Christian Brauner <christian.brauner@xxxxxxxxxx> writes: > On Tue, Apr 21, 2020 at 02:17:22PM +0200, Oleg Nesterov wrote: >> On 04/21, Christian Brauner wrote: >> > >> > process B setnses into >> > <pidnsC> which is a sibling pid namespace, >> >> please see pidns_install(), it verifies that >> >> * Only allow entering the current active pid namespace >> * or a child of the current active pid namespace. > > I forgot about that. > > Though, don't we have the same problem in: > > static void do_notify_parent_cldstop(struct task_struct *tsk, > bool for_ptracer, int why) > > at least for the for_ptrace is false case? The same problem does not exist with do_notify_parent_cldstop because do_notify_parent_cldstop is always called from current (there is one case of current->group_leader but that is close enough calculations made against current are true). However because do_notify_parent_cldstop calculates si_pid and si_uid of the target parent process I think we can still get the wrong si_uid. So it probably makes sense to generalize the fixup code in send_signal and make do_notify_parent_cldstop just generate ids in the current namespace and let the fixup code do it's job. Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
