From: Serge Hallyn <serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
To: Nathan Lynch <ntl-e+AXbWqSrlAAvxtiuMwx3w@public.gmane.org>
Cc: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
Subject: Re: [C/R PATCH] reject checkpoint of fd subject to F_SETSIG
Date: Mon, 2 May 2011 13:54:48 -0500 [thread overview]
Message-ID: <20110502185448.GA32506@mail.hallyn.com> (raw)
In-Reply-To: <1304361296.6609.22.camel@tp-t61>
Quoting Nathan Lynch (ntl-e+AXbWqSrlAAvxtiuMwx3w@public.gmane.org):
> On Mon, 2011-05-02 at 08:18 -0500, Serge Hallyn wrote:
> > Quoting Nathan Lynch (ntl-e+AXbWqSrlAAvxtiuMwx3w@public.gmane.org):
> > > Similar to our handling of fds that have been subject to F_SETOWN,
> > > detect when an fd has had its f_owner->signum changed from the
> > > default.
> > >
> > > Signed-off-by: Nathan Lynch <ntl-e+AXbWqSrlAAvxtiuMwx3w@public.gmane.org>
> >
> > Hey Nathan,
> >
> > Can you give more motivation for this? Do you just feel that it
> > isn't worth the risk of mis-coding the check at restart?
>
> The principle here is that we should try to catch at checkpoint time
> that which we don't handle correctly at restart. Right now checkpoint
> apparently succeeds, but doing a fcntl(F_GETSIG) after a restart will
> show that the signal set before checkpoint has not been preserved.
Really? I thought for sure Suka had addressed that.
So if you don't mind, please add 'because we do not reset it at restart'
to the end of your description?
> > For safety check, what about forcing such a task to be restarted
> > in a private pidns?
>
> Sorry, I'm not making the connection between this concern and F_SETSIG
> and F_GETSIG.
The signal signum will only be sent to the task identified, by pid,
as the owner. If we weren't doing things right at restart, then
a malicious restarter could cause any signal to be sent to a pid
which it shouldn't be able to kill.
thanks,
-serge
next prev parent reply other threads:[~2011-05-02 18:54 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-29 21:27 [C/R PATCH] reject checkpoint of fd subject to F_SETSIG Nathan Lynch
[not found] ` <1304112454-24641-1-git-send-email-ntl-e+AXbWqSrlAAvxtiuMwx3w@public.gmane.org>
2011-05-02 13:18 ` Serge Hallyn
[not found] ` <20110502131824.GC9375-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-05-02 18:34 ` Nathan Lynch
2011-05-02 18:54 ` Serge Hallyn [this message]
[not found] ` <20110502185448.GA32506-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-05-03 18:40 ` Sukadev Bhattiprolu
[not found] ` <20110503184031.GD8093-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2011-05-03 20:08 ` Serge E. Hallyn
[not found] ` <20110503200820.GA24419-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2011-05-07 17:27 ` Oren Laadan
2011-05-04 4:53 ` Oren Laadan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110502185448.GA32506@mail.hallyn.com \
--to=serge.hallyn-z7wlfzj8ewms+fvcfc7uqw@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ntl-e+AXbWqSrlAAvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.