1CRIU(8)                           CRIU Manual                          CRIU(8)
2
3
4

NAME

6       criu - checkpoint/restore in userspace
7

SYNOPSIS

9       criu command [option ...]
10

DESCRIPTION

12       criu is a tool for checkpointing and restoring running applications. It
13       does this by saving their state as a collection of files (see the  dump
14       command)  and  creating  equivalent processes from those files (see the
15       restore command). The restore operation can be  performed  at  a  later
16       time, on a different system, or both.
17

OPTIONS

19       Most  of  the  long flags can be prefixed with no- to negate the option
20       (example: --display-stats and --no-display-stats).
21
22   Common options
23       Common options are applicable to any command.
24
25       -v[v...], --verbosity
26           Increase verbosity up from the default  level.  In  case  of  short
27           option, multiple v can be used, each increasing verbosity by one.
28
29       -vnum, --verbosity=num
30           Set  verbosity  level to num. The higher the level, the more output
31           is produced.
32
33           The following levels are available:
34
35           ·   -v0 no output;
36
37           ·   -v1 only errors;
38
39           ·   -v2 above plus warnings (this is the default level);
40
41           ·   -v3 above plus information messages and timestamps;
42
43           ·   -v4 above plus lots of debug.
44
45       --config file
46           Pass a specific configuration file to criu.
47
48       --no-default-config
49           Disable parsing of default configuration files.
50
51       --pidfile file
52           Write root task, service or page-server pid into a file.
53
54       -o, --log-file file
55           Write logging messages to a file.
56
57       --display-stats
58           During dump, as well as during restore, criu collects some  statis‐
59           tics, like the time required to dump or restore the process, or the
60           number of pages dumped or  restored.  This  information  is  always
61           saved  to  the stats-dump and stats-restore files, and can be shown
62           using crit(1). The option --display-stats prints out this  informa‐
63           tion on the console at the end of a dump or restore operation.
64
65       -D, --images-dir path
66           Use path as a base directory where to look for sets of image files.
67
68       --stream
69           dump/restore      images     using     criu-image-streamer.     See
70           https://github.com/checkpoint-restore/criu-image-streamer       for
71           detailed usage.
72
73       --prev-images-dir path
74           Use  path  as  a  parent  directory where to look for sets of image
75           files. This option makes sense in case of incremental dumps.
76
77       -W, --work-dir dir
78           Use directory dir for putting logs, pidfiles and statistics. If not
79           specified, path from -D option is taken.
80
81       --close fd
82           Close file descriptor fd before performing any actions.
83
84       -L, --libdir path
85           Path to plugins directory.
86
87       --enable-fs [fs[,fs...]]
88           Specify  a  comma-separated list of filesystem names that should be
89           auto-detected.  The  value  all  enables  auto-detection  for   all
90           filesystems.
91
92           Note: This option is not safe, use at your own risk. Auto-detecting
93           a filesystem mount assumes that the mountpoint can be restored with
94           mount(src, mountpoint, flags, options). When used, dump is expected
95           to always succeed if a mountpoint is to be  auto-detected,  however
96           restore  may  fail  (or  do  something wrong) if the assumption for
97           restore logic is incorrect. This  option  is  not  compatable  with
98           --external dev.
99
100       --action-script script
101           Add an external action script to be executed at certain stages. The
102           environment variable  CRTOOLS_SCRIPT_ACTION  is  available  to  the
103           script  to  find  out which action is being executed, and its value
104           can be one of the following:
105
106           pre-dump
107               run prior to beginning a dump
108
109           post-dump
110               run upon dump completion
111
112           pre-restore
113               run prior to beginning a restore
114
115           post-restore
116               run upon restore completion
117
118           pre-resume
119               run when all processes and resources are restored but tasks are
120               stopped waiting for final kick to run. Must not fail.
121
122           post-resume
123               called  at  the  very end, when everything is restored and pro‐
124               cesses were resumed
125
126           network-lock
127               run to lock network in a target network namespace
128
129           network-unlock
130               run to unlock network in a target network namespace
131
132           setup-namespaces
133               run once root task has just been created with  required  names‐
134               paces.  Note  it  is an early stage of restore, when nothing is
135               restored yet, except for namespaces themselves
136
137           post-setup-namespaces
138               called after the namespaces are configured
139
140           orphan-pts-master
141               called after master pty is opened and unlocked. This  hook  can
142               be used only in the RPC mode, and the notification message con‐
143               tains a file descriptor for the master pty
144
145       -V, --version
146           Print program version and exit.
147
148       -h, --help
149           Print some help and exit.
150
151   pre-dump
152       Performs the pre-dump procedure, during which criu creates  a  snapshot
153       of  memory  changes  since the previous pre-dump. Note that during this
154       criu also creates the fsnotify cache which speeds up the restore proce‐
155       dure.  pre-dump  requires at least -t option (see dump below). In addi‐
156       tion, page-server options may be specified.
157
158       --track-mem
159           Turn on memory changes tracker in the kernel. If the option is  not
160           passed the memory tracker get turned on implicitly.
161
162       --pre-dump-mode=mode
163           There  are  two mode to operate pre-dump algorithm. The splice mode
164           is parasite based, whereas read mode is based  on  process_vm_readv
165           syscall.  The read mode incurs reduced frozen time and reduced mem‐
166           ory pressure as compared to splice mode. Default is splice mode.
167
168   dump
169       Performs a checkpoint procedure.
170
171       -t, --tree pid
172           Checkpoint the whole process tree starting from pid.
173
174       -R, --leave-running
175           Leave tasks in running state after checkpoint, instead of  killing.
176           This  option  is  pretty  dangerous  and should be used only if you
177           understand what you are doing.
178
179           Note if task is about to run after been checkpointed, it can modify
180           TCP  connections,  delete  files  and  do  other dangerous actions.
181           Therefore, criu can not guarantee that the next restore action will
182           succeed. Most likely if this option is used, at least the file sys‐
183           tem snapshot must be made with the help of post-dump action script.
184
185           In other words, do not use it unless really needed.
186
187       -s, --leave-stopped
188           Leave tasks in stopped state after checkpoint, instead of killing.
189
190       --external type[id]:value
191           Dump an instance of an external resource.  The  generic  syntax  is
192           type  of  resource,  followed  by  resource id (enclosed in literal
193           square brackets),  and  optional  value  (prepended  by  a  literal
194           colon).  The following resource types are currently supported: mnt,
195           dev, file, tty, unix. Syntax  depends  on  type.  Note  to  restore
196           external  resources,  either  --external  or  --inherit-fd is used,
197           depending on resource type.
198
199       --external mnt[mountpoint]:name
200           Dump an external bind mount referenced by mountpoint, saving it  to
201           image under the identifier name.
202
203       --external mnt[]:flags
204           Dump  all external bind mounts, autodetecting those. Optional flags
205           can contain m to also dump external master mounts, s to  also  dump
206           external  shared  mounts  (default  behavior is to abort dumping if
207           such mounts are  found).  If  flags  are  not  provided,  colon  is
208           optional.
209
210       --external dev[major/minor]:name
211           Allow to dump a mount namespace having a real block device mounted.
212           A block device is identified by its major and  minor  numbers,  and
213           criu saves its information to image under the identifier name.
214
215       --external file[mnt_id:inode]
216           Dump  an  external  file,  i.e.  an  opened file that is can not be
217           resolved from the current mount namespace, which can not be  dumped
218           without  using  this  option.  The  file is identified by mnt_id (a
219           field obtained from /proc/pid/fdinfo/N) and inode (as  returned  by
220           stat(2)).
221
222       --external tty[rdev:dev]
223           Dump  an  external  TTY,  identified  by  st_rdev and st_dev fields
224           returned by stat(2).
225
226       --external unix[id]
227           Tell criu that one end of a pair of UNIX sockets (created by  sock‐
228           etpair(2)) with the given id is OK to be disconnected.
229
230       --external pid[inode]:name
231           Mark a PID namespace as external. This can be later used to restore
232           a process into an existing PID namespace. The  label  name  can  be
233           used  to  assign another PID namespace during restore with the help
234           of --inherit-fd.
235
236       --freeze-cgroup
237           Use cgroup freezer to collect processes.
238
239       --manage-cgroups
240           Collect cgroups into the image thus they gonna  be  restored  then.
241           Without this option, criu will not save cgroups configuration asso‐
242           ciated with a task.
243
244       --cgroup-props spec
245           Specify controllers and their properties to be saved into the image
246           file.   criu  predefines specifications for common controllers, but
247           since the kernel can add new controllers and modify  their  proper‐
248           ties, there should be a way to specify ones matched the kernel.
249
250           spec argument describes the controller and properties specification
251           in a simplified YAML form:
252
253               "c1":
254                - "strategy": "merge"
255                - "properties": ["a", "b"]
256               "c2":
257                - "strategy": "replace"
258                - "properties": ["c", "d"]
259
260           where c1 and c2 are controllers names, and a, b,  c,  d  are  their
261           properties.
262
263           Note  the format: double quotes, spaces and new lines are required.
264           The strategy specifies what to do if a controller specified already
265           exists as a built-in one: criu can either merge or replace such.
266
267           For  example,  the  command  line for the above example should look
268           like this:
269
270               --cgroup-props "\"c1\":\n - \"strategy\": \"merge\"\n - \"properties\": [\"a\", \"b\"]\n \"c2\":\n - \"strategy\": \"replace\"\n - \"properties\": [\"c\", \"d\"]"
271
272       --cgroup-props-file file
273           Same as --cgroup-props, except the specification is read  from  the
274           file.
275
276       --cgroup-dump-controller name
277           Dump  a  controller with name only, skipping anything else that was
278           discovered automatically (usually via /proc). This option is useful
279           when one needs criu to skip some controllers.
280
281       --cgroup-yard path
282           Instead  of  trying  to  mount cgroups in CRIU, provide a path to a
283           directory with already created cgroup yard.  Useful  if  you  don’t
284           want  to  grant CAP_SYS_ADMIN to CRIU. For every cgroup mount there
285           should be exactly one directory. If there is only one controller in
286           this  mount,  the  dir’s  name  should be just the name of the con‐
287           troller. If there are multiple controllers comounted, the directory
288           name should have them be separated by a comma.
289
290           For example, if /proc/cgroups looks like this:
291
292               #subsys_name hierarchy num_cgroups enabled
293               cpu          1         1           1
294               devices      2         2           1
295               freezer      2         2           1
296
297           then you can create the cgroup yard by the following commands:
298
299               mkdir private_yard
300               cd private_yard
301               mkdir cpu
302               mount -t cgroup -o cpu none cpu
303               mkdir devices,freezer
304               mount -t cgroup -o devices,freezer none devices,freezer
305
306       --tcp-established
307           Checkpoint established TCP connections.
308
309       --tcp-close
310           Don’t  dump  the  state  of, or block, established tcp connections.
311           This is useful when tcp connections are not going to be restored.
312
313       --skip-in-flight
314           This option skips in-flight TCP connections. If any TCP connections
315           that  are  not  yet  completely established are found, criu ignores
316           these connections, rather than errors out. The  TCP  stack  on  the
317           client side is expected to handle the re-connect gracefully.
318
319       --evasive-devices
320           Use any path to a device file if the original one is inaccessible.
321
322       --page-server
323           Send pages to a page server (see the page-server command).
324
325       --force-irmap
326           Force resolving names for inotify and fsnotify watches.
327
328       --auto-dedup
329           Deduplicate  "old"  data  in  pages  images  of previous dump. This
330           option implies incremental dump mode (see the pre-dump command).
331
332       -l, --file-locks
333           Dump file locks. It is necessary to make sure that  all  file  lock
334           users  are  taken  into  dump,  so  it is only safe to use this for
335           enclosed containers where locks are not held by any processes  out‐
336           side of dumped process tree.
337
338       --link-remap
339           Allows  to link unlinked files back, if possible (modifies filesys‐
340           tem during restore).
341
342       --ghost-limit size
343           Set the maximum size of deleted file to be carried inside image. By
344           default,  up to 1M file is allowed. Using this option allows to not
345           put big deleted files inside images. Argument size may be postfixed
346           with  a  K,  M  or  G, which stands for kilo-, mega, and gigabytes,
347           accordingly.
348
349       -j, --shell-job
350           Allow one to dump shell jobs. This implies the restored  task  will
351           inherit  session  and  process  group ID from the criu itself. This
352           option also allows to migrate a single external tty connection,  to
353           migrate  applications  like top. If used with dump command, it must
354           be specified with restore as well.
355
356       --cpu-cap [cap[,cap...]]
357           Specify CPU capabilities to write to an image file. The argument is
358           a comma-separated list of:
359
360           ·   none  to ignore capabilities at all; the image will not be pro‐
361               duced on dump, neither any check performed on restore;
362
363           ·   fpu to check if FPU module is compatible;
364
365           ·   ins to check if CPU supports all instructions required;
366
367           ·   cpu to check if CPU capabilities are exactly matching;
368
369           ·   all for all above set.
370
371           By default the option is set to fpu and ins.
372
373       --cgroup-root [controller:]/newroot
374           Change the root for the controller that will be dumped. By default,
375           criu  simply  dumps  everything  below where any of the tasks live.
376           However, if a container moves all of its tasks into a cgroup direc‐
377           tory below the container engine’s default directory for tasks, per‐
378           missions will not be preserved on the  upper  directories  with  no
379           tasks in them, which may cause problems.
380
381       --lazy-pages
382           Perform  the  dump  procedure without writing memory pages into the
383           image files and prepare to service page requests over the  network.
384           When dump runs in this mode it presumes that lazy-pages daemon will
385           connect to it and fetch memory pages to lazily inject them into the
386           restored  process  address  space.  This  option  is  intended  for
387           post-copy (lazy) migration and should be used in  conjunction  with
388           restore with appropriate options.
389
390       --file-validation [mode]
391           Set  the  method  to  be used to validate open files. Validation is
392           done to ensure that the version of the file being restored  is  the
393           same version when it was dumped.
394
395       The mode may be one of the following:
396
397       filesize
398           To  explicitly  use  only the file size check all the time. This is
399           the fastest and least intensive check.
400
401       buildid
402           To validate ELF files with their build-ID. If the  build-ID  cannot
403           be  obtained,  chksm-first method will be used. This is the default
404           if mode is unspecified.
405
406   restore
407       Restores previously checkpointed processes.
408
409       --inherit-fd fd[N]:resource
410           Inherit a file descriptor. This option lets  criu  use  an  already
411           opened  file  descriptor  N  for  restoring  a  file  identified by
412           resource. This option can be used to restore an  external  resource
413           dumped with the help of --external file, tty, pid and unix options.
414
415           The resource argument can be one of the following:
416
417           ·   tty[rdev:dev]
418
419           ·   pipe[inode]
420
421           ·   socket[inode*]*
422
423           ·   file[mnt_id:inode]
424
425           ·   path/to/file
426
427           Note  that square brackets used in this option arguments are liter‐
428           als and usually need to be escaped from shell.
429
430       -d, --restore-detached
431           Detach criu itself once restore is complete.
432
433       -s, --leave-stopped
434           Leave tasks in stopped state after restore  (rather  than  resuming
435           their execution).
436
437       -S, --restore-sibling
438           Restore   root   task   as   a   sibling  (makes  sense  only  with
439           --restore-detached).
440
441       --log-pid
442           Write separate logging files per each pid.
443
444       -r, --root path
445           Change the root filesystem to path (when run in a mount namespace).
446           This option is required to restore a mount namespace. The directory
447           path must be a mount point and its parent must not be overmounted.
448
449       --external type[id]:value
450           Restore an instance of an external resource. The generic syntax  is
451           type  of  resource,  followed  by  resource id (enclosed in literal
452           square brackets),  and  optional  value  (prepended  by  a  literal
453           colon).  The following resource types are currently supported: mnt,
454           dev, veth, macvlan. Syntax depends on type. Note to restore  exter‐
455           nal  resources dealing with opened file descriptors (such as dumped
456           with the help of --external file, tty, and  unix  options),  option
457           --inherit-fd should be used.
458
459       --external mnt[name]:mountpoint
460           Restore  an  external  bind  mount referenced in the image by name,
461           bind-mounting it from the host mountpoint to a proper mount point.
462
463       --external mnt[]
464           Restore all external bind mounts (dumped with the help of  --exter‐
465           nal mnt[] auto-detection).
466
467       --external dev[name]:/dev/path
468           Restore  an external mount device, identified in the image by name,
469           using the existing block device /dev/path.
470
471       --external veth[inner_dev]:outer_dev@bridge
472           Set the outer VETH device name (corresponding  to  inner_dev  being
473           restored) to outer_dev. If optional @bridge is specified, outer_dev
474           is added to that bridge. If the option is not used, outer_dev  will
475           be autogenerated by the kernel.
476
477       --external macvlan[inner_dev]:outer_dev
478           When  restoring  an  image  that  have a MacVLAN device in it, this
479           option must be used to specify to which outer_dev (an existing net‐
480           work  device  in  CRIU  namespace) the restored inner_dev should be
481           bound to.
482
483       --manage-cgroups [mode]
484           Restore cgroups configuration  associated  with  a  task  from  the
485           image.  Controllers  are  always restored in an optimistic way — if
486           already present in system, criu reuses it,  otherwise  it  will  be
487           created.
488
489       The mode may be one of the following:
490
491       none
492           Do not restore cgroup properties but require cgroup to pre-exist at
493           the moment of restore procedure.
494
495       props
496           Restore cgroup properties and require cgroup to pre-exist.
497
498       soft
499           Restore cgroup properties if only cgroup has been created by  criu,
500           otherwise do not restore properties. This is the default if mode is
501           unspecified.
502
503       full
504           Always restore all cgroups and their properties.
505
506       strict
507           Restore all cgroups and their properties from the scratch,  requir‐
508           ing them to not present in the system.
509
510       ignore
511           Don’t deal with cgroups and pretend that they don’t exist.
512
513           --cgroup-yard path
514               Instead of trying to mount cgroups in CRIU, provide a path to a
515               directory with already created cgroup yard. For  more  informa‐
516               tion look in the dump section.
517
518           --cgroup-root [controller:]/newroot
519               Change  the  root cgroup the controller will be installed into.
520               No controller means that root  is  the  default  for  all  con‐
521               trollers not specified.
522
523           --tcp-established
524               Restore  previously  dumped  established  TCP connections. This
525               implies that the network  has  been  locked  between  dump  and
526               restore  phases  so  other side of a connection simply notice a
527               kind of lag.
528
529           --tcp-close
530               Restore connected TCP sockets in closed state.
531
532           --veth-pair IN=OUT
533               Correspondence  between  outside  and  inside  names  of   veth
534               devices.
535
536           -l, --file-locks
537               Restore file locks from the image.
538
539           --lsm-profile type:name
540               Specify  an LSM profile to be used during restore. The type can
541               be either apparmor or selinux.
542
543           --auto-dedup
544               As soon as a page is restored it get punched out from image.
545
546           -j, --shell-job
547               Restore shell jobs, in other words inherit session and  process
548               group ID from the criu itself.
549
550           --cpu-cap [cap[,cap...]]
551               Specify  CPU  capabilities to be present on the CPU the process
552               is restoring. To inverse a capability, prefix it with  ^.  This
553               option  implies that --cpu-cap has been passed on dump as well,
554               except fpu option case. The cap argument can be  the  following
555               (or a set of comma-separated values):
556
557       all
558           Require  all  capabilities.  This  is  default mode if --cpu-cap is
559           passed without arguments. Most safe mode.
560
561       cpu
562           Require the CPU to have all capabilities in image to match  runtime
563           CPU.
564
565       fpu
566           Require  the  CPU  to  have compatible FPU. For example the process
567           might be dumped with xsave  capability  but  attempted  to  restore
568           without  it  present  on target CPU. In such case we refuse to pro‐
569           ceed. This is default mode if --cpu-cap is not present  in  command
570           line.  Note  this  argument  might be passed even if on the dump no
571           --cpu-cap have been specified because FPU frames are always encoded
572           into images.
573
574       ins
575           Require CPU compatibility on instructions level.
576
577       none
578           Ignore  capabilities.  Most dangerous mode. The behaviour is imple‐
579           mentation dependent. Try to not use it until really required.
580
581           For example, this option can be used in case --cpu-cap=cpu was used
582           during  dump, and images are migrated to a less capable CPU and are
583           to be restored. By default, criu shows an error that CPU  capabili‐
584           ties  are  not  adequate,  but  this  can  be  suppressed  by using
585           --cpu-cap=none.
586
587           --weak-sysctls
588               Silently skip restoring sysctls that are  not  available.  This
589               allows  to  restore  on an older kernel, or a kernel configured
590               without some options.
591
592           --lazy-pages
593               Restore the processes without filling  out  the  entire  memory
594               contents.  When this option is used, restore sets up the infra‐
595               structure required to fill memory pages either on  demand  when
596               the process accesses them or in the background without stopping
597               the restored process. This option requires  running  lazy-pages
598               daemon.
599
600           --file-validation [mode]
601               Set the method to be used to validate open files. Validation is
602               done to ensure that the version of the file being  restored  is
603               the same version when it was dumped.
604
605       The mode may be one of the following:
606
607       filesize
608           To  explicitly  use  only the file size check all the time. This is
609           the fastest and least intensive check.
610
611       buildid
612           To validate ELF files with their build-ID. If the  build-ID  cannot
613           be  obtained,  chksm-first method will be used. This is the default
614           if mode is unspecified.
615
616   check
617       Checks whether the kernel supports the features needed by criu to  dump
618       and restore a process tree.
619
620       There  are three categories of kernel support, as described below. criu
621       check always checks Category 1 features unless --feature  is  specified
622       which only checks a specified feature.
623
624       Category 1
625           Absolutely   required.   These   are   features  like  support  for
626           /proc/PID/map_files,    NETLINK_SOCK_DIAG    socket     monitoring,
