On 01/06, Sukadev Bhattiprolu wrote: > > --- a/kernel/signal.c > +++ b/kernel/signal.c > @@ -1890,9 +1890,16 @@ relock: > > /* > * Global init gets no signals it doesn't want. > + * Container-init gets no signals it doesn't want from same > + * container. > + * > + * Note that if global/container-init sees a sig_kernel_only() > + * signal here, the signal must have been generated internally > + * or must have come from an ancestor namespace. In either > + * case, the signal cannot be dropped. > */ > if (unlikely(signal->flags & SIGNAL_UNKILLABLE) && > - !signal_group_exit(signal)) > + !sig_kernel_only(signr)) Just for record. We still have small problem with fatal_signal_pending(cinit), we should add a similar change to complete_signal to ensure that the pending SIGKILL implies SIGNAL_GROUP_EXIT. But this needs another patch, and this series is imho fine. Oleg. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers