[Devel] [PATCH rh7] signal/ve: allow to send signal from another ve namespace

Thu Nov 12 08:41:43 PST 2015

12.11.2015 17:11, Andrey Ryabinin пишет:
>
> On 11/12/2015 07:08 PM, Stanislav Kinsburskiy wrote:
>>
>> 12.11.2015 16:47, Andrey Ryabinin пишет:
>>> On 11/12/2015 05:59 PM, Stanislav Kinsburskiy wrote:
>>>> 12.11.2015 15:53, Andrey Wagin пишет:
>>>>> 2015-11-12 17:46 GMT+03:00 Stanislav Kinsburskiу <skinsbursky at odin.com>:
>>>>>> 12 нояб. 2015 г. 15:14 пользователь Andrey Ryabinin <aryabinin at virtuozzo.com> написал:
>>>>>>> CRIU sends SIGKILL to container's init process as a part of
>>>>>>> cleanup process if restoring failed.
>>>>>>> CRIU does this from a different ve, which is currently not allowed
>>>>>>> without any apparent reason.
>>>>>> The reason looks very clear to me: improve namespaces isolation.
>>>>>> It espesially applies to killing child reaper of another ve.
>>>>>> You throwed away this check, and now it's possible to kill one container from another one.
>>>>>> Or I'm missing somethig?
>>>>> Each container has its own pidns, so you can't kill anyone who isn't
>>>>> in this pidns.
>>>> So how CRIU sends kill signal from one ve to another then?
>>>>
>>> AFAIK, CRIU creates it's own ve namespace, but it still operates in root pid namespace.
>> Hmm, ok.
>> Then nothing against this patch.
>> The only thing I'm curios: for how long we have this patch? Pid namespaces are used in OpenVZ for at least last 6 years (probably more).
>> When this checks appeared? Maybe there was another reason, which is just not obvious so far?
> I suspect that it was just blindly ported from 2.6:
>
> commit fd3207d650434ac82f2c897cadd5607e67f2c274
> Author: Kirill Tkhai <ktkhai at parallels.com>
> Date:   Fri Oct 10 19:35:02 2014 +0400
>
>      ve: Ignore signals from wrong ve
>      
>      Port sig_ve_ignored().
>      
>      This is a part of 74-diff-ve-mix-combined.
>      
>      https://jira.sw.ru/browse/PSBM-17903
>      
>      Signed-off-by: Kirill Tkhai <ktkhai at parallels.com>

That's for sure.
My question was about origins of this patch.
Thanks to Vasiliy:

RCS file: 
/cvs/Virtuozzo/kernel-patches/2.6.18-rhel5/diff-ve-init-signals-20070514,v
Working file: diff-ve-init-signals-20070514
head: 1.1
branch:
locks: strict
access list:
symbolic names:
keyword substitution: o
total revisions: 1;    selected revisions: 1
description:
----------------------------
revision 1.1
date: 2007/05/18 13:24:17;  author: dev;  state: Exp;
Patch from Denis Lunev <den at openvz.org>
[VE] VE init signal delivery reworked to be similar to host
Prevent VE init from receiving unexpected signals sent from VE
including fatal ones. Signals sent from VE0 are still allowed,
e.g. for fast VE stop.
Fix for sys_reboot called from VE to force VE death
(SIGKILL is sent in the context of VE).

http://bugzilla.openvz.org/show_bug.cgi?id=533

Are you sure, that you are not braking the logic, this patch introduced 
in past?