Hi Pavel, This patch seems to be missing from your most recent patchset. Do you want to include it in the set as a helper or should I just send this to Andrew separately ? Suka ----- Forwarded message from sukadev@xxxxxxxxxx ----- | Date: Fri, 3 Aug 2007 13:51:20 -0700 | From: sukadev@xxxxxxxxxx | To: Oleg Nesterov <oleg@xxxxxxxxxx> | Cc: Containers <containers@xxxxxxxxxxxxxx>, Pavel Emelianov <xemul@xxxxxxxxxx> | Subject: Re: [PATCH] Fix capability.c to work with threaded init | | Oleg Nesterov [oleg@xxxxxxxxxx] wrote: | | On 08/03, Dave Hansen wrote: | | > | | > On Thu, 2007-08-02 at 23:26 -0700, sukadev@xxxxxxxxxx wrote: | | > > | | > > Callers of is_container_init() should pass in task->group_leader | | > > to ensure they work with threaded-init. | | > | | > Can you explain this in a little more detail? That's a pretty sparse | | > changelog. | | | | You are right. The changelog could be better. How about this: | | | | | Without this change cap_set_all() skips only the main thread of /sbin/init, | | but we should skip the entire process as the comment states. | | | | Oleg. | | | --- | | From: Sukadev Bhattiprolu <sukadev@xxxxxxxxxx> | Subject: [PATCH] cap_set_all() must skip all threads of init | | When setting capabilities, cap_set_all() must skip all threads of the | container_init process - not just the main thread. | | Signed-off-by: Sukadev Bhattiprolu <sukadev@xxxxxxxxxx> | --- | kernel/capability.c | 2 +- | 1 file changed, 1 insertion(+), 1 deletion(-) | | Index: lx26-23-rc1-mm1/kernel/capability.c | =================================================================== | --- lx26-23-rc1-mm1.orig/kernel/capability.c 2007-08-02 22:58:02.000000000 -0700 | +++ lx26-23-rc1-mm1/kernel/capability.c 2007-08-02 22:58:17.000000000 -0700 | @@ -137,7 +137,7 @@ static inline int cap_set_all(kernel_cap | int found = 0; | | do_each_thread(g, target) { | - if (target == current || is_container_init(target)) | + if (target == current || is_container_init(target->group_leader)) | continue; | found = 1; | if (security_capset_check(target, effective, inheritable, | | _______________________________________________ | Containers mailing list | Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx | https://lists.linux-foundation.org/mailman/listinfo/containers ----- End forwarded message ----- _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers