[Devel] [PATCH rh7] signal/ve: allow to send signal from another ve namespace

Mon Nov 16 03:44:43 PST 2015

On 11/12/2015 08:07 PM, Stanislav Kinsburskiу wrote:
> 
> 12 нояб. 2015 г. 17:51 пользователь Andrey Wagin <avagin at gmail.com> написал:
>>
>>
>>
>> [root at fc22-vm ~]# unshare --fork -p 
>> [root at fc22-vm ~]# kill -9 1 
>> [root at fc22-vm ~]# kill -9 1 
>> [root at fc22-vm ~]# kill -9 1 
>> [root at fc22-vm ~]# kill -9 1 
>> [root at fc22-vm ~]# kill -USR1 1 
>> [root at fc22-vm ~]# kill -USR1 1 
>> [root at fc22-vm ~]# 
>>
> 
>  Ok then. Probably, this patch should be ported to rhel6 as well.
> 

Probably not, simply removing sig_ve_ignored() doesn't work (it allows to kill init from container).
In rhel6 creation of namespace's init handled via proc_pid_ns_attach_init() which doesn't set SIGNAL_UNKILLABLE.
In 3.10 we use CLONE_NEWPID, and fork sets SIGNAL_UNKILLALBLE flag for container's init.