627           /proc/sys/kernel/ns_last_pid etc.
628
629       Category 2
630           Required  only  for  specific  cases.  These  are features like AIO
631           remap, /dev/net/tun and others that are only required if a  process
632           being dumped or restored is using those.
633
634       Category 3
635           Experimental.  These  are features like task-diag that are used for
636           experimental purposes (mostly during development).
637
638       If there are no errors or warnings, criu prints "Looks good."  and  its
639       exit code is 0.
640
641       A missing Category 1 feature causes criu to print "Does not look good."
642       and its exit code is non-zero.
643
644       Missing Category 2 and 3 features cause criu to print "Looks  good  but
645       ..." and its exit code is be non-zero.
646
647       Without any options, criu check checks Category 1 features. This behav‐
648       ior can be changed by using the following options:
649
650       --extra
651           Check kernel support for Category 2 features.
652
653       --experimental
654           Check kernel support for Category 3 features.
655
656       --all
657           Check kernel support for Category 1, 2, and 3 features.
658
659       --feature name
660           Check a specific feature. If name is list, a list of  valid  kernel
661           feature names that can be checked will be printed.
662
663   page-server
664       Launches criu in page server mode.
665
666       --daemon
667           Runs page server as a daemon (background process).
668
669       --status-fd
670           Write \0 to the FD and close it once page-server is ready to handle
671           requests. The status-fd allows to not daemonize a process  and  get
672           its  exit  code  at  the end. It isn’t supposed to use --daemon and
673           --status-fd together.
674
675       --address address
676           Page server IP address or hostname.
677
678       --port number
679           Page server port number.
680
681       --ps-socket fd
682           Use provided file descriptor as socket for incoming connection.  In
683           this case --address and --port are ignored. Useful for intercepting
684           page-server traffic e.g. to add encryption or authentication.
685
686       --lazy-pages
687           Serve local memory dump to a remote lazy-pages daemon. In this mode
688           the  page-server  reads  local  memory  dump  and allows the remote
689           lazy-pages daemon to request memory pages in random order.
690
691       --tls-cacert file
692           Specifies the path to a trusted Certificate Authority (CA) certifi‐
693           cate  file  to  be used for verification of a client or server cer‐
694           tificate. The file must be in PEM format. When this option is  used
695           only the specified CA is used for verification. Otherwise, the sys‐
696           tem’s trusted CAs and, if present, /etc/pki/CA/cacert.pem  will  be
697           used.
698
699       --tls-cacrl file
700           Specifies  a path to a Certificate Revocation List (CRL) file which
701           contains a list of revoked certificates that should  no  longer  be
702           trusted.  The  file  must be in PEM format. When this option is not
703           specified, the file,  if  present,  /etc/pki/CA/cacrl.pem  will  be
704           used.
705
706       --tls-cert file
707           Specifies  a  path  to  a file that contains a X.509 certificate to
708           present to the remote entity. The file must be in PEM format.  When
709           this    option    is    not   specified,   the   default   location
710           (/etc/pki/criu/cert.pem) will be used.
711
712       --tls-key file
713           Specifies a path to a file that contains TLS private key. The  file
714           must be in PEM format. When this option is not the default location
715           (/etc/pki/criu/private/key.pem) will be used.
716
717       --tls
718           Use TLS to secure remote connections.
719
720   lazy-pages
721       Launches criu in lazy-pages daemon mode.
722
723       The lazy-pages daemon is responsible  for  managing  user-level  demand
724       paging for the restored processes. It gets information required to fill
725       the process memory pages from  the  restore  and  from  the  checkpoint
726       directory.  When  a restored process access certain memory page for the
727       first time, the lazy-pages daemon injects its contents into the process
728       address  space.  The  memory  pages  that  are not yet requested by the
729       restored processes are injected in the background.
730
731   exec
732       Executes a system call inside a destination task's context. This  func‐
733       tionality is deprecated; please use Compel instead.
734
735   service
736       Launches  criu in RPC daemon mode, where criu is listening for RPC com‐
737       mands over socket to perform. This is convenient for a case where  dae‐
738       mon  itself is running in a privileged (superuser) mode but clients are
739       not.
740
741   dedup
742       Starts pagemap data deduplication procedure, where criu scans over  all
743       pagemap  files  and  tries to minimize the number of pagemap entries by
744       obtaining the references from a parent pagemap image.
745
746   cpuinfo dump
747       Fetches current CPU features and write them into an image file.
748
749   cpuinfo check
750       Fetches current CPU features (i.e. CPU the criu is running on) and test
751       if they are compatible with the ones present in an image file.
752

