diff --git a/.criu.metadata b/.criu.metadata
index b909fca..a7d72a4 100644
--- a/.criu.metadata
+++ b/.criu.metadata
@@ -1 +1 @@
-975b007ef8824c5a266af58085fca4f9266cd28d SOURCES/criu-2.3.tar.bz2
+daec5be3c57e7539137601bfad5026dc1a302754 SOURCES/criu-2.12.tar.bz2
diff --git a/.gitignore b/.gitignore
index 054b213..bc9f047 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/criu-2.3.tar.bz2
+SOURCES/criu-2.12.tar.bz2
diff --git a/SOURCES/0001-kerndat-Detect-if-we-have-guard-page-mangle-in-procf.patch b/SOURCES/0001-kerndat-Detect-if-we-have-guard-page-mangle-in-procf.patch
new file mode 100644
index 0000000..09ebdb7
--- /dev/null
+++ b/SOURCES/0001-kerndat-Detect-if-we-have-guard-page-mangle-in-procf.patch
@@ -0,0 +1,127 @@
+From 8a4a164f3e33be9b2d28d54fe430e92f40626054 Mon Sep 17 00:00:00 2001
+From: Cyrill Gorcunov <gorcunov@openvz.org>
+Date: Mon, 26 Jun 2017 23:55:28 +0300
+Subject: [PATCH 1/2] kerndat: Detect if we have guard page mangle in procfs
+ output
+
+In vanilla kernel commit 1be7107fbe18eed3e319a6c3e83c78254b693acb
+show_map_vma() no longer report PAGE_SIZE. Detect it with
+simple test and remember in kdat settings.
+
+Suggested-by: Oleg Nesterov <oleg@redhat.com>
+Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
+Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
+---
+ criu/include/kerndat.h | 1 +
+ criu/kerndat.c | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 77 insertions(+)
+
+diff --git a/criu/include/kerndat.h b/criu/include/kerndat.h
+index ba8c10da7..891cbdd41 100644
+--- a/criu/include/kerndat.h
++++ b/criu/include/kerndat.h
+@@ -44,6 +44,7 @@ struct kerndat_s {
+ unsigned int has_xtlocks;
+ unsigned long mmap_min_addr;
+ bool has_tcp_half_closed;
++ bool stack_guard_gap_hidden;
+ };
+
+ extern struct kerndat_s kdat;
+diff --git a/criu/kerndat.c b/criu/kerndat.c
+index 354fb672b..80ec58bcf 100644
+--- a/criu/kerndat.c
++++ b/criu/kerndat.c
+@@ -563,6 +563,80 @@ int kerndat_tcp_repair(void)
+ return exit_code;
+ }
+
++static int kerndat_detect_stack_guard_gap(void)
++{
++ int num, ret = -1, detected = 0;
++ unsigned long start, end;
++ char r, w, x, s;
++ char buf[1024];
++ FILE *maps;
++ void *mem;
++
++ mem = mmap(NULL, (3ul << 20), PROT_READ | PROT_WRITE,
++ MAP_PRIVATE | MAP_ANONYMOUS | MAP_GROWSDOWN, -1, 0);
++ if (mem == MAP_FAILED) {
++ pr_perror("Can't mmap stack area");
++ return -1;
++ }
++ munmap(mem, (3ul << 20));
++
++ mem = mmap(mem + (2ul << 20), (1ul << 20), PROT_READ | PROT_WRITE,
++ MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED | MAP_GROWSDOWN, -1, 0);
++ if (mem == MAP_FAILED) {
++ pr_perror("Can't mmap stack area");
++ return -1;
++ }
++
++ maps = fopen("/proc/self/maps", "r");
++ if (maps == NULL) {
++ munmap(mem, 4096);
++ return -1;
++ }
++
++ while (fgets(buf, sizeof(buf), maps)) {
++ num = sscanf(buf, "%lx-%lx %c%c%c%c",
++ &start, &end, &r, &w, &x, &s);
++ if (num < 6) {
++ pr_err("Can't parse: %s\n", buf);
++ goto err;
++ }
++
++ /*
++ * When reading /proc/$pid/[s]maps the
++ * start/end addresses migh be cutted off
++ * with PAGE_SIZE on kernels prior 4.12
++ * (see kernel commit 1be7107fbe18ee).
++ *
++ * Same time there was semi-complete
++ * patch released which hitted a number
++ * of repos (Ubuntu, Fedora) where instead
++ * of PAGE_SIZE the 1M gap is cutted off.
++ */
++ if (start == (unsigned long)mem) {
++ kdat.stack_guard_gap_hidden = false;
++ detected = 1;
++ break;
++ } else if (start == ((unsigned long)mem + (1ul << 20))) {
++ pr_warn("Unsupported stack guard detected, confused but continue\n");
++ kdat.stack_guard_gap_hidden = true;
++ detected = 1;
++ break;
++ } else if (start == ((unsigned long)mem + PAGE_SIZE)) {
++ kdat.stack_guard_gap_hidden = true;
++ detected = 1;
++ break;
++ }
++ }
++
++ if (detected)
++ ret = 0;
++
++err:
++ munmap(mem, (1ul << 20));
++ fclose(maps);
++ return ret;
++}
++
+ int kerndat_init(void)
+ {
+ int ret;
+@@ -676,6 +750,8 @@ int kerndat_init(void)
+ ret = kerndat_iptables_has_xtlocks();
+ if (!ret)
+ ret = kerndat_tcp_repair();
++ if (!ret)
++ ret = kerndat_detect_stack_guard_gap();
+
+ kerndat_lsm();
+ kerndat_mmap_min_addr();
+--
+2.13.0
+
diff --git a/SOURCES/0002-mem-Don-t-assume-guard-page-is-returned-in-procfs-wi.patch b/SOURCES/0002-mem-Don-t-assume-guard-page-is-returned-in-procfs-wi.patch
new file mode 100644
index 0000000..09cc160
--- /dev/null
+++ b/SOURCES/0002-mem-Don-t-assume-guard-page-is-returned-in-procfs-wi.patch
@@ -0,0 +1,115 @@
+From be37925cff8aaf43f14866bd0a60dca6068a8d97 Mon Sep 17 00:00:00 2001
+From: Cyrill Gorcunov <gorcunov@openvz.org>
+Date: Mon, 26 Jun 2017 23:55:29 +0300
+Subject: [PATCH 2/2] mem: Don't assume guard page is returned in procfs with
+ new kernels
+
+If the guard page is not reported in show_map_vma we should
+not ajust vma address neither we should call unmap_guard_pages
+in restorer.
+
+https://github.com/xemul/criu/issues/322
+
+Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
+Signed-off-by: Andrei Vagin <avagin@virtuozzo.com>
+---
+ criu/include/mem.h | 2 ++
+ criu/mem.c | 19 ++++++++++++++-----
+ criu/proc_parse.c | 3 ++-
+ 3 files changed, 18 insertions(+), 6 deletions(-)
+
+diff --git a/criu/include/mem.h b/criu/include/mem.h
+index 2fae797c6..2fc8e1e0e 100644
+--- a/criu/include/mem.h
++++ b/criu/include/mem.h
+@@ -9,11 +9,13 @@ struct parasite_ctl;
+ struct vm_area_list;
+ struct page_pipe;
+ struct pstree_item;
++struct vma_area;
+
+ struct mem_dump_ctl {
+ bool pre_dump;
+ };
+
++extern bool vma_has_guard_gap_hidden(struct vma_area *vma);
+ extern bool page_in_parent(bool dirty);
+ extern int prepare_mm_pid(struct pstree_item *i);
+ extern int do_task_reset_dirty_track(int pid);
+diff --git a/criu/mem.c b/criu/mem.c
+index 2c4323d8c..cd41829b2 100644
+--- a/criu/mem.c
++++ b/criu/mem.c
+@@ -499,7 +499,7 @@ int prepare_mm_pid(struct pstree_item *i)
+
+ if (vma_area_is_private(vma, kdat.task_size)) {
+ ri->vmas.priv_size += vma_area_len(vma);
+- if (vma->e->flags & MAP_GROWSDOWN)
++ if (vma_has_guard_gap_hidden(vma))
+ ri->vmas.priv_size += PAGE_SIZE;
+ }
+
+@@ -634,7 +634,7 @@ static int premap_private_vma(struct pstree_item *t, struct vma_area *vma, void
+ * A grow-down VMA has a guard page, which protect a VMA below it.
+ * So one more page is mapped here to restore content of the first page
+ */
+- if (vma->e->flags & MAP_GROWSDOWN) {
++ if (vma_has_guard_gap_hidden(vma)) {
+ vma->e->start -= PAGE_SIZE;
+ if (paddr)
+ paddr -= PAGE_SIZE;
+@@ -702,7 +702,7 @@ static int premap_private_vma(struct pstree_item *t, struct vma_area *vma, void
+ pr_debug("\tpremap %#016"PRIx64"-%#016"PRIx64" -> %016lx\n",
+ vma->e->start, vma->e->end, (unsigned long)addr);
+
+- if (vma->e->flags & MAP_GROWSDOWN) { /* Skip gurad page */
++ if (vma_has_guard_gap_hidden(vma)) { /* Skip gurad page */
+ vma->e->start += PAGE_SIZE;
+ vma->premmaped_addr += PAGE_SIZE;
+ }
+@@ -1046,6 +1047,11 @@ out:
+ return ret;
+ }
+
++bool vma_has_guard_gap_hidden(struct vma_area *vma)
++{
++ return kdat.stack_guard_gap_hidden && (vma->e->flags & MAP_GROWSDOWN);
++}
++
+ /*
+ * A gard page must be unmapped after restoring content and
+ * forking children to restore COW memory.
+@@ -1055,6 +1061,9 @@ int unmap_guard_pages(struct pstree_item *t)
+ struct vma_area *vma;
+ struct list_head *vmas = &rsti(t)->vmas.h;
+
++ if (!kdat.stack_guard_gap_hidden)
++ return 0;
++
+ list_for_each_entry(vma, vmas, list) {
+ if (!vma_area_is_private(vma, kdat.task_size))
+ continue;
+diff --git a/criu/proc_parse.c b/criu/proc_parse.c
+index f1237cf9f..5e36db540 100644
+--- a/criu/proc_parse.c
++++ b/criu/proc_parse.c
+@@ -25,6 +25,7 @@
+ #include "kerndat.h"
+ #include "vdso.h"
+ #include "vma.h"
++#include "mem.h"
+ #include "bfd.h"
+ #include "proc_parse.h"
+ #include "fdinfo.h"
+@@ -637,7 +638,7 @@ static int vma_list_add(struct vma_area *vma_area,
+ }
+
+ /* Add a guard page only if here is enough space for it */
+- if ((vma_area->e->flags & MAP_GROWSDOWN) &&
++ if (vma_has_guard_gap_hidden(vma_area) &&
+ *prev_end < vma_area->e->start)
+ vma_area->e->start -= PAGE_SIZE; /* Guard page */
+ *prev_end = vma_area->e->end;
+--
+2.13.0
+
diff --git a/SOURCES/2fdef836a59938b169ca3c8f2c813b35258f1ed5.patch b/SOURCES/2fdef836a59938b169ca3c8f2c813b35258f1ed5.patch
deleted file mode 100644
index 12abaa8..0000000
--- a/SOURCES/2fdef836a59938b169ca3c8f2c813b35258f1ed5.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-From 2fdef836a59938b169ca3c8f2c813b35258f1ed5 Mon Sep 17 00:00:00 2001
-From: Adrian Reber <areber@redhat.com>
-Date: Tue, 14 Jun 2016 10:13:00 +0300
-Subject: [PATCH] criu: add an option to skip in-flight connections
-
-Trying to migrate containers with tomcat and running ab as a test client
-(ab -n 1000000 -c 20 http://url/to/test) criu sometimes exited with an
-error if in-flight connections were detected. Criu can handle sockets
-listening and with established connection. In-flight connections can
-happen on sockets which do not yet have a full established connection
-(SYN, SYN-ACK, and the last ACK is missing).
-
-This adds a new option to criu:
-
- --skip-in-flight this option skips in-flight TCP connections.
- if TCP connections are found which are not yet completely
- established, criu will ignore these connections in favor
- of erroring out.
-
-With this option criu will skip sockets in this state and let's the client
-handle the re-connection.
-
-Signed-off-by: Adrian Reber <areber@redhat.com>
-Acked-by: Andrew Vagin <avagin@virtuozzo.com>
-Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
----
- criu/crtools.c | 9 +++++++++
- criu/include/cr_options.h | 1 +
- criu/include/sk-inet.h | 1 +
- criu/sk-inet.c | 7 +++++++
- 4 files changed, 18 insertions(+)
-
-diff --git a/criu/crtools.c b/criu/crtools.c
-index b527374..e7da5c7 100644
---- a/criu/crtools.c
-+++ b/criu/crtools.c
-@@ -279,6 +279,7 @@ int main(int argc, char *argv[], char *envp[])
- { "extra", no_argument, 0, 1077 },
- { "experimental", no_argument, 0, 1078 },
- { "all", no_argument, 0, 1079 },
-+ { SK_INFLIGHT_PARAM, no_argument, 0, 1083 },
- { },
- };
-
-@@ -583,6 +584,10 @@ int main(int argc, char *argv[], char *envp[])
- opts.check_extra_features = true;
- opts.check_experimental_features = true;
- break;
-+ case 1083:
-+ pr_msg("Will skip in-flight TCP connections\n");
-+ opts.tcp_skip_in_flight = true;
-+ break;
- case 'V':
- pr_msg("Version: %s\n", CRIU_VERSION);
- if (strcmp(CRIU_GITID, "0"))
-@@ -791,6 +796,10 @@ int main(int argc, char *argv[], char *envp[])
- "* Special resources support:\n"
- " -x|--" USK_EXT_PARAM "inode,.." " allow external unix connections (optionally can be assign socket's inode that allows one-sided dump)\n"
- " --" SK_EST_PARAM " checkpoint/restore established TCP connections\n"
-+" --" SK_INFLIGHT_PARAM " this option skips in-flight TCP connections.\n"
-+" if TCP connections are found which are not yet completely\n"
-+" established, criu will ignore these connections in favor\n"
-+" of erroring out.\n"
- " -r|--root PATH change the root filesystem (when run in mount namespace)\n"
- " --evasive-devices use any path to a device file if the original one\n"
- " is inaccessible\n"
-diff --git a/criu/include/cr_options.h b/criu/include/cr_options.h
-index 32c9d4f..bf9feee 100644
---- a/criu/include/cr_options.h
-+++ b/criu/include/cr_options.h
-@@ -109,6 +109,7 @@ struct cr_options {
- char *lsm_profile;
- unsigned int timeout;
- unsigned int empty_ns;
-+ bool tcp_skip_in_flight;
- };
-
- extern struct cr_options opts;
-diff --git a/criu/include/sk-inet.h b/criu/include/sk-inet.h
-index 4707a6e..9d2bda6 100644
---- a/criu/include/sk-inet.h
-+++ b/criu/include/sk-inet.h
-@@ -72,6 +72,7 @@ extern int dump_one_tcp(int sk, struct inet_sk_desc *sd);
- extern int restore_one_tcp(int sk, struct inet_sk_info *si);
-
- #define SK_EST_PARAM "tcp-established"
-+#define SK_INFLIGHT_PARAM "skip-in-flight"
-
- extern int check_tcp(void);
- extern mutex_t *inet_get_reuseaddr_lock(struct inet_sk_info *ii);
-diff --git a/criu/sk-inet.c b/criu/sk-inet.c
-index 20c6535..dfcfae6 100644
---- a/criu/sk-inet.c
-+++ b/criu/sk-inet.c
-@@ -144,6 +144,11 @@ static int can_dump_inet_sk(const struct inet_sk_desc *sk)
- switch (sk->state) {
- case TCP_LISTEN:
- if (sk->rqlen != 0) {
-+ if (opts.tcp_skip_in_flight) {
-+ pr_info("Skipping in-flight connection (l) for %x\n",
-+ sk->sd.ino);
-+ break;
-+ }
- /*
- * Currently the ICONS nla reports the conn
- * requests for listen sockets. Need to pick
-@@ -151,6 +156,8 @@ static int can_dump_inet_sk(const struct inet_sk_desc *sk)
- */
- pr_err("In-flight connection (l) for %x\n",
- sk->sd.ino);
-+ pr_err("In-flight connections can be ignored with the"
-+ "--%s option.\n", SK_INFLIGHT_PARAM);
- return 0;
- }
- break;
diff --git a/SOURCES/crit.1 b/SOURCES/crit.1
new file mode 100644
index 0000000..4ec17ac
--- /dev/null
+++ b/SOURCES/crit.1
@@ -0,0 +1,235 @@
+'\" t
+.\" Title: crit
+.\" Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 03/09/2017
+.\" Manual: CRIU Manual
+.\" Source: criu 2.12
+.\" Language: English
+.\"
+.TH "CRIT" "1" "03/09/2017" "criu 2\&.12" "CRIU Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/EB - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+crit \- CRiu Image Tool
+.SH "Synopsis"
+.sp
+\fBcrit\fR \fIdecode\fR [\-h] [\-i IN] [\-o OUT] [\-\-pretty]
+.sp
+\fBcrit\fR \fIencode\fR [\-h] [\-i IN] [\-o OUT]
+.sp
+\fBcrit\fR \fIinfo\fR [\-h] in
+.sp
+\fBcrit\fR \fIx\fR [\-h] dir {ps,fds,mems}
+.sp
+\fBcrit\fR \fIshow\fR [\-h] in
+.SH "DESCRIPTION"
+.sp
+\fBcrit\fR is a feature\-rich replacement for existing \fBcriu\fR show\&.
+.SH "ARGUMENTS"
+.SS "Positional Arguments"
+.PP
+\fBdecode\fR
+.RS 4
+convert
+\fBcriu\fR
+image from binary type JSON
+.RE
+.PP
+\fBencode\fR
+.RS 4
+convert
+\fBcriu\fR
+image from JSON type to binary
+.RE
+.PP
+\fBinfo\fR
+.RS 4
+show info about image
+.RE
+.PP
+\fBx\fR
+.RS 4
+explore image directory
+.RE
+.PP
+\fBshow\fR
+.RS 4
+convert
+\fBcriu\fR
+image from binary to human\-readable JSON
+.RE
+.SS "Optional Arguments"
+.PP
+\fB\-h\fR, \fB\-\-help\fR
+.RS 4
+Print some help and exit
+.RE
+.SH "SEE ALSO"
+.sp
+criu(8)
+.SH "AUTHOR"
+.sp
+The CRIU team
diff --git a/SOURCES/criu.8 b/SOURCES/criu.8
index e621b62..5456233 100644
--- a/SOURCES/criu.8
+++ b/SOURCES/criu.8
@@ -1,13 +1,13 @@
'\" t
.\" Title: criu
.\" Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 06/14/2016
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 03/09/2017
.\" Manual: CRIU Manual
-.\" Source: criu 2.3
+.\" Source: criu 2.12
.\" Language: English
.\"
-.TH "CRIU" "8" "06/14/2016" "criu 2\&.3" "CRIU Manual"
+.TH "CRIU" "8" "03/09/2017" "criu 2\&.12" "CRIU Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -18,36 +18,184 @@
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/EB - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
-.SH "NAME"
+.SH "Name"
criu \- checkpoint/restore in userspace
-.SH "SYNOPSIS"
+.SH "Synopsis"
.sp
-\fBcriu\fR \fI<command>\fR [\fIoptions\fR]
+\fBcriu\fR \fIcommand\fR [\fIoption\fR \&...]
.SH "DESCRIPTION"
.sp
-\fBcriu\fR is a tool for checkpointing and restoring running applications\&. It does this by saving their state as a collection of files (see the \fIdump\fR command) and creating equivalent processes from those files (see the \fIrestore\fR command)\&. The restore operation can be performed at a later time, on a different system, or both\&.
+\fBcriu\fR is a tool for checkpointing and restoring running applications\&. It does this by saving their state as a collection of files (see the \fBdump\fR command) and creating equivalent processes from those files (see the \fBrestore\fR command)\&. The restore operation can be performed at a later time, on a different system, or both\&.
.SH "OPTIONS"
-.sp
-The options are depending on the \fI<command>\fR \fBcriu\fR run with\&.
.SS "Common options"
.sp
-Common options are applied to any \fI<command>\fR\&.
+Common options are applicable to any \fIcommand\fR\&.
.PP
-\fB\-v\fR[\fI<num>\fR|\fBv\fR\&...]
+\fB\-v\fR[\fBv\fR\&...]
.RS 4
-Set logging level to
-\fI<num>\fR\&. The higer the level, the more output is produced\&. Either numeric values or multiple
+Increase verbosity up from the default level\&. Multiple
\fBv\fR
-can be used\&.
+can be used, each increasing verbosity by one level\&.
+.RE
+.PP
+\fB\-v\fR\fInum\fR
+.RS 4
+Set verbosity level to
+\fInum\fR\&. The higher the level, the more output is produced\&.
The following levels are available:
.sp
@@ -59,9 +207,20 @@ The following levels are available:
.sp -1
.IP \(bu 2.3
.\}
-\fB\-v1\fR,
-\fB\-v\fR
-only messages and errors;
+\fB\-v0\fR
+no output;
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+\fB\-v1\fR
+only errors;
.RE
.sp
.RS 4
@@ -72,9 +231,8 @@ only messages and errors;
.sp -1
.IP \(bu 2.3
.\}
-\fB\-v2\fR,
-\fB\-vv\fR
-also warnings (default level);
+\fB\-v2\fR
+above plus warnings (this is the default level);
.RE
.sp
.RS 4
@@ -85,9 +243,8 @@ also warnings (default level);
.sp -1
.IP \(bu 2.3
.\}
-\fB\-v3\fR,
-\fB\-vvv\fR
-also information messages and timestamps;
+\fB\-v3\fR
+above plus information messages and timestamps;
.RE
.sp
.RS 4
@@ -98,22 +255,21 @@ also information messages and timestamps;
.sp -1
.IP \(bu 2.3
.\}
-\fB\-v4\fR,
-\fB\-vvvv\fR
-lots of debug\&.
+\fB\-v4\fR
+above plus lots of debug\&.
.RE
.RE
.PP
-\fB\-\-pidfile\fR \fI<file>\fR
+\fB\-\-pidfile\fR \fIfile\fR
.RS 4
Write root task, service or page\-server pid into a
-\fI<file>\fR\&.
+\fIfile\fR\&.
.RE
.PP
-\fB\-o\fR, \fB\-\-log\-file\fR \fI<file>\fR
+\fB\-o\fR, \fB\-\-log\-file\fR \fIfile\fR
.RS 4
Write logging messages to
-\fI<file>\fR\&.
+\fIfile\fR\&.
.RE
.PP
\fB\-\-log\-pid\fR
@@ -121,137 +277,107 @@ Write logging messages to
Write separate logging files per each pid\&.
.RE
.PP
-\fB\-D\fR, \fB\-\-images\-dir\fR \fI<path>\fR
+\fB\-\-display\-stats\fR
+.RS 4
+During dump as well as during restore
+\fBcriu\fR
+collects information like the time required to dump or restore the process or the number of pages dumped or restored\&. This information is always written to the files
+\fIstats\-dump\fR
+and
+\fIstats\-restore\fR
+and can be easily displayed using
+\fBcrit\fR\&. The option
+\fB\-\-display\-stats\fR
+additionally prints out this information on the console at the end of a dump or a restore\&.
+.RE
+.PP
+\fB\-D\fR, \fB\-\-images\-dir\fR \fIpath\fR
.RS 4
-Use path
-\fI<path>\fR
-as a base directory where to look for dump files set\&.
+Use
+\fIpath\fR
+as a base directory where to look for sets of image files\&.
.RE
.PP
-\fB\-\-prev\-images\-dir\fR \fI<path>\fR
+\fB\-\-prev\-images\-dir\fR \fIpath\fR
.RS 4
-Use path
-\fI<path>\fR
-as a parent directory where to look for dump files set\&. This make sence in case of increment dumps\&.
+Use
+\fIpath\fR
+as a parent directory where to look for sets of image files\&. This option makes sense in case of incremental dumps\&.
.RE
.PP
-\fB\-W\fR, \fB\-\-work\-dir\fR \fI<dir>\fR
+\fB\-W\fR, \fB\-\-work\-dir\fR \fIdir\fR
.RS 4
Use directory
-\fI<dir>\fR
+\fIdir\fR
for putting logs, pidfiles and statistics\&. If not specified,
-\fI<path>\fR
+\fIpath\fR
from
\fB\-D\fR
option is taken\&.
.RE
.PP
-\fB\-\-close\fR \fI<fd>\fR
+\fB\-\-close\fR \fIfd\fR
.RS 4
-Close file with descriptor
-\fI<fd>\fR
-before any actions\&.
+Close file descriptor
+\fIfd\fR
+before performing any actions\&.
.RE
.PP
-\fB\-L\fR, \fB\-\-libdir\fR \fI<path>\fR
+\fB\-L\fR, \fB\-\-libdir\fR \fIpath\fR
.RS 4
-Path to a plugins directory\&.
+Path to plugins directory\&.
.RE
.PP
-\fB\-\-action\-script\fR \fI<SCRIPT>\fR
+\fB\-\-action\-script\fR \fIscript\fR
.RS 4
-Add an external action script\&. The environment variable
+Add an external action script to be executed at certain stages\&. The environment variable
\fBCRTOOLS_SCRIPT_ACTION\fR
-contains one of the actions:
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
+is available to the script to find out which action is being executed, and its value can be one of the following:
+.PP
\fBpre\-dump\fR
-run an action prior to beginning a
+.RS 4
+run prior to beginning a
\fBdump\fR
.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
+.PP
\fBpost\-dump\fR
-run an action upon
+.RS 4
+run upon
\fBdump\fR
-completion;
+completion
.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
+.PP
\fBpre\-restore\fR
-run an action prior to beginning a
+.RS 4
+run prior to beginning a
\fBrestore\fR
.RE
-.sp
+.PP
+\fBpre\-resume\fR
.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
+run when all processes and resources are restored but tasks are stopped waiting for final kick to run\&. Must not fail\&.
+.RE
+.PP
\fBpost\-restore\fR
-run an action upon
+.RS 4
+run upon
\fBrestore\fR
-completion;
+completion
.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
+.PP
\fBnetwork\-lock\fR
-lock network in a target network namespace;
-.RE
-.sp
.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-\fBnetwork\-unlock\fR
-unlock network in a target network namespace;
+run to lock network in a target network namespace
.RE
-.sp
+.PP
+\fBnetwork\-unlock\fR
.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
+run to unlock network in a target network namespace
+.RE
+.PP
\fBsetup\-namespaces\fR
-run an action once root task just been created with required namespaces, note it is early stage on restore nothing were restored yet except namespaces themselves\&.
+.RS 4
+run once root task just been created with required namespaces\&. Note it is an early stage of restore, when nothing is restored yet except for namespaces themselves
.RE
.RE
.PP
@@ -262,11 +388,11 @@ Print program version and exit\&.
.PP
\fB\-h\fR, \fB\-\-help\fR
.RS 4
-Print a commands list and exit\&. The commands list is very short one just for overview and does not match this manual\&.
+Print some help and exit\&.
.RE
.SS "pre\-dump"
.sp
-Launches that named pre\-dump procedure, where \fBcriu\fR does snapshot of memory changes since previous pre\-dump\&. Also \fBcriu\fR forms fsnotify cache which speedup \fBrestore\fR procedure\&. \fBpre\-dump\fR requires at least \fB\-t\fR option (see \fBdump\fR below)\&. Optionally \fBpage\-server\fR options may be specified\&.
