Quoting Sukadev Bhattiprolu (sukadev@xxxxxxxxxxxxxxxxxx): > > Container-init must behave like global-init to processes within the > container and hence it must be immune to unhandled fatal signals from > within the container (i.e SIG_DFL signals that terminate the process). > > But the same container-init must behave like a normal process to > processes in ancestor namespaces and so if it receives the same fatal > signal from a process in ancestor namespace, the signal must be > processed. > > Implementing these semantics requires that send_signal() determine pid > namespace of the sender but since signals can originate from workqueues/ > interrupt-handlers, determining pid namespace of sender may not always > be possible or safe. Tested-by: Serge Hallyn <serue@xxxxxxxxxx> Tested sending signals to a custom container-init. Are you planning to address Oleg's comments with a new patch-set, or with patches on top of this set? thanks, -serge _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
