[Devel] Re: [patch 1/1][RFC] do not sys_reboot when not in init_pid_ns

Dave Hansen dave at linux.vnet.ibm.com
Mon Nov 3 10:59:15 PST 2008


On Sun, 2008-11-02 at 01:00 +0100, Daniel Lezcano wrote:
> +++ net-next-2.6/kernel/sys.c
> @@ -355,6 +355,9 @@ asmlinkage long sys_reboot(int magic1, i
>         if (!capable(CAP_SYS_BOOT))
>                 return -EPERM;
> 
> +       if (current->nsproxy->pid_ns != &init_pid_ns)
> +               return 0;
> +
>         /* For safety, we require "magic" arguments. */
>         if (magic1 != LINUX_REBOOT_MAGIC1 ||
>             (magic2 != LINUX_REBOOT_MAGIC2 &&

One problem I have with this is that it specifically defines being "in a
container" as being in a pid_ns other than the init_pid_ns.  If we're
going to go down this road, it should be at *least*:

int in_a_container(void)
{
	return current->nsproxy->pid_ns != &init_pid_ns;
}

But, this also sucks because we don't want to be introducing new code
paths all over the kernel for the "container" case.  What we'll end up
with little craplets like this spread all over:

	if (in_a_container()) {
		/* don't ever test this code path */
	}

:)

So I think we should avoid what you're trying to do here like the
plague.

-- Dave

_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers




More information about the Devel mailing list