+Performs the pre\-dump procedure, during which \fBcriu\fR creates a snapshot of memory changes since the previous \fBpre\-dump\fR\&. Note that during this \fBcriu\fR also creates the fsnotify cache which speeds up the \fBrestore\fR procedure\&. \fBpre\-dump\fR requires at least \fB\-t\fR option (see \fBdump\fR below)\&. In addition, \fBpage\-server\fR options may be specified\&.
.PP
\fB\-\-track\-mem\fR
.RS 4
@@ -274,41 +400,115 @@ Turn on memory changes tracker in the kernel\&. If the option is not passed the
.RE
.SS "dump"
.sp
-Starts a checkpoint procedure\&.
+Performs a checkpoint procedure\&.
.PP
-\fB\-t\fR, \fB\-\-tree\fR \fI<pid>\fR
+\fB\-t\fR, \fB\-\-tree\fR \fIpid\fR
.RS 4
Checkpoint the whole process tree starting from
-\fI<pid>\fR\&.
+\fIpid\fR\&.
.RE
.PP
\fB\-R\fR, \fB\-\-leave\-running\fR
.RS 4
-Leave tasks in running state after checkpoint instead of killing them\&. This option is pretty dangerous and should be used if and only if you understand what you are doing\&.
+Leave tasks in running state after checkpoint, instead of killing\&. This option is pretty dangerous and should be used only if you understand what you are doing\&.
.sp
-If task is about to run after been checkpointed it can modify TCP connections, delete files and do other dangerous actions\&. So that
+Note if task is about to run after been checkpointed, it can modify TCP connections, delete files and do other dangerous actions\&. Therefore,
\fBcriu\fR
-itself can not guarantee that the next
+can not guarantee that the next
\fBrestore\fR
-action will not fail\&. Most likely if a user starts
-\fBcriu\fR
-with this option passed at least the file system snapshot must be done with help of
-\fIpost\-dump\fR
-script\&.
+action will succeed\&. Most likely if this option is used, at least the file system snapshot must be made with the help of
+\fBpost\-dump\fR
+action script\&.
.sp
-In other words, do not use it until really needed\&.
+In other words, do not use it unless really needed\&.
.RE
.PP
\fB\-s\fR, \fB\-\-leave\-stopped\fR
.RS 4
-Leave tasks in stopped state after checkpoint instead of killing them\&.
+Leave tasks in stopped state after checkpoint, instead of killing\&.
+.RE
+.PP
+\fB\-\-external\fR \fItype\fR\fB[\fR\fIid\fR\fB]:\fR\fIvalue\fR
+.RS 4
+Dump an instance of an external resource\&. The generic syntax is
+\fItype\fR
+of resource, followed by resource
+\fIid\fR
+(enclosed in literal square brackets), and optional
+\fIvalue\fR
+(prepended by a literal semicolon)\&. The following resource types are currently supported:
+\fBmnt\fR,
+\fBdev\fR,
+\fBfile\fR,
+\fBtty\fR,
+\fBunix\fR\&. Syntax depends on type\&. Note to restore external resources, either
+\fB\-\-external\fR
+or
+\fB\-\-inherit\-fd\fR
+is used, depending on resource type\&.
.RE
.PP
-\fB\-x\fR, \fB\-\-ext\-unix\-sk\fR [\fI<inode>\fR,<inode>\*(Aq]
+\fB\-\-external mnt[\fR\fImountpoint\fR\fB]:\fR\fIname\fR
.RS 4
-Dump external unix sockets\&. Optionally passing
-\fI<inode>\fR
-(or comma separated series) it assigns inodes which allowed for one sided dump\&.
+Dump an external bind mount referenced by
+\fImountpoint\fR, saving it to image under the identifier
+\fIname\fR\&.
+.RE
+.PP
+\fB\-\-external mnt[]:\fR\fIflags\fR
+.RS 4
+Dump all external bind mounts, autodetecting those\&. Optional
+\fIflags\fR
+can contain
+\fBm\fR
+to also dump external master mounts,
+\fBs\fR
+to also dump external shared mounts (default behavior is to abort dumping if such mounts are found)\&. If
+\fIflags\fR
+are not provided, semicolon is optional\&.
+.RE
+.PP
+\fB\-\-external dev[\fR\fImajor\fR\fB/\fR\fIminor\fR\fB]:\fR\fIname\fR
+.RS 4
+Allow to dump a mount namespace having a real block device mounted\&. A block device is identified by its
+\fImajor\fR
+and
+\fIminor\fR
+numbers, and
+\fBcriu\fR
+saves its information to image under the identifier
+\fIname\fR\&.
+.RE
+.PP
+\fB\-\-external file[\fR\fImnt_id\fR\fB:\fR\fIinode\fR\fB]\fR
+.RS 4
+Dump an external file, i\&.e\&. an opened file that is can not be resolved from the current mount namespace, which can not be dumped without using this option\&. The file is identified by
+\fImnt_id\fR
+(a field obtained from
+\fB/proc/\fR\fIpid\fR\fB/fdinfo/\fR\fIN\fR) and
+\fIinode\fR
+(as returned by
+\fBstat\fR(2))\&.
+.RE
+.PP
+\fB\-\-external tty[\fR\fIrdev\fR\fB:\fR\fIdev\fR\fB]\fR
+.RS 4
+Dump an external TTY, identified by
+\fBst_rdev\fR
+and
+\fBst_dev\fR
+fields returned by
+\fBstat\fR(2)\&.
+.RE
+.PP
+\fB\-\-external unix[\fR\fIid\fR\fB]\fR
+.RS 4
+Tell
+\fBcriu\fR
+that one end of a pair of UNIX sockets (created by
+\fBsocketpair\fR(2)) with
+\fIid\fR
+is OK to be disconnected\&.
.RE
.PP
\fB\-\-freeze\-cgroup\fR
@@ -318,19 +518,116 @@ Use cgroup freezer to collect processes\&.
.PP
\fB\-\-manage\-cgroups\fR
.RS 4
-Collect cgroups into the image thus they gonna be restored then\&. Without this argument
+Collect cgroups into the image thus they gonna be restored then\&. Without this option,
\fBcriu\fR
will not save cgroups configuration associated with a task\&.
.RE
.PP
+\fB\-\-cgroup\-props\fR \fIspec\fR
+.RS 4
+Specify controllers and their properties to be saved into the image file\&.
+\fBcriu\fR
+predefines specifications for common controllers, but since the kernel can add new controllers and modify their properties, there should be a way to specify ones matched the kernel\&.
+.sp
+\fIspec\fR
+argument describes the controller and properties specification in a simplified YAML form:
+.sp
+.if n \{\
+.RS 4
+.\}
+.fam C
+.ps -1
+.nf
+.BB lightgray
+"c1":
+ \- "strategy": "merge"
+ \- "properties": ["a", "b"]
+"c2":
+ \- "strategy": "replace"
+ \- "properties": ["c", "d"]
+.EB lightgray
+.fi
+.fam
+.ps +1
+.if n \{\
+.RE
+.\}
+.sp
+where
+\fIc1\fR
+and
+\fIc2\fR
+are controllers names, and
+\fIa\fR,
+\fIb\fR,
+\fIc\fR,
+\fId\fR
+are their properties\&.
+.sp
+Note the format: double quotes, spaces and new lines are required\&. The
+\fIstrategy\fR
+specifies what to do if a controller specified already exists as a built\-in one:
+\fBcriu\fR
+can either
+\fBmerge\fR
+or
+\fBreplace\fR
+such\&.
+.sp
+For example, the command line for the above example should look like this:
+.sp
+.if n \{\
+.RS 4
+.\}
+.fam C
+.ps -1
+.nf
+.BB lightgray
+\-\-cgroup\-props "\e"c1\e":\en \- \e"strategy\e": \e"merge\e"\en \- \e"properties\e": [\e"a\e", \e"b\e"]\en \e"c2\e":\en \- \e"strategy\e": \e"replace\e"\en \- \e"properties\e": [\e"c\e", \e"d\e"]"
+.EB lightgray
+.fi
+.fam
+.ps +1
+.if n \{\
+.RE
+.\}
+.RE
+.PP
+\fB\-\-cgroup\-props\-file\fR \fIfile\fR
+.RS 4
+Same as
+\fB\-\-cgroup\-props\fR, except the specification is read from the
+\fIfile\fR\&.
+.RE
+.PP
+\fB\-\-cgroup\-dump\-controller\fR \fIname\fR
+.RS 4
+Dump a controller with
+\fIname\fR
+only, skipping anything else that was discovered automatically (usually via
+\fB/proc\fR)\&. This option is useful when one needs
+\fBcriu\fR
+to skip some controllers\&.
+.RE
+.PP
+\fB\-\-cgroup\-props\-ignore\-default\fR
+.RS 4
+When combined with
+\fB\-\-cgroup\-props\fR, makes
+\fBcriu\fR
+substitute a predefined controller property with the new one shipped\&. If the option is not used, the predefined properties are merged with the provided ones\&.
+.RE
+.PP
\fB\-\-tcp\-established\fR
.RS 4
Checkpoint established TCP connections\&.
.RE
.PP
-\fB\-\-veth\-pair\fR \fI<IN>\fR\fB=\fR\fI<OUT>\fR
+\fB\-\-skip\-in\-flight\fR
.RS 4
-Correspondence between outside and inside names of veth devices\&.
+This option skips in\-flight TCP connections\&. If any TCP connections that are not yet completely established are found,
+\fBcriu\fR
+ignores these connections, rather than errors out\&. The TCP stack on the client side is expected to handle the re\-connect gracefully\&.
.RE
.PP
\fB\-\-evasive\-devices\fR
@@ -340,7 +637,7 @@ Use any path to a device file if the original one is inaccessible\&.
.PP
\fB\-\-page\-server\fR
.RS 4
-Send pages to a page server (see
+Send pages to a page server (see the
\fBpage\-server\fR
command)\&.
.RE
@@ -353,112 +650,85 @@ Force resolving names for inotify and fsnotify watches\&.
\fB\-\-auto\-dedup\fR
.RS 4
Deduplicate "old" data in pages images of previous
-\fBdump\fR\&. Which implies incremental
+\fBdump\fR\&. This option implies incremental
\fBdump\fR
-mode (see
+mode (see the
\fBpre\-dump\fR
command)\&.
.RE
.PP
\fB\-l\fR, \fB\-\-file\-locks\fR
.RS 4
-Dump file locks\&. It is necessary to make sure that all file lock users are taken into dump, so it is only safe to use this for enclojured containers where locks are not holed by someone outside of it\&.
-.RE
-.PP
-\fB\-M\fR, \fB\-\-ext\-mount\-map\fR \fI<KEY>\fR\fB:\fR\fI<VAL>\fR
-.RS 4
-Setup mapping for external mounts\&.
-\fI<KEY>\fR
-is a mountpoint inside container and corresponding
-\fI<VAL>\fR
-is a string that will be written into the image as mountpoint\*(Aqs root value\&.
+Dump file locks\&. It is necessary to make sure that all file lock users are taken into dump, so it is only safe to use this for enclosed containers where locks are not held by any processes outside of dumped process tree\&.
.RE
.PP
\fB\-\-link\-remap\fR
.RS 4
-Allow one to link unlinked files back when possible (modifies FS till
+Allows to link unlinked files back, if possible (modifies filesystem during
\fBrestore\fR)\&.
.RE
.PP
\fB\-\-ghost\-limit\fR \fIsize\fR
.RS 4
-Allow one to specify maximum allowed size of deleted file to be carried inside image files\&. By default up to 1M file is allowed\&. It is done in a sake to not carry big files inside images\&.
+Set the maximum size of deleted file to be carried inside image\&. By default, up to 1M file is allowed\&. Using this option allows to not put big deleted files inside images\&. Argument
\fIsize\fR
-may be postfixed with
-\fIK\fR,
-\fIM\fR
+may be postfixed with a
+\fBK\fR,
+\fBM\fR
or
-\fIG\fR
-(which stands for kilo, mega and gigabytes accordingly)\&.
+\fBG\fR, which stands for kilo\-, mega, and gigabytes, accordingly\&.
.RE
.PP
\fB\-j\fR, \fB\-\-shell\-job\fR
.RS 4
-Allow one to dump shell jobs\&. This implies the restored task will inherit session and process group ID from the criu itself\&. Also this option allows one to migrate a single external tty connection, in other words this option allows one to migrate such application as "top" and friends\&. If passed on
+Allow one to dump shell jobs\&. This implies the restored task will inherit session and process group ID from the
+\fBcriu\fR
+itself\&. This option also allows to migrate a single external tty connection, to migrate applications like
+\fBtop\fR\&. If used with
\fBdump\fR
-it must be specified on
+command, it must be specified with
\fBrestore\fR
as well\&.
.RE
.PP
-\fB\-\-cpu\-cap\fR [,\fI<cap>\fR]
+\fB\-\-cpu\-cap\fR [\fIcap\fR[,\fIcap\fR\&...]]
.RS 4
-Specify
-\fIcap\fR
-CPU capability to be written into an image file\&. Basically if
-\fI<cap>\fR
-is one of
-\fBall\fR,
-\fBcpu\fR
-or
-\fBins\fR, then
-\fBcriu\fR
-writes CPU related information into image file\&. If the option is omitted or set to
-\fBnone\fR
-then image will not be written\&. By default
-\fBcriu\fR
-do not write this image\&.
+Specify CPU capabilities to write to an image file\&. The argument is a comma\-separated list of
+\fBnone\fR,
+\fBfpu\fR,
+\fBcpu\fR,
+\fBins\fR,
+\fBall\fR\&. If the argument is omitted or set to
+\fBnone\fR, capabilities will not be written, which is the default behavior\&.
.RE
-.SS "restore"
-.sp
-Restores previously checkpointed processes\&.
.PP
-\fB\-\-inherit\-fd\fR \fIfd[<num>]:<existing>\fR
+\fB\-\-cgroup\-root\fR [\fIcontroller\fR:]/\fInewroot\fR
.RS 4
-Inherit file descriptors\&. This allows one to treat file descriptor
-\fI<num>\fR
-as being already opened via
-\fI<existing>\fR
-one and instead of trying to open we inherit it\&.
-.RE
-.PP
-\fB\-d\fR, \fB\-\-restore\-detached\fR
-.RS 4
-Detach
+Change the root for the controller that will be dumped\&. By default,
\fBcriu\fR
-itself once restore is complete\&.
-.RE
-.PP
-\fB\-S\fR, \fB\-\-restore\-sibling\fR
-.RS 4
-Restore root task as a sibling (make sense with
-\fB\-\-restore\-detached\fR) only\&.
-.RE
-.PP
-\fB\-r\fR, \fB\-\-root\fR \fI<path>\fR
-.RS 4
-Change the root filesystem to <path> (when run in mount namespace)\&.
+simply dumps everything below where any of the tasks live\&. However, if a container moves all of its tasks into a cgroup directory below the container engine\(cqs default directory for tasks, permissions will not be preserved on the upper directories with no tasks in them, which may cause problems\&.
.RE
+.SS "restore"
+.sp
+Restores previously checkpointed processes\&.
.PP
-\fB\-\-manage\-cgroups\fR [<mode>]
+\fB\-\-inherit\-fd\fR \fBfd[\fR\fIN\fR\fB]:\fR\fIresource\fR
.RS 4
-Restore cgroups configuration associated with a task from the image\&. Controllers are always restored in optimistic way \(em if already present in system
+Inherit a file descriptor\&. This option lets
\fBcriu\fR
-reuses it, otherwise it will be created\&.
+use an already opened file descriptor
+\fIN\fR
+for restoring a file identified by
+\fIresource\fR\&. This option can be used to restore an external resource dumped with the help of
+\fB\-\-external\fR
+\fBfile\fR,
+\fBtty\fR, and
+\fBunix\fR
+options\&.
.sp
The
-\fI<mode>\fR
-may be one of below\&.
+\fIresource\fR
+argument can be one of the following:
.sp
.RS 4
.ie n \{\
@@ -468,9 +738,7 @@ may be one of below\&.
.sp -1
.IP \(bu 2.3
.\}
-\fBnone\fR\&. Do not restore cgroup properties but require cgroup to pre\-exist at the moment of
-\fBrestore\fR
-procedure\&.
+\fBtty[\fR\fIrdev\fR\fB:\fR\fIdev\fR\fB]\fR
.RE
.sp
.RS 4
@@ -481,7 +749,7 @@ procedure\&.
.sp -1
.IP \(bu 2.3
.\}
-\fBprops\fR\&. Restore cgroup properties and require cgroup to pre\-exist\&.
+\fBpipe[\fR\fIinode\fR\fB]\fR
.RE
.sp
.RS 4
@@ -492,8 +760,7 @@ procedure\&.
.sp -1
.IP \(bu 2.3
.\}
-\fBsoft\fR\&. Restore cgroup properties if only cgroup has been created by
-\fBcriu\fR, otherwise do not restore properies\&. This is the default if mode is unspecified\&.
+\fBsocket[\fR\fIinode\fR\fB]\fR
.RE
.sp
.RS 4
@@ -504,7 +771,7 @@ procedure\&.
.sp -1
.IP \(bu 2.3
.\}
-\fBfull\fR\&. Always restore all cgroups and their properties\&.
+\fBfile[\fR\fImnt_id\fR\fB:\fR\fIinode\fR\fB]\fR
.RE
.sp
.RS 4
@@ -515,56 +782,162 @@ procedure\&.
.sp -1
.IP \(bu 2.3
.\}
-\fBstrict\fR\&. Restore all cgroups and their properties from the scratch, requiring them to not present in the system\&.
+\fIpath/to/file\fR
.RE
+.sp
+Note that square brackets used in this option arguments are literals and usually need to be escaped from shell\&.
.RE
.PP
-\fB\-\-cgroup\-root\fR \fI[<controller>:]/<newroot>\fR
+\fB\-d\fR, \fB\-\-restore\-detached\fR
.RS 4
-Change the root cgroup the controller will be installed into\&. No controller means that root is the default for all controllers not specified\&.
+Detach
+\fBcriu\fR
+itself once restore is complete\&.
.RE
.PP
-\fB\-\-tcp\-established\fR
+\fB\-s\fR, \fB\-\-leave\-stopped\fR
.RS 4
-Restore previously dumped established TCP connections\&. This implies that the network has been locked between
-\fBdump\fR
-and
+Leave tasks in stopped state after restore (rather than resuming their execution)\&.
