Hi Eric, oleg@xxxxxxxxxx no longer works, so I just noticed these emails. On 11/16, Eric W. Biederman wrote: > > Unsharing of the pid namespace unlike unsharing of other namespaces > does not take affect immediately. Instead it affects the children > created with fork and clone. I'll try to read this series later, but I am not sure I will ever understand the code with these patches ;) So alloc_pid() becomes the only user nsproxy->pid_ns and it is not necessarily equal to task_active_pid_ns(). It seems to me that this adds a lot of new corner cases. Unless I missed something, at least we should not allow CLONE_THREAD if active_pid_ns != nsproxy->pid_ns. If nothing else, copy_process() initializes ->child_reaper only if thread_group_leader(child). And ->child_reaper == NULL can obviously lead to crash. Oleg. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
