case we refuse to pro‐
538 ceed. This is default mode if --cpu-cap is not present in command
539 line. Note this argument might be passed even if on the dump no
540 --cpu-cap have been specified because FPU frames are always encoded
541 into images.
542 ins
544 Require CPU compatibility on instructions level.
545 none
547 Ignore capabilities. Most dangerous mode. The behaviour is imple‐
548 mentation dependent. Try to not use it until really required.
549 For example, this option can be used in case --cpu-cap=cpu was used
551 during dump, and images are migrated to a less capable CPU and are
552 to be restored. By default, criu shows an error that CPU capabili‐
553 ties are not adequate, but this can be suppressed by using
554 --cpu-cap=none.
555 --weak-sysctls
557 Silently skip restoring sysctls that are not available. This
558 allows to restore on an older kernel, or a kernel configured
559 without some options.
560 --lazy-pages
562 Restore the processes without filling out the entire memory
563 contents. When this option is used, restore sets up the infra‐
564 structure required to fill memory pages either on demand when
565 the process accesses them or in the background without stopping
566 the restored process. This option requires running lazy-pages
567 daemon.
568 check
570 Checks whether the kernel supports the features needed by criu to dump
571 and restore a process tree.
572 There are three categories of kernel support, as described below. criu
574 check always checks Category 1 features unless --feature is specified
575 which only checks a specified feature.
576 Category 1
578 Absolutely required. These are features like support for
579 /proc/PID/map_files, NETLINK_SOCK_DIAG socket monitoring,
580 /proc/sys/kernel/ns_last_pid etc.
581 Category 2
583 Required only for specific cases. These are features like AIO
584 remap, /dev/net/tun and others that are only required if a process
585 being dumped or restored is using those.
586 Category 3
588 Experimental. These are features like task-diag that are used for
589 experimental purposes (mostly during development).
590 If there are no errors or warnings, criu prints "Looks good." and its
592 exit code is 0.
593 A missing Category 1 feature causes criu to print "Does not look good."
595 and its exit code is non-zero.
596 Missing Category 2 and 3 features cause criu to print "Looks good but
598 ..." and its exit code is be non-zero.
599 Without any options, criu check checks Category 1 features. This behav‐
601 ior can be changed by using the following options:
602 --extra
604 Check kernel support for Category 2 features.
605 --experimental
607 Check kernel support for Category 3 features.
608 --all
610 Check kernel support for Category 1, 2, and 3 features.
611 --feature name
613 Check a specific feature. If name is list, a list of valid kernel
614 feature names that can be checked will be printed.
615 page-server
617 Launches criu in page server mode.
618 --daemon
620 Runs page server as a daemon (background process).
621 --status-fd
623 Write \0 to the FD and close it once page-server is ready to handle
624 requests. The status-fd allows to not daemonize a process and get
625 its exit code at the end. It isn’t supposed to use --daemon and
626 --status-fd together.
627 --address address
629 Page server IP address or hostname.
630 --port number
632 Page server port number.
633 --ps-socket fd
635 Use provided file descriptor as socket for incoming connection. In
636 this case --address and --port are ignored. Useful for intercepting
637 page-server traffic e.g. to add encryption or authentication.
638 --lazy-pages
640 Serve local memory dump to a remote lazy-pages daemon. In this mode
641 the page-server reads local memory dump and allows the remote
642 lazy-pages daemon to request memory pages in random order.
643 --tls-cacert file
645 Specifies the path to a trusted Certificate Authority (CA) certifi‐
646 cate file to be used for verification of a client or server cer‐
647 tificate. The file must be in PEM format. When this option is used
648 only the specified CA is used for verification. Otherwise, the sys‐
649 tem’s trusted CAs and, if present, /etc/pki/CA/cacert.pem will be
650 used.
651 --tls-cacrl file
653 Specifies a path to a Certificate Revocation List (CRL) file which
654 contains a list of revoked certificates that should no longer be
655 trusted. The file must be in PEM format. When this option is not
656 specified, the file, if present, /etc/pki/CA/cacrl.pem will be
657 used.
658 --tls-cert file
660 Specifies a path to a file that contains a X.509 certificate to
661 present to the remote entity. The file must be in PEM format. When
662 this option is not specified, the default location
663 (/etc/pki/criu/cert.pem) will be used.
