From: Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Kay Sievers <kay.sievers-tD+1rO4QERM@public.gmane.org>
Cc: akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
lennart-mdGvqq1h2p+GdvJs77BJ7Q@public.gmane.org,
linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
roland-/Z5OmTQCD9xF6kxbq+BtvQ@public.gmane.org,
torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org
Subject: Re: + prctl-add-pr_setget_child_reaper-to-allow-simple-process-supervision .patch added to -mm tree
Date: Wed, 17 Aug 2011 16:16:41 +0200 [thread overview]
Message-ID: <20110817141641.GA15503@redhat.com> (raw)
In-Reply-To: <CAPXgP10A4rcQLht--h1d3PJE=oOrm=MSjGXTUSKVF+ssnkt_gw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
On 08/17, Kay Sievers wrote:
>
> On Wed, Aug 17, 2011 at 15:05, Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote:
> >
> > But, I seem to remember, that patch cleared ->child_reaper on exec,
>
> I don't think he original patch did.
>
> > I think this makes sense.
>
> Why would it? Systemd can serialize its state and properly re-exec
> itself as many times as needed during its lifetime. Why would the
> kernel take something away from a process, which it explicitly asked
> for?
>
> > And I am not sure about security. No, I do not see any problems, just
> > I don't know. Say, should we check the creds during reparenting? I
> > dunno.
>
> Hmm, I don't see why that would be necessary. It's just one of our
> parents that aks for our signals.
Oh, I do not know. I do not pretend I understand the security ;)
For example. I simply can't understand why do we have security_task_wait().
Why waitpid(my_natural_child) can fail for security reasons? But we have
selinux_task_wait().
So, once again. I am not arguing. I am only asking the questions.
I didn't mean I see any problem here.
Oleg.
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Oleg Nesterov <oleg@redhat.com>
To: Kay Sievers <kay.sievers@vrfy.org>
Cc: akpm@linux-foundation.org, linux-kernel@vger.kernel.org,
lennart@poettering.net, linux-man@vger.kernel.org,
roland@hack.frob.com, torvalds@linux-foundation.org
Subject: Re: + prctl-add-pr_setget_child_reaper-to-allow-simple-process-supervision .patch added to -mm tree
Date: Wed, 17 Aug 2011 16:16:41 +0200 [thread overview]
Message-ID: <20110817141641.GA15503@redhat.com> (raw)
In-Reply-To: <CAPXgP10A4rcQLht--h1d3PJE=oOrm=MSjGXTUSKVF+ssnkt_gw@mail.gmail.com>
On 08/17, Kay Sievers wrote:
>
> On Wed, Aug 17, 2011 at 15:05, Oleg Nesterov <oleg@redhat.com> wrote:
> >
> > But, I seem to remember, that patch cleared ->child_reaper on exec,
>
> I don't think he original patch did.
>
> > I think this makes sense.
>
> Why would it? Systemd can serialize its state and properly re-exec
> itself as many times as needed during its lifetime. Why would the
> kernel take something away from a process, which it explicitly asked
> for?
>
> > And I am not sure about security. No, I do not see any problems, just
> > I don't know. Say, should we check the creds during reparenting? I
> > dunno.
>
> Hmm, I don't see why that would be necessary. It's just one of our
> parents that aks for our signals.
Oh, I do not know. I do not pretend I understand the security ;)
For example. I simply can't understand why do we have security_task_wait().
Why waitpid(my_natural_child) can fail for security reasons? But we have
selinux_task_wait().
So, once again. I am not arguing. I am only asking the questions.
I didn't mean I see any problem here.
Oleg.
