From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org
Cc: Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>,
Oleg Nesterov <oleg-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>,
Pavel Emelyanov <xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
Subject: Re: [RFC][PATCH] 'kill sig -1' must only apply to callers namespace
Date: Tue, 21 Oct 2008 20:18:55 -0700 [thread overview]
Message-ID: <m1od1dnwps.fsf@frodo.ebiederm.org> (raw)
In-Reply-To: <20081022014141.GA25355-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> (sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org's message of "Tue, 21 Oct 2008 18:41:41 -0700")
sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org writes:
>>From d92b4befe07c6a1e852e4462126a5443342448cd Mon Sep 17 00:00:00 2001
> From: Sukadev Bhattiprolu <sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
> Date: Tue, 21 Oct 2008 18:00:01 -0700
> Subject: [PATCH] kill sig -1 must only apply to callers namespace
>
> Currently "kill <sig> -1" kills processes in all namespaces and breaks the
> isolation of namespaces. Earlier attempt to fix this is discussed at:
>
> http://lkml.org/lkml/2008/7/23/148
>
> but nothing seems to have happened since then.
Ugh. I thought that conversation had resolved the problem and gotten
a patch in.
This patch works because pid_vnr returns 0 for processes outside of
the current pid namespace.
> This patch uses the simple fix suggested by Oleg Nesterov.
>
> Signed-off-by: Sukadev Bhattiprolu <sukadev-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Acked-by: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
> ---
> kernel/signal.c | 3 ++-
> 1 files changed, 2 insertions(+), 1 deletions(-)
>
> diff --git a/kernel/signal.c b/kernel/signal.c
> index 105217d..4530fc6 100644
> --- a/kernel/signal.c
> +++ b/kernel/signal.c
> @@ -1144,7 +1144,8 @@ static int kill_something_info(int sig, struct siginfo
> *info, pid_t pid)
> struct task_struct * p;
>
> for_each_process(p) {
> - if (p->pid > 1 && !same_thread_group(p, current)) {
> + if (task_pid_vnr(p) > 1 &&
> + !same_thread_group(p, current)) {
> int err = group_send_sig_info(sig, info, p);
> ++count;
> if (err != -EPERM)
> --
> 1.5.2.5
prev parent reply other threads:[~2008-10-22 3:18 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-22 1:41 [RFC][PATCH] 'kill sig -1' must only apply to callers namespace sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
[not found] ` <20081022014141.GA25355-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-10-22 3:02 ` Daniel Hokka Zakrisson
2008-10-22 3:18 ` Eric W. Biederman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1od1dnwps.fsf@frodo.ebiederm.org \
--to=ebiederm-as9lmozglivwk0htik3j/w@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=oleg-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org \
--cc=sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org \
--cc=xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.