Oleg Nesterov [oleg@xxxxxxxxxx] wrote: | Change send_signal() to use si_fromuser(). From now SEND_SIG_NOINFO | triggers the "from_ancestor_ns" check. | | This fixes reparent_thread()->group_send_sig_info(pdeath_signal) | behaviour, before this patch send_signal() does not detect the | cross-namespace case when the child of the dying parent belongs | to the sub-namespace. | | This patch can affect the behaviour of send_sig(), kill_pgrp() and | kill_pid() when the caller sends the signal to the sub-namespace | with "priv == 0" but surprisingly all callers seem to use them | correctly, including disassociate_ctty(on_exit). | | Except: drivers/staging/comedi/drivers/addi-data/*.c incorrectly | use send_sig(priv => 0). But his is minor and should be fixed | anyway. | | Reported-by: Daniel Lezcano <dlezcano@xxxxxxxxxx> | Signed-off-by: Oleg Nesterov <oleg@xxxxxxxxxx> Since, addressing the problem of container-init sending SIGKILL to itself would have to be a separate patch: Reviewed-by: Sukadev Bhattiprolu <sukadev@xxxxxxxxxx> _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
