[Devel] [PATCH rh7] signal/ve: allow to send signal from another ve namespace
Andrey Wagin
avagin at gmail.com
Thu Nov 12 08:51:25 PST 2015
2015-11-12 19:41 GMT+03:00 Stanislav Kinsburskiy <skinsbursky at odin.com>:
>
>
> 12.11.2015 17:11, Andrey Ryabinin пишет:
>
>>
>> On 11/12/2015 07:08 PM, Stanislav Kinsburskiy wrote:
>>>
>>>
>>> 12.11.2015 16:47, Andrey Ryabinin пишет:
>>>>
>>>> On 11/12/2015 05:59 PM, Stanislav Kinsburskiy wrote:
>>>>>
>>>>> 12.11.2015 15:53, Andrey Wagin пишет:
>>>>>>
>>>>>> 2015-11-12 17:46 GMT+03:00 Stanislav Kinsburskiу
>>>>>> <skinsbursky at odin.com>:
>>>>>>>
>>>>>>> 12 нояб. 2015 г. 15:14 пользователь Andrey Ryabinin
>>>>>>> <aryabinin at virtuozzo.com> написал:
>>>>>>>>
>>>>>>>> CRIU sends SIGKILL to container's init process as a part of
>>>>>>>> cleanup process if restoring failed.
>>>>>>>> CRIU does this from a different ve, which is currently not allowed
>>>>>>>> without any apparent reason.
>>>>>>>
>>>>>>> The reason looks very clear to me: improve namespaces isolation.
>>>>>>> It espesially applies to killing child reaper of another ve.
>>>>>>> You throwed away this check, and now it's possible to kill one
>>>>>>> container from another one.
>>>>>>> Or I'm missing somethig?
>>>>>>
>>>>>> Each container has its own pidns, so you can't kill anyone who isn't
>>>>>> in this pidns.
>>>>>
>>>>> So how CRIU sends kill signal from one ve to another then?
>>>>>
>>>> AFAIK, CRIU creates it's own ve namespace, but it still operates in root
>>>> pid namespace.
>>>
>>> Hmm, ok.
>>> Then nothing against this patch.
>>> The only thing I'm curios: for how long we have this patch? Pid
>>> namespaces are used in OpenVZ for at least last 6 years (probably more).
>>> When this checks appeared? Maybe there was another reason, which is just
>>> not obvious so far?
>>
>> I suspect that it was just blindly ported from 2.6:
>>
>> commit fd3207d650434ac82f2c897cadd5607e67f2c274
>> Author: Kirill Tkhai <ktkhai at parallels.com>
>> Date: Fri Oct 10 19:35:02 2014 +0400
>>
>> ve: Ignore signals from wrong ve
>> Port sig_ve_ignored().
>> This is a part of 74-diff-ve-mix-combined.
>> https://jira.sw.ru/browse/PSBM-17903
>> Signed-off-by: Kirill Tkhai <ktkhai at parallels.com>
>
>
> That's for sure.
> My question was about origins of this patch.
> Thanks to Vasiliy:
>
> RCS file:
> /cvs/Virtuozzo/kernel-patches/2.6.18-rhel5/diff-ve-init-signals-20070514,v
> Working file: diff-ve-init-signals-20070514
> head: 1.1
> branch:
> locks: strict
> access list:
> symbolic names:
> keyword substitution: o
> total revisions: 1; selected revisions: 1
> description:
> ----------------------------
> revision 1.1
> date: 2007/05/18 13:24:17; author: dev; state: Exp;
> Patch from Denis Lunev <den at openvz.org>
> [VE] VE init signal delivery reworked to be similar to host
> Prevent VE init from receiving unexpected signals sent from VE
> including fatal ones. Signals sent from VE0 are still allowed,
> e.g. for fast VE stop.
> Fix for sys_reboot called from VE to force VE death
> (SIGKILL is sent in the context of VE).
>
> http://bugzilla.openvz.org/show_bug.cgi?id=533
>
> Are you sure, that you are not braking the logic, this patch introduced in
> past?
[root at fc22-vm ~]# unshare --fork -p
[root at fc22-vm ~]# kill -9 1
[root at fc22-vm ~]# kill -9 1
[root at fc22-vm ~]# kill -9 1
[root at fc22-vm ~]# kill -9 1
[root at fc22-vm ~]# kill -USR1 1
[root at fc22-vm ~]# kill -USR1 1
[root at fc22-vm ~]#
>
More information about the Devel
mailing list