CONFIGURATION FILES

754       Criu supports usage of configuration files to avoid the need of writing
755       every option on command line, which is useful especially with  repeated
756       usage of same options. A specific configuration file can be passed with
757       the "--config file" option. If no file is passed, the default  configu‐
758       ration  files  /etc/criu/default.conf  and $HOME/.criu/default.conf are
759       parsed  (if  present  on  the  system).  If  the  environment  variable
760       CRIU_CONFIG_FILE is set, it will also be parsed.
761
762       The options passed to CRIU via CLI, RPC or configuration file are eval‐
763       uated in the following order:
764
765       ·   apply_config(/etc/criu/default.conf)
766
767       ·   apply_config($HOME/.criu/default.conf)
768
769       ·   apply_config(CRIU_CONFIG_FILE)
770
771       ·   apply_config(--config file)
772
773       ·   apply_config(CLI) or apply_config(RPC)
774
775       ·   apply_config(RPC configuration file) (only for RPC mode)
776
777       Default  configuration   file   parsing   can   be   deactivated   with
778       "--no-default-config"  if needed. Parsed configuration files are merged
779       with command line options, which allows overriding boolean options.
780
781   Configuration file syntax
782       Comments are supported using '#' sign. The rest of the line is ignored.
783       Options  are  the same as command line options without the '--' prefix,
784       use one option per line (with  corresponding  argument  if  applicable,
785       divided  by  whitespaces).  If  needed, the argument can be provided in
786       double quotes (this should be needed  only  if  the  argument  contains
787       whitespaces).  In  case this type of argument contains a literal double
788       quote as well, it can be escaped using the '\' sign. Usage of  commands
789       is disallowed and all other escape sequences are interpreted literally.
790
791       Example of configuration file to illustrate syntax:
792
793           $ cat ~/.criu/default.conf
794           tcp-established
795           work-dir "/home/USERNAME/criu/my \"work\" directory"
796           #this is a comment
797           no-restore-sibling   # this is another comment
798
799   Configuration files in RPC mode
800       Not  only  does  criu evaluate configuration files in CLI mode, it also
801       evaluates configuration files in RPC mode. Just as in CLI mode the con‐
802       figuration  file values are evaluated first. This means that any option
803       set via RPC will overwrite the configuration file setting. The user can
804       thus  change  criu's  default behavior but it is not possible to change
805       settings which are explicitly set by the RPC client.
806
807       The RPC client can, however, specify an additional  configuration  file
808       which  will  be  evaluated  after the RPC options (see above for option
809       evaluation order). The RPC client can specify this additional  configu‐
810       ration file via "req.opts.config_file = /path/to/file". The values from
811       this configuration file will overwrite  all  other  configuration  file
812       settings  or  RPC  options. This can lead to undesired behavior of criu
813       and should only be used carefully.
814

EXAMPLES

816       To checkpoint a program with pid of 1234 and write all image files into
817       directory checkpoint:
818
819               criu dump -D checkpoint -t 1234
820
821       To restore this program detaching criu itself:
822
823               criu restore -d -D checkpoint
824

AUTHOR

826       The CRIU team.
827
829       Copyright (C) 2011-2016, Parallels Holdings, Inc.
830
831
832
833criu 3.15                         11/04/2020                           CRIU(8)
Impressum