next prev parent reply other threads:[~2011-08-17 14:16 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-16 20:11 + prctl-add-pr_setget_child_reaper-to-allow-simple-process-supervision.patch added to -mm tree akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b
[not found] ` <201108162011.p7GKBcY0023134-AB4EexQrvXRQetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>
2011-08-17 11:55 ` + prctl-add-pr_setget_child_reaper-to-allow-simple-process-supervision .patch " Oleg Nesterov
2011-08-17 11:55 ` Oleg Nesterov
[not found] ` <20110817115543.GA8745-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-08-17 13:05 ` Oleg Nesterov
2011-08-17 13:05 ` Oleg Nesterov
[not found] ` <20110817130531.GA12204-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-08-17 13:21 ` Kay Sievers
2011-08-17 13:21 ` Kay Sievers
[not found] ` <CAPXgP10A4rcQLht--h1d3PJE=oOrm=MSjGXTUSKVF+ssnkt_gw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-08-17 13:37 ` Alan Cox
2011-08-17 13:37 ` Alan Cox
[not found] ` <20110817143728.7abc955b-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org>
2011-08-23 0:30 ` Colin Walters
2011-08-23 0:30 ` Colin Walters
2011-08-17 14:16 ` Oleg Nesterov [this message]
2011-08-17 14:16 ` Oleg Nesterov
2011-08-17 16:03 ` Denys Vlasenko
2011-08-17 16:03 ` Denys Vlasenko
2011-08-17 13:13 ` Kay Sievers
[not found] ` <CAPXgP12rYf2HmmsJAuJw=nrtcjTRR1WzDhLNM47eKhKA1UTfJQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-08-17 13:45 ` Oleg Nesterov
2011-08-17 13:45 ` Oleg Nesterov
[not found] ` <20110817134516.GA14136-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-08-17 15:45 ` Kay Sievers
2011-08-17 15:45 ` Kay Sievers
[not found] ` <CAPXgP101N_GESzpqu=P_H8cLoekMzb2_W2eWyAqATSjm4Gj9CA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-08-17 15:53 ` Alan Cox
2011-08-17 15:53 ` Alan Cox
2011-08-17 16:20 ` Oleg Nesterov
2011-08-17 16:20 ` Oleg Nesterov
[not found] ` <20110817162041.GA21406-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-08-17 16:47 ` Kay Sievers
2011-08-17 16:47 ` Kay Sievers
[not found] ` <CAPXgP13Dn2c-OnYg-Cty5r4JbqeH_zYPtXDj5GAfK1btoKYmDg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-08-17 18:57 ` Oleg Nesterov
2011-08-17 18:57 ` Oleg Nesterov
[not found] ` <20110817185709.GA27663-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-08-17 20:56 ` Kay Sievers
2011-08-17 20:56 ` Kay Sievers
2011-08-18 12:43 ` Lennart Poettering
2011-08-18 12:43 ` Lennart Poettering
[not found] ` <20110818124353.GA2839-kS5D54t9nk0aINubkmmoJbNAH6kLmebB@public.gmane.org>
2011-08-18 14:25 ` Oleg Nesterov
2011-08-18 14:25 ` Oleg Nesterov
2011-08-18 18:11 ` Kay Sievers
2011-08-18 18:48 ` Oleg Nesterov
2011-08-18 18:48 ` Oleg Nesterov
[not found] ` <20110818184857.GA12094-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-08-19 1:31 ` Kay Sievers
2011-08-19 1:31 ` Kay Sievers
2011-08-19 12:25 ` Oleg Nesterov
2011-08-19 12:25 ` Oleg Nesterov
[not found] ` <20110819122503.GA8411-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-08-19 12:44 ` Kay Sievers
2011-08-19 12:44 ` Kay Sievers
[not found] ` <CAPXgP11KC2fTWBVYo6CBXe924YAyTGhx9=UTBDf4cP5Acuo0NA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-08-19 13:13 ` Oleg Nesterov
2011-08-19 13:13 ` Oleg Nesterov
2011-08-19 14:20 ` Kay Sievers
2011-08-19 14:58 ` Oleg Nesterov
2011-08-19 14:58 ` Oleg Nesterov
[not found] ` <20110819145815.GA15420-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-08-20 15:33 ` Oleg Nesterov
2011-08-20 15:33 ` Oleg Nesterov
2011-08-21 18:33 ` Kay Sievers
2011-08-22 11:14 ` Oleg Nesterov
2011-08-22 11:14 ` Oleg Nesterov
[not found] ` <20110822111402.GA13248-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-08-22 23:48 ` Kay Sievers
2011-08-22 23:48 ` Kay Sievers
2011-08-18 21:23 ` Linus Torvalds
2011-08-18 21:23 ` Linus Torvalds
[not found] ` <CA+55aFxGDbNOhNQJe_LpUMcJCGcW8qFFWzC9H0_KW26Xzb0cXw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-08-18 21:55 ` Kay Sievers
2011-08-18 21:55 ` Kay Sievers
2011-08-18 22:22 ` Linus Torvalds
2011-08-18 22:22 ` Linus Torvalds
[not found] ` <CA+55aFyFnMRMuWSSpytwvpk9u5YysMRfTRELyhGX9grWbGyi6Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-08-19 0:48 ` Kay Sievers
2011-08-19 0:48 ` Kay Sievers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110817141641.GA15503@redhat.com \
--to=oleg-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=kay.sievers-tD+1rO4QERM@public.gmane.org \
--cc=lennart-mdGvqq1h2p+GdvJs77BJ7Q@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-man-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=roland-/Z5OmTQCD9xF6kxbq+BtvQ@public.gmane.org \
--cc=torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.