+.RE
+.PP
+\fB\-S\fR, \fB\-\-restore\-sibling\fR
+.RS 4
+Restore root task as a sibling (makes sense only with
+\fB\-\-restore\-detached\fR)\&.
+.RE
+.PP
+\fB\-r\fR, \fB\-\-root\fR \fIpath\fR
+.RS 4
+Change the root filesystem to
+\fIpath\fR
+(when run in a mount namespace)\&.
+.RE
+.PP
+\fB\-\-external\fR \fItype\fR\fB[\fR\fIid\fR\fB]:\fR\fIvalue\fR
+.RS 4
+Restore an instance of an external resource\&. The generic syntax is
+\fItype\fR
+of resource, followed by resource
+\fIid\fR
+(enclosed in literal square brackets), and optional
+\fIvalue\fR
+(prepended by a literal semicolon)\&. The following resource types are currently supported:
+\fBmnt\fR,
+\fBdev\fR,
+\fBveth\fR,
+\fBmacvlan\fR\&. Syntax depends on type\&. Note to restore external resources dealing with opened file descriptors (such as dumped with the help of
+\fB\-\-external\fR
+\fBfile\fR,
+\fBtty\fR, and
+\fBunix\fR
+options), option
+\fB\-\-inherit\-fd\fR
+should be used\&.
+.RE
+.PP
+\fB\-\-external mnt[\fR\fIname\fR\fB]:\fR\fImountpoint\fR
+.RS 4
+Restore an external bind mount referenced in the image by
+\fIname\fR, bind\-mounting it from the host
+\fImountpoint\fR
+to a proper mount point\&.
+.RE
+.PP
+\fB\-\-external mnt[]\fR
+.RS 4
+Restore all external bind mounts (dumped with the help of
+\fB\-\-external mnt[]\fR
+auto\-detection)\&.
+.RE
+.PP
+\fB\-\-external dev[\fR\fIname\fR\fB]:\fR\fI/dev/path\fR
+.RS 4
+Restore an external mount device, identified in the image by
+\fIname\fR, using the existing block device
+\fI/dev/path\fR\&.
+.RE
+.PP
+\fB\-\-external veth[\fR\fIinner_dev\fR\fB]:\fR\fIouter_dev\fR\fB@\fR\fIbridge\fR
+.RS 4
+Set the outer VETH device name (corresponding to
+\fIinner_dev\fR
+being restored) to
+\fIouter_dev\fR\&. If optional
+\fB@\fR\fIbridge\fR
+is specified,
+\fIouter_dev\fR
+is added to that bridge\&. If the option is not used,
+\fIouter_dev\fR
+will be autogenerated by the kernel\&.
+.RE
+.PP
+\fB\-\-external macvlan[\fR\fIinner_dev\fR\fB]:\fR\fIouter_dev\fR
+.RS 4
+When restoring an image that have a MacVLAN device in it, this option must be used to specify to which
+\fIouter_dev\fR
+(an existing network device in CRIU namespace) the restored
+\fIinner_dev\fR
+should be bound to\&.
+.RE
+.PP
+\fB\-\-manage\-cgroups\fR [\fImode\fR]
+.RS 4
+Restore cgroups configuration associated with a task from the image\&. Controllers are always restored in an optimistic way \(em if already present in system,
+\fBcriu\fR
+reuses it, otherwise it will be created\&.
+.RE
+.sp
+The \fImode\fR may be one of the following:
+.PP
+\fBnone\fR
+.RS 4
+Do not restore cgroup properties but require cgroup to pre\-exist at the moment of
\fBrestore\fR
-phases so other side of a connection simply notice a kind of lag\&.
+procedure\&.
.RE
.PP
-\fB\-\-veth\-pair\fR \fI<IN>\fR\fB=\fR\fI<OUT>\fR
+\fBprops\fR
.RS 4
-Correspondence between outside and inside names of veth devices\&.
+Restore cgroup properties and require cgroup to pre\-exist\&.
.RE
.PP
-\fB\-l\fR, \fB\-\-file\-locks\fR
+\fBsoft\fR
.RS 4
-Restore file locks from the image\&.
+Restore cgroup properties if only cgroup has been created by
+\fBcriu\fR, otherwise do not restore properties\&. This is the default if mode is unspecified\&.
.RE
.PP
-\fB\-M\fR, \fB\-\-ext\-mount\-map\fR \fI<KEY>\fR\fB:\fR\fI<VAL>\fR
+\fBfull\fR
.RS 4
-Setup mapping for external mounts\&.
-\fI<KEY>\fR
-is the value from the image (\fI<VAL>\fR
-from dump) and the
-\fI<VAL>\fR
-is the path on host that will be bind\-mounted into container (to the mountpoint path from image)\&.
+Always restore all cgroups and their properties\&.
.RE
.PP
-\fB\-\-ext\-mount\-map\fR \fBauto\fR
+\fBstrict\fR
.RS 4
-This is a special case\&. If this flag is passed, when an external mount is missing from the command line
-\fI\fB\-\-ext\-mount\-map\fR\fR\fI <KEY>:<VAL>\fR
-syntax, criu attempts to automatically resolve this mount from its namespace\&.
+Restore all cgroups and their properties from the scratch, requiring them to not present in the system\&.
+.PP
+\fB\-\-cgroup\-root\fR [\fIcontroller\fR\fB:\fR]/\fInewroot\fR
+.RS 4
+Change the root cgroup the controller will be installed into\&. No controller means that root is the default for all controllers not specified\&.
+.RE
+.PP
+\fB\-\-tcp\-established\fR
+.RS 4
+Restore previously dumped established TCP connections\&. This implies that the network has been locked between
+\fBdump\fR
+and
+\fBrestore\fR
+phases so other side of a connection simply notice a kind of lag\&.
+.RE
+.PP
+\fB\-\-veth\-pair\fR \fIIN\fR\fB=\fR\fIOUT\fR
+.RS 4
+Correspondence between outside and inside names of veth devices\&.
.RE
.PP
-\fB\-\-enable\-external\-sharing\fR, \fB\-\-enable\-external\-masters\fR
+\fB\-l\fR, \fB\-\-file\-locks\fR
.RS 4
-These flags enable external shared or slave mounts to be resolved automatically when
-\fI\fB\-\-ext\-mount\-map auto\fR\fR
-is passed\&.
+Restore file locks from the image\&.
.RE
.PP
\fB\-\-auto\-dedup\fR
@@ -577,54 +950,38 @@ As soon as a page is restored it get punched out from image\&.
Restore shell jobs, in other words inherit session and process group ID from the criu itself\&.
.RE
.PP
-\fB\-\-cpu\-cap\fR [\fI<cap>\fR,\fI<cap>\fR]
+\fB\-\-cpu\-cap\fR [\fIcap\fR[,\fIcap\fR\&...]]
.RS 4
-Specify
-\fI<cap>\fR
-CPU capability to be present on the CPU the process is restoring\&. To inverse capability prefix it with
+Specify CPU capabilities to be present on the CPU the process is restoring\&. To inverse a capability, prefix it with
\fB^\fR\&. This option implies that
\fB\-\-cpu\-cap\fR
has been passed on
\fBdump\fR
as well, except
\fBfpu\fR
-option case\&.
-.sp
+option case\&. The
+\fIcap\fR
+argument can be the following (or a set of comma\-separated values):
+.RE
+.RE
+.PP
+\fBall\fR
.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-\fBall\fR\&. Require all capabilities\&. This is
+Require all capabilities\&. This is
\fBdefault\fR
mode if
\fB\-\-cpu\-cap\fR
is passed without arguments\&. Most safe mode\&.
.RE
-.sp
+.PP
+\fBcpu\fR
.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-\fBcpu\fR\&. Require the CPU to have all capabilities in image to match runtime CPU\&.
+Require the CPU to have all capabilities in image to match runtime CPU\&.
.RE
-.sp
+.PP
+\fBfpu\fR
.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-\fBfpu\fR\&. Requre the CPU to have comaptible FPU\&. For example the process might be dumped with xsave capability but attempted to restore without it present on target CPU\&. In such case we refuse to procceed\&. This is
+Require the CPU to have compatible FPU\&. For example the process might be dumped with xsave capability but attempted to restore without it present on target CPU\&. In such case we refuse to proceed\&. This is
\fBdefault\fR
mode if
\fB\-\-cpu\-cap\fR
@@ -632,94 +989,68 @@ is not present in command line\&. Note this argument might be passed even if on
\fBdump\fR
no
\fB\-\-cpu\-cap\fR
-have been specified becase FPU frames are always encoded into images\&.
+have been specified because FPU frames are always encoded into images\&.
.RE
-.sp
+.PP
+\fBins\fR
.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-\fBins\fR\&. Require CPU compatibility on instructions level\&.
+Require CPU compatibility on instructions level\&.
.RE
-.sp
+.PP
+\fBnone\fR
.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-\fBnone\fR\&. Ignore capabilities\&. Most dangerous mode\&. The behaviour is implementation dependent\&. Try to not use it until really required\&.
+Ignore capabilities\&. Most dangerous mode\&. The behaviour is implementation dependent\&. Try to not use it until really required\&.