664 --tls-key file
666 Specifies a path to a file that contains TLS private key. The file
667 must be in PEM format. When this option is not the default location
668 (/etc/pki/criu/private/key.pem) will be used.
669 --tls
671 Use TLS to secure remote connections.
672 lazy-pages
674 Launches criu in lazy-pages daemon mode.
675 The lazy-pages daemon is responsible for managing user-level demand
677 paging for the restored processes. It gets information required to fill
678 the process memory pages from the restore and from the checkpoint
679 directory. When a restored process access certain memory page for the
680 first time, the lazy-pages daemon injects its contents into the process
681 address space. The memory pages that are not yet requested by the
682 restored processes are injected in the background.
683 exec
685 Executes a system call inside a destination task's context. This func‐
686 tionality is deprecated; please use Compel instead.
687 service
689 Launches criu in RPC daemon mode, where criu is listening for RPC com‐
690 mands over socket to perform. This is convenient for a case where dae‐
691 mon itself is running in a privileged (superuser) mode but clients are
692 not.
693 dedup
695 Starts pagemap data deduplication procedure, where criu scans over all
696 pagemap files and tries to minimize the number of pagemap entries by
697 obtaining the references from a parent pagemap image.
698 cpuinfo dump
700 Fetches current CPU features and write them into an image file.
701 cpuinfo check
703 Fetches current CPU features (i.e. CPU the criu is running on) and test
704 if they are compatible with the ones present in an image file.
705
707 Criu supports usage of configuration files to avoid the need of writing
708 every option on command line, which is useful especially with repeated
709 usage of same options. A specific configuration file can be passed with
710 the "--config file" option. If no file is passed, the default configu‐
711 ration files /etc/criu/default.conf and $HOME/.criu/default.conf are
712 parsed (if present on the system). If the environment variable
713 CRIU_CONFIG_FILE is set, it will also be parsed.
714 The options passed to CRIU via CLI, RPC or configuration file are eval‐
716 uated in the following order:
717 · apply_config(/etc/criu/default.conf)
719 · apply_config($HOME/.criu/default.conf)
721 · apply_config(CRIU_CONFIG_FILE)
723 · apply_config(--config file)
725 · apply_config(CLI) or apply_config(RPC)
727 · apply_config(RPC configuration file) (only for RPC mode)
729 Default configuration file parsing can be deactivated with
731 "--no-default-config" if needed. Parsed configuration files are merged
732 with command line options, which allows overriding boolean options.
733 Configuration file syntax
735 Comments are supported using '#' sign. The rest of the line is ignored.
736 Options are the same as command line options without the '--' prefix,
737 use one option per line (with corresponding argument if applicable,
738 divided by whitespaces). If needed, the argument can be provided in
739 double quotes (this should be needed only if the argument contains
740 whitespaces). In case this type of argument contains a literal double
741 quote as well, it can be escaped using the '\' sign. Usage of commands
742 is disallowed and all other escape sequences are interpreted literally.
743 Example of configuration file to illustrate syntax:
745 $ cat ~/.criu/default.conf
747 tcp-established
748 work-dir "/home/USERNAME/criu/my \"work\" directory"
749 #this is a comment
750 no-restore-sibling # this is another comment
751 Configuration files in RPC mode
753 Not only does criu evaluate configuration files in CLI mode, it also
754 evaluates configuration files in RPC mode. Just as in CLI mode the con‐
755 figuration file values are evaluated first. This means that any option
756 set via RPC will overwrite the configuration file setting. The user can
757 thus change criu's default behavior but it is not possible to change
758 settings which are explicitly set by the RPC client.
759 The RPC client can, however, specify an additional configuration file
761 which will be evaluated after the RPC options (see above for option
762 evaluation order). The RPC client can specify this additional configu‐
763 ration file via "req.opts.config_file = /path/to/file". The values from
764 this configuration file will overwrite all other configuration file
765 settings or RPC options. This can lead to undesired behavior of criu
766 and should only be used carefully.
767
769 To checkpoint a program with pid of 1234 and write all image files into
770 directory checkpoint:
771 criu dump -D checkpoint -t 1234
773 To restore this program detaching criu itself:
775 criu restore -d -D checkpoint
777
779 The CRIU team.
780
782 Copyright (C) 2011-2016, Parallels Holdings, Inc.
783criu 3.14 04/29/2020 CRIU(8)