From eb94467780eab06a452586c9751fc4f571d9e089 Mon Sep 17 00:00:00 2001
From: Adrian Reber <areber@redhat.com>
Date: Mon, 12 Jul 2021 11:43:45 +0000
Subject: Support checkpoint/restore with pods

This adds support to checkpoint containers out of pods and restore
container into pods.

It is only possible to restore a container into a pod if it has been
checkpointed out of pod. It is also not possible to restore a non pod
container into a pod.

The main reason this does not work is the PID namespace. If a non pod
container is being restored in a pod with a shared PID namespace, at
least one process in the restored container uses PID 1 which is already
in use by the infrastructure container. If someone tries to restore
container from a pod with a shared PID namespace without a shared PID
namespace it will also fail because the resulting PID namespace will not
have a PID 1.

Signed-off-by: Adrian Reber <areber@redhat.com>
---
 pkg/criu/criu.go | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'pkg/criu/criu.go')

diff --git a/pkg/criu/criu.go b/pkg/criu/criu.go
index 0b5d2c45e..2a6805979 100644
--- a/pkg/criu/criu.go
+++ b/pkg/criu/criu.go
@@ -7,6 +7,10 @@ import (
 // MinCriuVersion for Podman at least CRIU 3.11 is required
 const MinCriuVersion = 31100
 
+// PodCriuVersion is the version of CRIU needed for
+// checkpointing and restoring containers out of and into Pods.
+const PodCriuVersion = 31600
+
 // CheckForCriu uses CRIU's go bindings to check if the CRIU
 // binary exists and if it at least the version Podman needs.
 func CheckForCriu(version int) bool {
-- 
cgit v1.2.3-54-g00ecf