-
Feature Request
-
Resolution: Unresolved
-
Undefined
-
None
-
OpenShift 4.0, openshift-4.14.z, openshift-4.17.z
-
False
-
None
-
False
-
Not Selected
-
x86_64
-
-
-
-
1. Proposed title of this feature request
Forensic Container Core Dumping
2. What is the nature and description of the request?
CRIU does not depend on Kubelet Checkpoint API nor Kubelet API! And OpenShift includes it (By default, CRIU is installed on RHCOS) but it is not enabled in CRI-O.
To enable CRIU, we need to apply a generated MachineConfig object from the butane file below :
variant: openshift
version: 4.14.0
metadata:
name: 05-enable-criu
labels:
machineconfiguration.openshift.io/role: master
storage:
files:
- path: /etc/crio/crio.conf.d/05-enable-criu
mode: 0644
overwrite: true
contents:
inline: |
[crio.runtime]
enable_criu_support = true
3. Why does the customer need this? (List the business requirements here)
ContainerCheckpoint (Kubelet Checkpoint API) is still a tech preview and the costumer require the container core dumping for the digital forensics and incident response (DFIR) !
4. List any affected packages or components.
OpenShift 4.14.29 * criu 3.17 (3-17-5.el9_2) * cri-o 1.27 (1.27.7-3) * systemd-coredump 252 (252-14.el9_2.7)
Additional info:
* https://access.redhat.com/support/cases/#/case/03963530 * https://access.redhat.com/solutions/7008477 * https://redhat-internal.slack.com/archives/CK1AE4ZCK/p1730733713073769
- account is impacted by
-
OCPBUGS-44054 [ocp][4.14.39][systemd-coredump][252-14.el_2.8] /usr/lib/systemd/systemd-coredump do not create core dump
-
- New
-
- is related to
-
-
- Deferred
-
