AntonKozlov
commented
1 year ago This change prevents CRIU to record seccomp info. But it is not clear could not it restore empty seccomp? For an enironment that has non-empty seccomps that would mean dropping seccomps filters, that looks rather bad. But if seccomps are inherited for restored process for environment, we are fine. Could you test the scenario?
wkia
When using CRaC with Docker for Windows, there may be the issue with seccomp permissions in criu, even if "
--privileged" docker option is set. For example, see https://github.com/checkpoint-restore/criu/issues/1666#issuecomment-981620691 The "--security-opt seccomp=unconfined" may be used as a workaround, but Docker seems to have this option broken time to time.We could disable seccomp-related functionality in criu, because CRaC doesn't need it.