The only known user of this prctl systemd
forks all children after the prctl. So no userspace regressions will
occur.
Note that runC and containerd (and thus Docker) as well as cri-o use the prctl
as well -- to be able to collect exit codes from a non-child process (namely to
collect the exit code from PID 1 in the container).
Are any of those affected by the change? I would not expect so. As it
would require having children or grand children whose exit codes you
don't want to collect.
AFAICS they do appear to work (and runC definitely calls the prctl
before it creates the container init process -- so it shouldn't break
anything for runC). I was just pointing out that systemd isn't the only
major userspace user of the prctl (for future reference).
--
Aleksa Sarai
Software Engineer (Containers)
SUSE Linux GmbH
https://www.cyphar.com/