1CRIU(8) CRIU Manual CRIU(8)
2
6 criu - checkpoint/restore in userspace
7
9 criu command [option ...]
10
12 criu is a tool for checkpointing and restoring running applications. It
13 does this by saving their state as a collection of files (see the dump
14 command) and creating equivalent processes from those files (see the
15 restore command). The restore operation can be performed at a later
16 time, on a different system, or both.
17
19 Most of the long flags can be prefixed with no- to negate the option
20 (example: --display-stats and --no-display-stats).
21 Common options
23 Common options are applicable to any command.
24 -v[v...], --verbosity
26 Increase verbosity up from the default level. In case of short
27 option, multiple v can be used, each increasing verbosity by one.
28 -vnum, --verbosity=num
30 Set verbosity level to num. The higher the level, the more output
31 is produced.
32 The following levels are available:
34 · -v0 no output;
36 · -v1 only errors;
38 · -v2 above plus warnings (this is the default level);
40 · -v3 above plus information messages and timestamps;
42 · -v4 above plus lots of debug.
44 --config file
46 Pass a specific configuration file to criu.
47 --no-default-config
49 Disable parsing of default configuration files.
50 --pidfile file
52 Write root task, service or page-server pid into a file.
53 -o, --log-file file
55 Write logging messages to a file.
56 --display-stats
58 During dump, as well as during restore, criu collects some statis‐
59 tics, like the time required to dump or restore the process, or the
60 number of pages dumped or restored. This information is always
61 saved to the stats-dump and stats-restore files, and can be shown
62 using crit(1). The option --display-stats prints out this informa‐
63 tion on the console at the end of a dump or restore operation.
64 -D, --images-dir path
66 Use path as a base directory where to look for sets of image files.
67 --stream
69 dump/restore images using criu-image-streamer. See
70 https://github.com/checkpoint-restore/criu-image-streamer for
71 detailed usage.
72 --prev-images-dir path
74 Use path as a parent directory where to look for sets of image
75 files. This option makes sense in case of incremental dumps.
76 -W, --work-dir dir
78 Use directory dir for putting logs, pidfiles and statistics. If not
79 specified, path from -D option is taken.
80 --close fd
82 Close file descriptor fd before performing any actions.
83 -L, --libdir path
85 Path to plugins directory.
86 --enable-fs [fs[,fs...]]
88 Specify a comma-separated list of filesystem names that should be
89 auto-detected. The value all enables auto-detection for all
90 filesystems.
91 Note: This option is not safe, use at your own risk. Auto-detecting
93 a filesystem mount assumes that the mountpoint can be restored with
94 mount(src, mountpoint, flags, options). When used, dump is expected
95 to always succeed if a mountpoint is to be auto-detected, however
96 restore may fail (or do something wrong) if the assumption for
97 restore logic is incorrect. This option is not compatable with
98 --external dev.
99 --action-script script
101 Add an external action script to be executed at certain stages. The
102 environment variable CRTOOLS_SCRIPT_ACTION is available to the
103 script to find out which action is being executed, and its value
104 can be one of the following:
105 pre-dump
107 run prior to beginning a dump
108 post-dump
110 run upon dump completion
111 pre-restore
113 run prior to beginning a restore
114 post-restore
116 run upon restore completion
117 pre-resume
119 run when all processes and resources are restored but tasks are
120 stopped waiting for final kick to run. Must not fail.
121 post-resume
123 called at the very end, when everything is restored and pro‐
124 cesses were resumed
125 network-lock
127 run to lock network in a target network namespace
128 network-unlock
130 run to unlock network in a target network namespace
131 setup-namespaces
133 run once root task has just been created with required names‐
134 paces. Note it is an early stage of restore, when nothing is
135 restored yet, except for namespaces themselves
136 post-setup-namespaces
138 called after the namespaces are configured
139 orphan-pts-master
141 called after master pty is opened and unlocked. This hook can
142 be used only in the RPC mode, and the notification message con‐
143 tains a file descriptor for the master pty
144 -V, --version
146 Print program version and exit.
147 -h, --help
149 Print some help and exit.
150 pre-dump
152 Performs the pre-dump procedure, during which criu creates a snapshot
153 of memory changes since the previous pre-dump. Note that during this
154 criu also creates the fsnotify cache which speeds up the restore proce‐
155 dure. pre-dump requires at least -t option (see dump below). In addi‐
156 tion, page-server options may be specified.
157 --track-mem
159 Turn on memory changes tracker in the kernel. If the option is not
160 passed the memory tracker get turned on implicitly.
161 --pre-dump-mode=mode
163 There are two mode to operate pre-dump algorithm. The splice mode
164 is parasite based, whereas read mode is based on process_vm_readv
165 syscall. The read mode incurs reduced frozen time and reduced mem‐
166 ory pressure as compared to splice mode. Default is splice mode.
167 dump
169 Performs a checkpoint procedure.
170 -t, --tree pid
172 Checkpoint the whole process tree starting from pid.
173 -R, --leave-running
175 Leave tasks in running state after checkpoint, instead of killing.
176 This option is pretty dangerous and should be used only if you
177 understand what you are doing.
178 Note if task is about to run after been checkpointed, it can modify
180 TCP connections, delete files and do other dangerous actions.
181 Therefore, criu can not guarantee that the next restore action will
182 succeed. Most likely if this option is used, at least the file sys‐
183 tem snapshot must be made with the help of post-dump action script.
184 In other words, do not use it unless really needed.
186 -s, --leave-stopped
188 Leave tasks in stopped state after checkpoint, instead of killing.
189 --external type[id]:value
191 Dump an instance of an external resource. The generic syntax is
192 type of resource, followed by resource id (enclosed in literal
193 square brackets), and optional value (prepended by a literal
194 colon). The following resource types are currently supported: mnt,
195 dev, file, tty, unix. Syntax depends on type. Note to restore
196 external resources, either --external or --inherit-fd is used,
197 depending on resource type.
198 --external mnt[mountpoint]:name
200 Dump an external bind mount referenced by mountpoint, saving it to
201 image under the identifier name.
202 --external mnt[]:flags
204 Dump all external bind mounts, autodetecting those. Optional flags
205 can contain m to also dump external master mounts, s to also dump
206 external shared mounts (default behavior is to abort dumping if
207 such mounts are found). If flags are not provided, colon is
208 optional.
209 --external dev[major/minor]:name
211 Allow to dump a mount namespace having a real block device mounted.
212 A block device is identified by its major and minor numbers, and
213 criu saves its information to image under the identifier name.
214 --external file[mnt_id:inode]
216 Dump an external file, i.e. an opened file that is can not be
217 resolved from the current mount namespace, which can not be dumped
218 without using this option. The file is identified by mnt_id (a
219 field obtained from /proc/pid/fdinfo/N) and inode (as returned by
220 stat(2)).
221 --external tty[rdev:dev]
223 Dump an external TTY, identified by st_rdev and st_dev fields
224 returned by stat(2).
225 --external unix[id]
227 Tell criu that one end of a pair of UNIX sockets (created by sock‐
228 etpair(2)) with the given id is OK to be disconnected.
229 --external pid[inode]:name
231 Mark a PID namespace as external. This can be later used to restore
232 a process into an existing PID namespace. The label name can be
233 used to assign another PID namespace during restore with the help
234 of --inherit-fd.
235 --freeze-cgroup
237 Use cgroup freezer to collect processes.
238 --manage-cgroups
240 Collect cgroups into the image thus they gonna be restored then.
241 Without this option, criu will not save cgroups configuration asso‐
242 ciated with a task.
243 --cgroup-props spec
245 Specify controllers and their properties to be saved into the image
246 file. criu predefines specifications for common controllers, but
247 since the kernel can add new controllers and modify their proper‐
248 ties, there should be a way to specify ones matched the kernel.
249 spec argument describes the controller and properties specification
251 in a simplified YAML form:
252 "c1":
254 - "strategy": "merge"
255 - "properties": ["a", "b"]
256 "c2":
257 - "strategy": "replace"
258 - "properties": ["c", "d"]
259 where c1 and c2 are controllers names, and a, b, c, d are their
261 properties.
262 Note the format: double quotes, spaces and new lines are required.
264 The strategy specifies what to do if a controller specified already
265 exists as a built-in one: criu can either merge or replace such.
266 For example, the command line for the above example should look
268 like this:
269 --cgroup-props "\"c1\":\n - \"strategy\": \"merge\"\n - \"properties\": [\"a\", \"b\"]\n \"c2\":\n - \"strategy\": \"replace\"\n - \"properties\": [\"c\", \"d\"]"
271 --cgroup-props-file file
273 Same as --cgroup-props, except the specification is read from the
274 file.
275 --cgroup-dump-controller name
277 Dump a controller with name only, skipping anything else that was
278 discovered automatically (usually via /proc). This option is useful
279 when one needs criu to skip some controllers.
280 --cgroup-yard path
282 Instead of trying to mount cgroups in CRIU, provide a path to a
283 directory with already created cgroup yard. Useful if you don’t
284 want to grant CAP_SYS_ADMIN to CRIU. For every cgroup mount there
285 should be exactly one directory. If there is only one controller in
286 this mount, the dir’s name should be just the name of the con‐
287 troller. If there are multiple controllers comounted, the directory
288 name should have them be separated by a comma.
289 For example, if /proc/cgroups looks like this:
291 #subsys_name hierarchy num_cgroups enabled
293 cpu 1 1 1
294 devices 2 2 1
295 freezer 2 2 1
296 then you can create the cgroup yard by the following commands:
298 mkdir private_yard
300 cd private_yard
301 mkdir cpu
302 mount -t cgroup -o cpu none cpu
303 mkdir devices,freezer
304 mount -t cgroup -o devices,freezer none devices,freezer
305 --tcp-established
307 Checkpoint established TCP connections.
308 --tcp-close
310 Don’t dump the state of, or block, established tcp connections.
311 This is useful when tcp connections are not going to be restored.
312 --skip-in-flight
314 This option skips in-flight TCP connections. If any TCP connections
315 that are not yet completely established are found, criu ignores
316 these connections, rather than errors out. The TCP stack on the
317 client side is expected to handle the re-connect gracefully.
318 --evasive-devices
320 Use any path to a device file if the original one is inaccessible.
321 --page-server
323 Send pages to a page server (see the page-server command).
324 --force-irmap
326 Force resolving names for inotify and fsnotify watches.
327 --auto-dedup
329 Deduplicate "old" data in pages images of previous dump. This
330 option implies incremental dump mode (see the pre-dump command).
331 -l, --file-locks
333 Dump file locks. It is necessary to make sure that all file lock
334 users are taken into dump, so it is only safe to use this for
335 enclosed containers where locks are not held by any processes out‐
336 side of dumped process tree.
337 --link-remap
339 Allows to link unlinked files back, if possible (modifies filesys‐
340 tem during restore).
341 --ghost-limit size
343 Set the maximum size of deleted file to be carried inside image. By
344 default, up to 1M file is allowed. Using this option allows to not
345 put big deleted files inside images. Argument size may be postfixed
346 with a K, M or G, which stands for kilo-, mega, and gigabytes,
347 accordingly.
348 -j, --shell-job
350 Allow one to dump shell jobs. This implies the restored task will
351 inherit session and process group ID from the criu itself. This
352 option also allows to migrate a single external tty connection, to
353 migrate applications like top. If used with dump command, it must
354 be specified with restore as well.
355 --cpu-cap [cap[,cap...]]
357 Specify CPU capabilities to write to an image file. The argument is
358 a comma-separated list of:
359 · none to ignore capabilities at all; the image will not be pro‐
361 duced on dump, neither any check performed on restore;
362 · fpu to check if FPU module is compatible;
364 · ins to check if CPU supports all instructions required;
366 · cpu to check if CPU capabilities are exactly matching;
368 · all for all above set.
370 By default the option is set to fpu and ins.
372 --cgroup-root [controller:]/newroot
374 Change the root for the controller that will be dumped. By default,
375 criu simply dumps everything below where any of the tasks live.
376 However, if a container moves all of its tasks into a cgroup direc‐
377 tory below the container engine’s default directory for tasks, per‐
378 missions will not be preserved on the upper directories with no
379 tasks in them, which may cause problems.
380 --lazy-pages
382 Perform the dump procedure without writing memory pages into the
383 image files and prepare to service page requests over the network.
384 When dump runs in this mode it presumes that lazy-pages daemon will
385 connect to it and fetch memory pages to lazily inject them into the
386 restored process address space. This option is intended for
387 post-copy (lazy) migration and should be used in conjunction with
388 restore with appropriate options.
389 --file-validation [mode]
391 Set the method to be used to validate open files. Validation is
392 done to ensure that the version of the file being restored is the
393 same version when it was dumped.
394 The mode may be one of the following:
396 filesize
398 To explicitly use only the file size check all the time. This is
399 the fastest and least intensive check.
400 buildid
402 To validate ELF files with their build-ID. If the build-ID cannot
403 be obtained, chksm-first method will be used. This is the default
404 if mode is unspecified.
405 restore
407 Restores previously checkpointed processes.
408 --inherit-fd fd[N]:resource
410 Inherit a file descriptor. This option lets criu use an already
411 opened file descriptor N for restoring a file identified by
412 resource. This option can be used to restore an external resource
413 dumped with the help of --external file, tty, pid and unix options.
414 The resource argument can be one of the following:
416 · tty[rdev:dev]
418 · pipe[inode]
420 · socket[inode*]*
422 · file[mnt_id:inode]
424 · path/to/file
426 Note that square brackets used in this option arguments are liter‐
428 als and usually need to be escaped from shell.
429 -d, --restore-detached
431 Detach criu itself once restore is complete.
432 -s, --leave-stopped
434 Leave tasks in stopped state after restore (rather than resuming
435 their execution).
436 -S, --restore-sibling
438 Restore root task as a sibling (makes sense only with
439 --restore-detached).
440 --log-pid
442 Write separate logging files per each pid.
443 -r, --root path
445 Change the root filesystem to path (when run in a mount namespace).
446 This option is required to restore a mount namespace. The directory
447 path must be a mount point and its parent must not be overmounted.
448 --external type[id]:value
450 Restore an instance of an external resource. The generic syntax is
451 type of resource, followed by resource id (enclosed in literal
452 square brackets), and optional value (prepended by a literal
453 colon). The following resource types are currently supported: mnt,
454 dev, veth, macvlan. Syntax depends on type. Note to restore exter‐
455 nal resources dealing with opened file descriptors (such as dumped
456 with the help of --external file, tty, and unix options), option
457 --inherit-fd should be used.
458 --external mnt[name]:mountpoint
460 Restore an external bind mount referenced in the image by name,
461 bind-mounting it from the host mountpoint to a proper mount point.
462 --external mnt[]
464 Restore all external bind mounts (dumped with the help of --exter‐
465 nal mnt[] auto-detection).
466 --external dev[name]:/dev/path
468 Restore an external mount device, identified in the image by name,
469 using the existing block device /dev/path.
470 --external veth[inner_dev]:outer_dev@bridge
472 Set the outer VETH device name (corresponding to inner_dev being
473 restored) to outer_dev. If optional @bridge is specified, outer_dev
474 is added to that bridge. If the option is not used, outer_dev will
475 be autogenerated by the kernel.
476 --external macvlan[inner_dev]:outer_dev
478 When restoring an image that have a MacVLAN device in it, this
479 option must be used to specify to which outer_dev (an existing net‐
480 work device in CRIU namespace) the restored inner_dev should be
481 bound to.
482 --manage-cgroups [mode]
484 Restore cgroups configuration associated with a task from the
485 image. Controllers are always restored in an optimistic way — if
486 already present in system, criu reuses it, otherwise it will be
487 created.
488 The mode may be one of the following:
490 none
492 Do not restore cgroup properties but require cgroup to pre-exist at
493 the moment of restore procedure.
494 props
496 Restore cgroup properties and require cgroup to pre-exist.
497 soft
499 Restore cgroup properties if only cgroup has been created by criu,
500 otherwise do not restore properties. This is the default if mode is
501 unspecified.
502 full
504 Always restore all cgroups and their properties.
505 strict
507 Restore all cgroups and their properties from the scratch, requir‐
508 ing them to not present in the system.
509 ignore
511 Don’t deal with cgroups and pretend that they don’t exist.
512 --cgroup-yard path
514 Instead of trying to mount cgroups in CRIU, provide a path to a
515 directory with already created cgroup yard. For more informa‐
516 tion look in the dump section.
517 --cgroup-root [controller:]/newroot
519 Change the root cgroup the controller will be installed into.
520 No controller means that root is the default for all con‐
521 trollers not specified.
522 --tcp-established
524 Restore previously dumped established TCP connections. This
525 implies that the network has been locked between dump and
526 restore phases so other side of a connection simply notice a
527 kind of lag.
528 --tcp-close
530 Restore connected TCP sockets in closed state.
531 --veth-pair IN=OUT
533 Correspondence between outside and inside names of veth
534 devices.
535 -l, --file-locks
537 Restore file locks from the image.
538 --lsm-profile type:name
540 Specify an LSM profile to be used during restore. The type can
541 be either apparmor or selinux.
542 --auto-dedup
544 As soon as a page is restored it get punched out from image.
545 -j, --shell-job
547 Restore shell jobs, in other words inherit session and process
548 group ID from the criu itself.
549 --cpu-cap [cap[,cap...]]
551 Specify CPU capabilities to be present on the CPU the process
552 is restoring. To inverse a capability, prefix it with ^. This
553 option implies that --cpu-cap has been passed on dump as well,
554 except fpu option case. The cap argument can be the following
555 (or a set of comma-separated values):
556 all
558 Require all capabilities. This is default mode if --cpu-cap is
559 passed without arguments. Most safe mode.
560 cpu
562 Require the CPU to have all capabilities in image to match runtime
563 CPU.
564 fpu
566 Require the CPU to have compatible FPU. For example the process
567 might be dumped with xsave capability but attempted to restore
568 without it present on target CPU. In such case we refuse to pro‐
569 ceed. This is default mode if --cpu-cap is not present in command
570 line. Note this argument might be passed even if on the dump no
571 --cpu-cap have been specified because FPU frames are always encoded
572 into images.
573 ins
575 Require CPU compatibility on instructions level.
576 none
578 Ignore capabilities. Most dangerous mode. The behaviour is imple‐
579 mentation dependent. Try to not use it until really required.
580 For example, this option can be used in case --cpu-cap=cpu was used
582 during dump, and images are migrated to a less capable CPU and are
583 to be restored. By default, criu shows an error that CPU capabili‐
584 ties are not adequate, but this can be suppressed by using
585 --cpu-cap=none.
586 --weak-sysctls
588 Silently skip restoring sysctls that are not available. This
589 allows to restore on an older kernel, or a kernel configured
590 without some options.
591 --lazy-pages
593 Restore the processes without filling out the entire memory
594 contents. When this option is used, restore sets up the infra‐
595 structure required to fill memory pages either on demand when
596 the process accesses them or in the background without stopping
597 the restored process. This option requires running lazy-pages
598 daemon.
599 --file-validation [mode]
601 Set the method to be used to validate open files. Validation is
602 done to ensure that the version of the file being restored is
603 the same version when it was dumped.
604 The mode may be one of the following:
606 filesize
608 To explicitly use only the file size check all the time. This is
609 the fastest and least intensive check.
610 buildid
612 To validate ELF files with their build-ID. If the build-ID cannot
613 be obtained, chksm-first method will be used. This is the default
614 if mode is unspecified.
615 check
617 Checks whether the kernel supports the features needed by criu to dump
618 and restore a process tree.
619 There are three categories of kernel support, as described below. criu
621 check always checks Category 1 features unless --feature is specified
622 which only checks a specified feature.
623 Category 1
625 Absolutely required. These are features like support for
626 /proc/PID/map_files, NETLINK_SOCK_DIAG socket monitoring,
627 /proc/sys/kernel/ns_last_pid etc.
628 Category 2
630 Required only for specific cases. These are features like AIO
631 remap, /dev/net/tun and others that are only required if a process
632 being dumped or restored is using those.
633 Category 3
635 Experimental. These are features like task-diag that are used for
636 experimental purposes (mostly during development).
637 If there are no errors or warnings, criu prints "Looks good." and its
639 exit code is 0.
640 A missing Category 1 feature causes criu to print "Does not look good."
642 and its exit code is non-zero.
643 Missing Category 2 and 3 features cause criu to print "Looks good but
645 ..." and its exit code is be non-zero.
646 Without any options, criu check checks Category 1 features. This behav‐
648 ior can be changed by using the following options:
649 --extra
651 Check kernel support for Category 2 features.
652 --experimental
654 Check kernel support for Category 3 features.
655 --all
657 Check kernel support for Category 1, 2, and 3 features.
658 --feature name
660 Check a specific feature. If name is list, a list of valid kernel
661 feature names that can be checked will be printed.
662 page-server
664 Launches criu in page server mode.
665 --daemon
667 Runs page server as a daemon (background process).
668 --status-fd
670 Write \0 to the FD and close it once page-server is ready to handle
671 requests. The status-fd allows to not daemonize a process and get
672 its exit code at the end. It isn’t supposed to use --daemon and
673 --status-fd together.
674 --address address
676 Page server IP address or hostname.
677 --port number
679 Page server port number.
680 --ps-socket fd
682 Use provided file descriptor as socket for incoming connection. In
683 this case --address and --port are ignored. Useful for intercepting
684 page-server traffic e.g. to add encryption or authentication.
685 --lazy-pages
687 Serve local memory dump to a remote lazy-pages daemon. In this mode
688 the page-server reads local memory dump and allows the remote
689 lazy-pages daemon to request memory pages in random order.
690 --tls-cacert file
692 Specifies the path to a trusted Certificate Authority (CA) certifi‐
693 cate file to be used for verification of a client or server cer‐
694 tificate. The file must be in PEM format. When this option is used
695 only the specified CA is used for verification. Otherwise, the sys‐
696 tem’s trusted CAs and, if present, /etc/pki/CA/cacert.pem will be
697 used.
698 --tls-cacrl file
700 Specifies a path to a Certificate Revocation List (CRL) file which
701 contains a list of revoked certificates that should no longer be
702 trusted. The file must be in PEM format. When this option is not
703 specified, the file, if present, /etc/pki/CA/cacrl.pem will be
704 used.
705 --tls-cert file
707 Specifies a path to a file that contains a X.509 certificate to
708 present to the remote entity. The file must be in PEM format. When
709 this option is not specified, the default location
710 (/etc/pki/criu/cert.pem) will be used.
711 --tls-key file
713 Specifies a path to a file that contains TLS private key. The file
714 must be in PEM format. When this option is not the default location
715 (/etc/pki/criu/private/key.pem) will be used.
