search

opencontainers / runc

CLI tool for spawning and running containers according to the OCI specification
https://www.opencontainers.org/
Apache License 2.0
11.91k stars 2.12k forks source link

Checkpointing A Rootless Container #2009

Open lfield opened 5 years ago

lfield commented 5 years ago

When trying to checkpoint a rootless container I get the message cannot checkpoint a rootless container. Why is it not possible to checkpoint a rootless container?

rst0git commented 5 years ago

https://criu.org/User-mode https://unix.stackexchange.com/questions/435073/criu-for-non-root-users

cyphar commented 5 years ago

Checkpoint-restore is implemented entirely in CRIU, and is a very hairy process. CRIU 2.0 from a few years ago added support for unprivileged process checkpointing but it's my understanding that unprivileged process restoration is not really a thing yet.

But the fact we outright deny doing it without even trying is probably something we should change (at the time, I just decided to punt on checkpoint-restore for rootless containers because it wasn't clear how well it would work with runc).

lfield commented 5 years ago

We have a use case for this and I would be happy to test.