From: Sukadev Bhattiprolu <sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
To: serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
Oleg Nesterov <oleg-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>,
roland-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
Pavel Emelyanov <xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>,
Alexey
Cc: Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
"David C. Hansen"
<haveblue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Subject: [RFC][PATCH 2/2] Prevent container-inits from using CLONE_PARENT
Date: Wed, 17 Jun 2009 19:51:03 -0700 [thread overview]
Message-ID: <20090618025103.GB31672@us.ibm.com> (raw)
In-Reply-To: <20090618024743.GA31515-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Prevent container-inits from using CLONE_PARENT
If a container-init creates a sibling (using CLONE_PARENT), pid namespace
semantics become complicated:
- the "active pid namespace" of the sibling will be the descendant
container, but its not obvious if that is correct.
- if container-init exits, it will terminate the sibling, but again
its not clear if that is the correct behavior.
- the sibling exists in both parent and child containers while current
pid namespace semantics assume that only container-init can exist
in both parent/child containers.
- the parent of the sibling is not a descendant of container-init
(while pid namespaces assume that all processes in the container
are descendants of the container-init)
- When the sibling dies, the SIGCHLD is sent to its parent (if
alive), i.e the signal escapes the container to a parent container.
(if the parent of the sibling exits, the container-init then becomes
the reaper of the sibling).
To keep pid namespace semantics simple, prevent container-inits from using
CLONE_PARENT at least until we have a better understanding of CLONE_PARENT
and pid-namespace interactions.
Untested, RFC patch :-)
Signed-off-by: Sukadev Bhattiprolu <sukadev-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
---
kernel/fork.c | 8 ++++++++
1 file changed, 8 insertions(+)
Index: linux-mmotm/kernel/fork.c
===================================================================
--- linux-mmotm.orig/kernel/fork.c 2009-06-17 18:23:23.000000000 -0700
+++ linux-mmotm/kernel/fork.c 2009-06-17 19:17:54.000000000 -0700
@@ -974,6 +974,14 @@ static struct task_struct *copy_process(
if ((clone_flags & CLONE_SIGHAND) && !(clone_flags & CLONE_VM))
return ERR_PTR(-EINVAL);
+ /*
+ * To keep pid namespace semantics simple, prevent container-inits
+ * from creating siblings.
+ */
+ if ((clone_flags & CLONE_PARENT) &&
+ is_container_init(current) && !is_global_init(current))
+ return ERR_PTR(-EINVAL);
+
retval = security_task_create(clone_flags);
if (retval)
goto fork_out;
next prev parent reply other threads:[~2009-06-18 2:51 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-06-18 2:47 [RFC][PATCH 0/2] CLONE_PARENT and pid namespaces Sukadev Bhattiprolu
[not found] ` <20090618024743.GA31515-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-06-18 2:49 ` [RFC][PATCH 1/2] Deny CLONE_PARENT|CLONE_NEWPID combination Sukadev Bhattiprolu
[not found] ` <20090618024934.GA31672-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-06-18 3:26 ` Roland McGrath
2009-06-18 3:30 ` Eric W. Biederman
[not found] ` <m1d492jk0k.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-06-18 22:28 ` Sukadev Bhattiprolu
2009-06-18 2:51 ` Sukadev Bhattiprolu [this message]
[not found] ` <20090618025103.GB31672-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-06-18 3:20 ` [RFC][PATCH 2/2] Prevent container-inits from using CLONE_PARENT Eric W. Biederman
[not found] ` <m18wjqkz2i.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2009-06-18 22:40 ` Sukadev Bhattiprolu
2009-06-18 3:28 ` Roland McGrath
2009-06-18 15:35 ` Oleg Nesterov
[not found] ` <20090618153501.GA6404-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-06-18 15:42 ` Oleg Nesterov
2009-06-18 15:42 ` Oleg Nesterov
2009-06-18 22:52 ` Sukadev Bhattiprolu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090618025103.GB31672@us.ibm.com \
--to=sukadev-23vcf4htsmix0ybbhkvfkdbpr1lh4cv8@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=haveblue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
--cc=oleg-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org \
--cc=roland-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
--cc=xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.