.sp
-One possible need of using this option is when
-\fB\-\-cpu\-cap\fR=\fBcpu\fR
-has been passed on
-\fBdump\fR
-then images are migrated to a less capable processor and one need to
-\fBrestore\fR
-this application, by default
+For example, this option can be used in case
+\fB\-\-cpu\-cap=cpu\fR
+was used during
+\fBdump\fR, and images are migrated to a less capable CPU and are to be restored\&. By default,
\fBcriu\fR
-will refuse to proceed without relaxing capability with
-\fB\-\-cpu\-cap\fR=\fBnone\fR
-parameter\&.
+shows an error that CPU capabilities are not adequate, but this can be suppressed by using
+\fB\-\-cpu\-cap=none\fR\&.
+.PP
+\fB\-\-weak\-sysctls\fR
+.RS 4
+Silently skip restoring sysctls that are not available\&. This allows to restore on an older kernel, or a kernel configured without some options\&.
.RE
.RE
.SS "check"
.sp
-Checks whether the kernel supports the features that \fBcriu\fR needs to successfully dump and restore a process tree\&.
-.sp
-There are three categories of kernel support as described below\&. \fBcriu check\fR always checks Category 1 features unless \fB\-\-feature\fR is specified which only checks the specified feature\&.
+Checks whether the kernel supports the features needed by \fBcriu\fR to dump and restore a process tree\&.
.sp
+There are three categories of kernel support, as described below\&. \fBcriu check\fR always checks Category 1 features unless \fB\-\-feature\fR is specified which only checks a specified feature\&.
+.PP
+\fBCategory 1\fR
.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-\fBCategory 1\fR\&. Absolutely required\&. These are features like
-\fI/proc/<pid>/map_files\fR,
-\fINETLINK_SOCK_DIAG\fR
+Absolutely required\&. These are features like support for
+\fB/proc/PID/map_files\fR,
+\fBNETLINK_SOCK_DIAG\fR
socket monitoring,
-\fI/proc/sys/kernel/ns_last_pid\fR, etc\&.
+\fB/proc/sys/kernel/ns_last_pid\fR
+etc\&.
.RE
-.sp
+.PP
+\fBCategory 2\fR
.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-\fBCategory 2\fR\&. Required only for specific cases\&. These are features like aio remap,
-\fI/dev/net/tun\fR, etc\&. that are required if the process being dumped or restored is using them\&.
+Required only for specific cases\&. These are features like AIO remap,
+\fB/dev/net/tun\fR
+and others that are only required if a process being dumped or restored is using those\&.
.RE
-.sp
+.PP
+\fBCategory 3\fR
.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-\fBCategory 3\fR\&. Experimental\&. These are features like task\-diag that are used for experimental purposes (mostly during development)\&.
+Experimental\&. These are features like
+\fBtask\-diag\fR
+that are used for experimental purposes (mostly during development)\&.
.RE
.sp
-If there are no errors or warnings, \fBcriu\fR prints "Looks good\&." and its exit code will be 0\&.
+If there are no errors or warnings, \fBcriu\fR prints "Looks good\&." and its exit code is 0\&.
.sp
-A missing Category 1 feature causes \fBcriu\fR to print "Does not look good\&." and its exit code will be non\-zero\&.
+A missing Category 1 feature causes \fBcriu\fR to print "Does not look good\&." and its exit code is non\-zero\&.
.sp
-Missing Category 2 and 3 features cause \fBcriu\fR to print "Looks good but some kernel features are missing which, depending on your process tree, may cause dump or restore failure\&." and its exit code will be non\-zero\&.
+Missing Category 2 and 3 features cause \fBcriu\fR to print "Looks good but \&..." and its exit code is be non\-zero\&.
.sp
-Without an argument, \fBcriu check\fR checks Category 1 features\&. This behavior can change with the following options:
+Without any options, \fBcriu check\fR checks Category 1 features\&. This behavior can be changed by using the following options:
.PP
\fB\-\-extra\fR
.RS 4
@@ -736,12 +1067,12 @@ Check kernel support for Category 3 features\&.
Check kernel support for Category 1, 2, and 3 features\&.
.RE
.PP
-\fB\-\-feature\fR \fI<name>\fR
+\fB\-\-feature\fR \fIname\fR
.RS 4
Check a specific feature\&. If
-\fI<name>\fR
+\fIname\fR
is
-\fIlist\fR, a list of valid kernel feature names that can be checked will be printed\&.
+\fBlist\fR, a list of valid kernel feature names that can be checked will be printed\&.
.RE
.SS "page\-server"
.sp
@@ -752,80 +1083,35 @@ Launches \fBcriu\fR in page server mode\&.
Runs page server as a daemon (background process)\&.
.RE
.PP
-\fB\-\-address\fR \fI<address>\fR
+\fB\-\-status_fd\fR
+.RS 4
+Write \e\e0 to the FD and close it once page\-server is ready to handle requests\&. The status\-fd allows to not daemonize a process and get its exit code at the end\&. It isn\(cqt supposed to use \-\-daemon and \-\-status\-fd together\&.
+.RE
+.PP
+\fB\-\-address\fR \fIaddress\fR
.RS 4
Page server IP address\&.
.RE
.PP
-\fB\-\-port\fR \fI<number>\fR
+\fB\-\-port\fR \fInumber\fR
.RS 4
Page server port number\&.
.RE
.SS "exec"
.sp
-Executes a system call inside a destination task\*(Aqs context\&.
+Executes a system call inside a destination task\*(Aqs context\&. This functionality is deprecated; please use \fBCompel\fR instead\&.
.SS "service"
.sp
-Launches \fBcriu\fR in RPC daemon mode where \fBcriu\fR is listeninп for RPC commands over socket to perform\&. This is convenient for the case where daemon itself is running in a privilege (superuser) mode but clients are not\&.
+Launches \fBcriu\fR in RPC daemon mode, where \fBcriu\fR is listening for RPC commands over socket to perform\&. This is convenient for a case where daemon itself is running in a privileged (superuser) mode but clients are not\&.
.SS "dedup"
.sp
-Starts pagemap data deduplication procedure, where \fBcriu\fR scans over all pagemap files and tries to minimalize the number of pagemap entries by obtaining the references from a parent pagemap image\&.
+Starts pagemap data deduplication procedure, where \fBcriu\fR scans over all pagemap files and tries to minimize the number of pagemap entries by obtaining the references from a parent pagemap image\&.
.SS "cpuinfo dump"
.sp
Fetches current CPU features and write them into an image file\&.
.SS "cpuinfo check"
.sp
-Fetches current CPU features (ie CPU the \fBcriu\fR is running on) and test if they are compatible with ones present in image file\&.
-.SH "SYSCALLS EXECUTION"
-.sp
-To run a system call in another task\*(Aqs context use
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
- criu exec \-t pid syscall\-string
-.fi
-.if n \{\
-.RE
-.\}
-.sp
-command\&. The \fIsyscall\-string\fR should look like
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
- syscall\-name syscall\-arguments \&.\&.\&.
-.fi
-.if n \{\
-.RE
-.\}
-.sp
-Each command line argument is transformed into the system call argument by the following rules:
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-If one starts with
-\fB&\fR, the rest of it gets copied to the target task\*(Aqs address space and the respective syscall argument is the pointer to this string;
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-Otherwise it is treated as a number (converted with strtol) and is directly passed into the system call\&.
-.RE
+Fetches current CPU features (i\&.e\&. CPU the \fBcriu\fR is running on) and test if they are compatible with the ones present in an image file\&.
.SH "EXAMPLES"
.sp
To checkpoint a program with pid of \fB1234\fR and write all image files into directory \fBcheckpoint\fR:
@@ -833,9 +1119,15 @@ To checkpoint a program with pid of \fB1234\fR and write all image files into di
.if n \{\
.RS 4
.\}
+.fam C
+.ps -1
.nf
+.BB lightgray
criu dump \-D checkpoint \-t 1234
+.EB lightgray
.fi
+.fam
+.ps +1
.if n \{\
.RE
.\}
@@ -845,39 +1137,21 @@ To restore this program detaching criu itself:
.if n \{\
.RS 4
.\}
+.fam C
+.ps -1
.nf
+.BB lightgray
criu restore \-d \-D checkpoint
+.EB lightgray
.fi
-.if n \{\
-.RE
-.\}
-.sp
-To close a file descriptor number \fB1\fR in task with pid \fB1234\fR:
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
- criu exec \-t 1234 close 1
-.fi
-.if n \{\
-.RE
-.\}
-.sp
-To open a file named \fB/foo/bar\fR for read\-write in the task with pid \fB1234\fR:
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
- criu exec \-t 1234 open \*(Aq&/foo/bar\*(Aq 2
-.fi
+.fam
+.ps +1
.if n \{\
.RE
.\}
.SH "AUTHOR"
.sp
-OpenVZ team\&.
+The CRIU team\&.
.SH "COPYRIGHT"
.sp
-Copyright (C) 2011\-2015, Parallels Inc\&.
+Copyright (C) 2011\-2016, Parallels Holdings, Inc\&.
diff --git a/SOURCES/ed8fecd12d7ce37d7ebdc35837e184caba7a14b4.patch b/SOURCES/ed8fecd12d7ce37d7ebdc35837e184caba7a14b4.patch
deleted file mode 100644
index d0200e2..0000000
--- a/SOURCES/ed8fecd12d7ce37d7ebdc35837e184caba7a14b4.patch
+++ /dev/null
@@ -1,105 +0,0 @@
-From ed8fecd12d7ce37d7ebdc35837e184caba7a14b4 Mon Sep 17 00:00:00 2001
-From: Adrian Reber <areber@redhat.com>
-Date: Mon, 20 Jun 2016 23:15:00 +0300
-Subject: [PATCH] criu: add RPC interface for skip in-flight connections
-
-For the previously added option to skip in-flight connections this adds
-that option to the RPC interface. The skip in-flight connections is also
-described in criu.txt.
-
-Signed-off-by: Adrian Reber <areber@redhat.com>
-Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
----
- Documentation/criu.txt | 7 +++++++
- criu/cr-service.c | 3 +++
- images/rpc.proto | 1 +
- lib/c/criu.c | 11 +++++++++++
- lib/c/criu.h | 2 ++
- 5 files changed, 24 insertions(+)
-
-diff --git a/Documentation/criu.txt b/Documentation/criu.txt
-index 55f05c0..39a6685 100644
---- a/Documentation/criu.txt
-+++ b/Documentation/criu.txt
-@@ -199,6 +199,13 @@ Thus for command line argument the example above will look like:
- *--tcp-established*::
- Checkpoint established TCP connections.
-
-+*--skip-in-flight*::
-+ This option skips in-flight TCP connections. If TCP connections
-+ are found which are not yet completely established, criu will
-+ ignore these connections in favor of erroring out.
-+ The TCP stack on the client side is expected to handle the
-+ re-connect gracefully.
-+
- *--veth-pair* '<IN>'*=*'<OUT>'::
- Correspondence between outside and inside names of veth devices.
-
-diff --git a/criu/cr-service.c b/criu/cr-service.c
-index 0dc9c0c..0672a83 100644
---- a/criu/cr-service.c
-+++ b/criu/cr-service.c
-@@ -322,6 +322,9 @@ static int setup_opts_from_req(int sk, CriuOpts *req)
- if (req->has_tcp_established)
- opts.tcp_established_ok = req->tcp_established;
-
-+ if (req->has_tcp_skip_in_flight)
-+ opts.tcp_skip_in_flight = req->tcp_skip_in_flight;
-+
- if (req->has_evasive_devices)
- opts.evasive_devices = req->evasive_devices;
-
-diff --git a/images/rpc.proto b/images/rpc.proto
-index 1f74dcf..27583c1 100644
---- a/images/rpc.proto
-+++ b/images/rpc.proto
-@@ -104,6 +104,7 @@ message criu_opts {
- repeated string external = 37;
- optional uint32 empty_ns = 38;
- repeated join_namespace join_ns = 39;
-+ optional bool tcp_skip_in_flight = 46;
- }
-
- message criu_dump_resp {
-diff --git a/lib/c/criu.c b/lib/c/criu.c
-index 05425a3..e75268c 100644
---- a/lib/c/criu.c
-+++ b/lib/c/criu.c
-@@ -309,6 +309,17 @@ void criu_set_tcp_established(bool tcp_established)
- criu_local_set_tcp_established(global_opts, tcp_established);
- }
-
-+void criu_local_set_tcp_skip_in_flight(criu_opts *opts, bool tcp_skip_in_flight)
-+{
-+ opts->rpc->has_tcp_skip_in_flight = true;
-+ opts->rpc->tcp_skip_in_flight = tcp_skip_in_flight;
-+}
-+
-+void criu_set_tcp_skip_in_flight(bool tcp_skip_in_flight)
-+{
-+ criu_local_set_tcp_skip_in_flight(global_opts, tcp_skip_in_flight);
-+}
-+
- void criu_local_set_evasive_devices(criu_opts *opts, bool evasive_devices)
- {
- opts->rpc->has_evasive_devices = true;
-diff --git a/lib/c/criu.h b/lib/c/criu.h
-index 7ed1750..c28369f 100644
---- a/lib/c/criu.h
-+++ b/lib/c/criu.h
-@@ -65,6 +65,7 @@ void criu_set_leave_running(bool leave_running);
- void criu_set_ext_unix_sk(bool ext_unix_sk);
- int criu_add_unix_sk(unsigned int inode);
- void criu_set_tcp_established(bool tcp_established);
-+void criu_set_tcp_skip_in_flight(bool tcp_skip_in_flight);
- void criu_set_evasive_devices(bool evasive_devices);
- void criu_set_shell_job(bool shell_job);
- void criu_set_file_locks(bool file_locks);
-@@ -169,6 +170,7 @@ void criu_local_set_leave_running(criu_opts *opts, bool leave_running);
- void criu_local_set_ext_unix_sk(criu_opts *opts, bool ext_unix_sk);
- int criu_local_add_unix_sk(criu_opts *opts, unsigned int inode);
- void criu_local_set_tcp_established(criu_opts *opts, bool tcp_established);
-+void criu_local_set_tcp_skip_in_flight(criu_opts *opts, bool tcp_skip_in_flight);
- void criu_local_set_evasive_devices(criu_opts *opts, bool evasive_devices);
- void criu_local_set_shell_job(criu_opts *opts, bool shell_job);
- void criu_local_set_file_locks(criu_opts *opts, bool file_locks);
diff --git a/SPECS/criu.spec b/SPECS/criu.spec
index fceff83..cc74b66 100644
--- a/SPECS/criu.spec
+++ b/SPECS/criu.spec
@@ -1,5 +1,5 @@
Name: criu
-Version: 2.3
+Version: 2.12
Release: 2%{?dist}
Provides: crtools = %{version}-%{release}
Obsoletes: crtools <= 1.0-2
@@ -11,18 +11,21 @@ Source0: http://download.openvz.org/criu/criu-%{version}.tar.bz2
# The patch aio-fix.patch is needed as RHEL7
# doesn't do "nr_events *= 2" in ioctx_alloc().
Patch0: aio-fix.patch
-Patch1: https://github.com/xemul/criu/commit/2fdef836a59938b169ca3c8f2c813b35258f1ed5.patch
-Patch2: https://github.com/xemul/criu/commit/ed8fecd12d7ce37d7ebdc35837e184caba7a14b4.patch
+Patch1: 0001-kerndat-Detect-if-we-have-guard-page-mangle-in-procf.patch
+Patch2: 0002-mem-Don-t-assume-guard-page-is-returned-in-procfs-wi.patch
+%if 0%{?rhel}
BuildRequires: systemd
-%if 0%{?rhel}
# RHEL has no asciidoc; take man-page from Fedora 24
# zcat /usr/share/man/man8/criu.8.gz > criu.8
Source1: criu.8
+Source2: crit.1
%endif
+BuildRequires: libnet-devel
BuildRequires: protobuf-devel protobuf-c-devel python2-devel libnl3-devel libcap-devel
+BuildRequires: perl
%if 0%{?fedora}
BuildRequires: asciidoc xmlto
%endif
@@ -37,6 +40,7 @@ ExclusiveArch: x86_64 %{arm} ppc64le aarch64
ExclusiveArch: x86_64 ppc64le
%endif
+
%description
criu is the user-space part of Checkpoint/Restore in User-space
(CRIU), a project to implement checkpoint/restore functionality for
@@ -70,7 +74,7 @@ their content in human-readable form.
%prep
-%setup -q -n criu-%{version}
+%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
@@ -93,6 +97,7 @@ make install-lib DESTDIR=$RPM_BUILD_ROOT PREFIX=%{_prefix} LIBDIR=%{_libdir}
make install-man DESTDIR=$RPM_BUILD_ROOT PREFIX=%{_prefix} LIBDIR=%{_libdir}
%else
install -p -m 644 -D %{SOURCE1} $RPM_BUILD_ROOT%{_mandir}/man8/%{name}.8
+install -p -m 644 -D %{SOURCE2} $RPM_BUILD_ROOT%{_mandir}/man1/crit.1
%endif
%if 0%{?rhel}
@@ -100,6 +105,7 @@ install -p -m 644 -D %{SOURCE1} $RPM_BUILD_ROOT%{_mandir}/man8/%{name}.8
rm -rf $RPM_BUILD_ROOT%{_includedir}/criu
rm $RPM_BUILD_ROOT%{_libdir}/*.so*
rm -rf $RPM_BUILD_ROOT%{_libdir}/pkgconfig
+rm -rf $RPM_BUILD_ROOT%{_libexecdir}/%{name}
%endif
%post -p /sbin/ldconfig
@@ -110,6 +116,7 @@ rm -rf $RPM_BUILD_ROOT%{_libdir}/pkgconfig
%doc %{_mandir}/man8/criu.8*
%if 0%{?fedora}
%{_libdir}/*.so.*
+%{_libexecdir}/%{name}
%endif
%doc README.md COPYING
@@ -126,9 +133,16 @@ rm -rf $RPM_BUILD_ROOT%{_libdir}/pkgconfig
%files -n crit
%{_bindir}/crit
+%doc %{_mandir}/man1/crit.1*
%changelog
+* Wed Jun 28 2017 Adrian Reber <areber@redhat.com> - 2.12-2
+- Added patches for guard page kernel fixes
+
+* Thu Mar 09 2017 Adrian Reber <areber@redhat.com> - 2.12-1
+- Update to 2.12
+
* Tue Jun 14 2016 Adrian Reber <areber@redhat.com> - 2.3-2
- Added patches to handle in-flight TCP connections