From: Oleg Nesterov <oleg@redhat.com>
To: Bryan Donlan <bdonlan@gmail.com>
Cc: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>,
ebiederm@xmission.com, roland@redhat.com, bastian@waldi.eu.org,
daniel@hozac.com, xemul@openvz.org, containers@lists.osdl.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 0/7][v7] Container-init signal semantics
Date: Wed, 21 Jan 2009 09:31:36 +0100 [thread overview]
Message-ID: <20090121083136.GA30368@redhat.com> (raw)
In-Reply-To: <3e8340490901202039r1ac7e0te5372690dfe81089@mail.gmail.com>
On 01/20, Bryan Donlan wrote:
>
> On Sat, Jan 17, 2009 at 3:26 PM, Sukadev Bhattiprolu
> <sukadev@linux.vnet.ibm.com> wrote:
> >
> > - container-init may be immune to unhandled fatal signals (like
> > SIGUSR1) even if they are from ancestor namespace (SIGKILL is
> > the only reliable signal from ancestor namespace).
>
> SIGSTOP is normally uncatchable; I note that patch 4 states that
> SIGSTOP is allowed through to container-init, but given this summary
> is SIGSTOP still reliable when sent to a container-init from an
> ancestor namespace?
Yes we should handle SIGSTOP fine if it sent from the parent namespace.
Also. Currently it is possible to ptrace the global init, but even
ptracer can't stop it (but ptrace_stop() works). With these patches
ptracer can stop init.
I forgot to mention this behaviour change, imho this side-effect
is good.
Oleg.
next prev parent reply other threads:[~2009-01-21 8:34 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-17 20:26 [PATCH 0/7][v7] Container-init signal semantics Sukadev Bhattiprolu
2009-01-17 20:35 ` [PATCH 1/7][v7] Remove 'handler' parameter to tracehook functions Sukadev Bhattiprolu
2009-01-17 20:35 ` [PATCH 2/7][v7] Protect init from unwanted signals more Sukadev Bhattiprolu
2009-01-17 20:35 ` [PATCH 3/7][v7] Add from_ancestor_ns parameter to send_signal() Sukadev Bhattiprolu
2009-01-17 20:36 ` [PATCH 4/7][v7] Protect cinit from unblocked SIG_DFL signals Sukadev Bhattiprolu
2009-01-17 22:12 ` Oleg Nesterov
2009-01-20 1:07 ` Sukadev Bhattiprolu
2009-01-20 1:09 ` Sukadev Bhattiprolu
2009-01-17 20:36 ` [PATCH 5/7][v7] Protect cinit from blocked fatal signals Sukadev Bhattiprolu
2009-01-17 20:37 ` [PATCH 6/7][v7] SI_USER: Masquerade si_pid when crossing pid ns boundary Sukadev Bhattiprolu
2009-01-17 20:37 ` [PATCH 7/7][v7] proc: Show SIG_DFL signals to init as "ignored" signals Sukadev Bhattiprolu
2009-01-17 22:19 ` Oleg Nesterov
2009-01-20 1:04 ` Sukadev Bhattiprolu
2009-01-20 7:33 ` Oleg Nesterov
2009-01-20 16:09 ` Sukadev Bhattiprolu
2009-01-19 2:09 ` [PATCH 0/7][v7] Container-init signal semantics KAMEZAWA Hiroyuki
2009-01-21 3:05 ` Sukadev Bhattiprolu
2009-01-21 3:53 ` KAMEZAWA Hiroyuki
2009-01-21 4:16 ` Eric W. Biederman
2009-01-21 4:23 ` KAMEZAWA Hiroyuki
2009-01-21 4:05 ` Serge E. Hallyn
2009-01-22 5:48 ` Matt Helsley
2009-01-21 4:39 ` Bryan Donlan
2009-01-21 8:31 ` Oleg Nesterov [this message]
2009-02-07 21:20 ` Sukadev Bhattiprolu
2009-02-09 4:04 ` Roland McGrath
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090121083136.GA30368@redhat.com \
--to=oleg@redhat.com \
--cc=bastian@waldi.eu.org \
--cc=bdonlan@gmail.com \
--cc=containers@lists.osdl.org \
--cc=daniel@hozac.com \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=roland@redhat.com \
--cc=sukadev@linux.vnet.ibm.com \
--cc=xemul@openvz.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).