Re: [RFC][PATCH] Disable CLONE_PARENT for init

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Sukadev Bhattiprolu <sukadev@xxxxxxxxxxxxxxxxxx> writes:

> | This won't fix the problem. The child won't autoreap itself if ->exit_signal
> | != SIGCHLD.
> | 
> | > If you want to make this change because of container-init issues, I think
> | > you should just say so independent of this global-init case.
> | 
> | Yes, agreed, the comment looks confusing.
> | 
> | Oleg
>
> Here is an updated patch with comments fixed.
>
> Roland pls ack again if this is better.
>
> ---
>
> Disable CLONE_PARENT for init.
>
> When global or container-init processes use CLONE_PARENT, they create a
> multi-rooted process tree. Besides if the siblings of init exit, the
> SIGCHLD is not sent to init process resulting in the zombies sticking
> around indefinitely.
>
> Changelog[v3]:
> 	- [Roland, Oleg] Simplify comment describing the change
> Changelog[v2]:
> 	- Simplify patch description based on comments from Eric Biederman
> 	  and Oleg Nesterov.
> 	- [Oleg Nesterov] Use SIGNAL_UNKILLABLE instead of is_global_init()
>
> Signed-off-by: Sukadev Bhattiprolu <sukadev@xxxxxxxxxx>

Acked-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>

> ---
>  kernel/fork.c |    8 ++++++++
>  1 file changed, 8 insertions(+)
>
> Index: linux-mmotm/kernel/fork.c
> ===================================================================
> --- linux-mmotm.orig/kernel/fork.c	2009-06-30 23:01:06.000000000 -0700
> +++ linux-mmotm/kernel/fork.c	2009-07-01 14:43:10.000000000 -0700
> @@ -974,6 +974,14 @@ static struct task_struct *copy_process(
>  	if ((clone_flags & CLONE_SIGHAND) && !(clone_flags & CLONE_VM))
>  		return ERR_PTR(-EINVAL);
>  
> +	/*
> +	 * To avoid multi-rooted process-trees prevent global and container
> +	 * inits from creating siblings.
> +	 */
> +	if ((clone_flags & CLONE_PARENT) &&
> +				current->signal->flags & SIGNAL_UNKILLABLE)
> +		return ERR_PTR(-EINVAL);
> +
>  	retval = security_task_create(clone_flags);
>  	if (retval)
>  		goto fork_out;
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
[Index of Archives]     [Cgroups]     [Netdev]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux