On Fri, May 22, 2020 at 7:55 AM Adrian Reber <areber@xxxxxxxxxx> wrote: > This enables CRIU to checkpoint and restore a process as non-root. > > Over the last years CRIU upstream has been asked a couple of time if it > is possible to checkpoint and restore a process as non-root. The answer > usually was: 'almost'. > > The main blocker to restore a process was that selecting the PID of the > restored process, which is necessary for CRIU, is guarded by CAP_SYS_ADMIN. And if you were restoring the process into your own PID namespace, so that you actually have a guarantee that this isn't going to blow up in your face because one of your PIDs is allocated for a different process, this part of the problem could be simplified. I don't get why your users are fine with a "oh it kinda works 99% of the time but sometimes it randomly doesn't and then you have to go reboot or whatever" model.