716 --tls
718 Use TLS to secure remote connections.
719 lazy-pages
721 Launches criu in lazy-pages daemon mode.
722 The lazy-pages daemon is responsible for managing user-level demand
724 paging for the restored processes. It gets information required to fill
725 the process memory pages from the restore and from the checkpoint
726 directory. When a restored process access certain memory page for the
727 first time, the lazy-pages daemon injects its contents into the process
728 address space. The memory pages that are not yet requested by the
729 restored processes are injected in the background.
730 exec
732 Executes a system call inside a destination task's context. This func‐
733 tionality is deprecated; please use Compel instead.
734 service
736 Launches criu in RPC daemon mode, where criu is listening for RPC com‐
737 mands over socket to perform. This is convenient for a case where dae‐
738 mon itself is running in a privileged (superuser) mode but clients are
739 not.
740 dedup
742 Starts pagemap data deduplication procedure, where criu scans over all
743 pagemap files and tries to minimize the number of pagemap entries by
744 obtaining the references from a parent pagemap image.
745 cpuinfo dump
747 Fetches current CPU features and write them into an image file.
748 cpuinfo check
750 Fetches current CPU features (i.e. CPU the criu is running on) and test
751 if they are compatible with the ones present in an image file.
752
754 Criu supports usage of configuration files to avoid the need of writing
755 every option on command line, which is useful especially with repeated
756 usage of same options. A specific configuration file can be passed with
757 the "--config file" option. If no file is passed, the default configu‐
758 ration files /etc/criu/default.conf and $HOME/.criu/default.conf are
759 parsed (if present on the system). If the environment variable
760 CRIU_CONFIG_FILE is set, it will also be parsed.
761 The options passed to CRIU via CLI, RPC or configuration file are eval‐
763 uated in the following order:
764 · apply_config(/etc/criu/default.conf)
766 · apply_config($HOME/.criu/default.conf)
768 · apply_config(CRIU_CONFIG_FILE)
770 · apply_config(--config file)
772 · apply_config(CLI) or apply_config(RPC)
774 · apply_config(RPC configuration file) (only for RPC mode)
776 Default configuration file parsing can be deactivated with
778 "--no-default-config" if needed. Parsed configuration files are merged
779 with command line options, which allows overriding boolean options.
780 Configuration file syntax
782 Comments are supported using '#' sign. The rest of the line is ignored.
783 Options are the same as command line options without the '--' prefix,
784 use one option per line (with corresponding argument if applicable,
785 divided by whitespaces). If needed, the argument can be provided in
786 double quotes (this should be needed only if the argument contains
787 whitespaces). In case this type of argument contains a literal double
788 quote as well, it can be escaped using the '\' sign. Usage of commands
789 is disallowed and all other escape sequences are interpreted literally.
790 Example of configuration file to illustrate syntax:
792 $ cat ~/.criu/default.conf
794 tcp-established
795 work-dir "/home/USERNAME/criu/my \"work\" directory"
796 #this is a comment
797 no-restore-sibling # this is another comment
798 Configuration files in RPC mode
800 Not only does criu evaluate configuration files in CLI mode, it also
801 evaluates configuration files in RPC mode. Just as in CLI mode the con‐
802 figuration file values are evaluated first. This means that any option
803 set via RPC will overwrite the configuration file setting. The user can
804 thus change criu's default behavior but it is not possible to change
805 settings which are explicitly set by the RPC client.
806 The RPC client can, however, specify an additional configuration file
808 which will be evaluated after the RPC options (see above for option
809 evaluation order). The RPC client can specify this additional configu‐
810 ration file via "req.opts.config_file = /path/to/file". The values from
811 this configuration file will overwrite all other configuration file
812 settings or RPC options. This can lead to undesired behavior of criu
813 and should only be used carefully.
814
816 To checkpoint a program with pid of 1234 and write all image files into
817 directory checkpoint:
818 criu dump -D checkpoint -t 1234
820 To restore this program detaching criu itself:
822 criu restore -d -D checkpoint
824
826 The CRIU team.
827
829 Copyright (C) 2011-2016, Parallels Holdings, Inc.
830criu 3.15 11/04/2020 CRIU(8)