From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org
Cc: Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>,
Oleg Nesterov <oleg-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org>,
Pavel Emelyanov <xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
Subject: Re: [RFC][PATCH] 'kill sig -1' must only apply to callers namespace
Date: Tue, 21 Oct 2008 20:18:55 -0700 [thread overview]
Message-ID: <m1od1dnwps.fsf@frodo.ebiederm.org> (raw)
In-Reply-To: <20081022014141.GA25355-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> (sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org's message of "Tue, 21 Oct 2008 18:41:41 -0700")
sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org writes:
>>From d92b4befe07c6a1e852e4462126a5443342448cd Mon Sep 17 00:00:00 2001
> From: Sukadev Bhattiprolu <sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
> Date: Tue, 21 Oct 2008 18:00:01 -0700
> Subject: [PATCH] kill sig -1 must only apply to callers namespace
>
> Currently "kill <sig> -1" kills processes in all namespaces and breaks the
> isolation of namespaces. Earlier attempt to fix this is discussed at:
>
> http://lkml.org/lkml/2008/7/23/148
>
> but nothing seems to have happened since then.
Ugh. I thought that conversation had resolved the problem and gotten
a patch in.
This patch works because pid_vnr returns 0 for processes outside of
the current pid namespace.
> This patch uses the simple fix suggested by Oleg Nesterov.
>
> Signed-off-by: Sukadev Bhattiprolu <sukadev-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Acked-by: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
> ---
> kernel/signal.c | 3 ++-
> 1 files changed, 2 insertions(+), 1 deletions(-)
>
> diff --git a/kernel/signal.c b/kernel/signal.c
> index 105217d..4530fc6 100644
> --- a/kernel/signal.c
> +++ b/kernel/signal.c
> @@ -1144,7 +1144,8 @@ static int kill_something_info(int sig, struct siginfo
> *info, pid_t pid)
> struct task_struct * p;
>
> for_each_process(p) {
> - if (p->pid > 1 && !same_thread_group(p, current)) {
> + if (task_pid_vnr(p) > 1 &&
> + !same_thread_group(p, current)) {
> int err = group_send_sig_info(sig, info, p);
> ++count;
> if (err != -EPERM)
> --
> 1.5.2.5
prev parent reply other threads:[~2008-10-22 3:18 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-22 1:41 [RFC][PATCH] 'kill sig -1' must only apply to callers namespace sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8
[not found] ` <20081022014141.GA25355-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-10-22 3:02 ` Daniel Hokka Zakrisson
2008-10-22 3:18 ` Eric W. Biederman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1od1dnwps.fsf@frodo.ebiederm.org \
--to=ebiederm-as9lmozglivwk0htik3j/w@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=oleg-6lXkIZvqkOAvJsYlp49lxw@public.gmane.org \
--cc=sukadev-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org \
--cc=xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox