sukadev@xxxxxxxxxx writes: > Should we include this in the patchset ? [...] > Only the global-init process must be special - any other > container-init process must be killable to prevent run-away processes > in the system. One problem I hit while using OpenVZ is that some init processes -- notable upstart used by Ubuntu -- depend on the special signal processing extended to init by the kernel. The problem here was that a signal the kernel would otherwise have blocked was sent to upstart, the default handler was invoked and init was terminated. > TODO: Ideally we should allow killing the container-init only from > ancestor containers and prevent it being killed from that or > descendant containers. But that is a more complex change and > will be addressed by a follow-on patch. For now allow the > container-init to be terminated by any process with sufficient > privileges. This will break, as far as I can see, by allowing the container root to send signals to init that it doesn't expect. Regards, Daniel -- Digital Infrastructure Solutions -- making IT simple, stable and secure Phone: 0401 155 707 email: contact@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx http://digital-infrastructure.com.au/ _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers