[Devel] Re: [RFC][PATCH] 'kill sig -1' must only apply to callers namespace
Daniel Hokka Zakrisson
daniel at hozac.com
Tue Oct 21 20:02:17 PDT 2008
sukadev at linux.vnet.ibm.com wrote:
>
>>From d92b4befe07c6a1e852e4462126a5443342448cd Mon Sep 17 00:00:00 2001
> From: Sukadev Bhattiprolu <sukadev at linux.vnet.ibm.com>
> Date: Tue, 21 Oct 2008 18:00:01 -0700
> Subject: [PATCH] kill sig -1 must only apply to callers namespace
>
> Currently "kill <sig> -1" kills processes in all namespaces and breaks the
> isolation of namespaces. Earlier attempt to fix this is discussed at:
>
> http://lkml.org/lkml/2008/7/23/148
>
> but nothing seems to have happened since then.
>
> This patch uses the simple fix suggested by Oleg Nesterov.
>
> Signed-off-by: Sukadev Bhattiprolu <sukadev at us.ibm.com>
Tested-by: Daniel Hokka Zakrisson <daniel at hozac.com>
Thank you for taking care of this.
> ---
> kernel/signal.c | 3 ++-
> 1 files changed, 2 insertions(+), 1 deletions(-)
>
> diff --git a/kernel/signal.c b/kernel/signal.c
> index 105217d..4530fc6 100644
> --- a/kernel/signal.c
> +++ b/kernel/signal.c
> @@ -1144,7 +1144,8 @@ static int kill_something_info(int sig, struct siginfo *info, pid_t
> pid)
> struct task_struct * p;
>
> for_each_process(p) {
> - if (p->pid > 1 && !same_thread_group(p, current)) {
> + if (task_pid_vnr(p) > 1 &&
> + !same_thread_group(p, current)) {
> int err = group_send_sig_info(sig, info, p);
> ++count;
> if (err != -EPERM)
> --
> 1.5.2.5
--
Daniel Hokka Zakrisson
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list