mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-09 23:39:18 +00:00
pid namespaces: allow signalling cgroup-init
Only the global-init process must be special - any other cgroup-init process must be killable to prevent run-away processes in the system. TODO: Ideally we should allow killing the cgroup-init only from parent cgroup and prevent it being killed from within the cgroup. But that is a more complex change and will be addressed by a follow-on patch. For now allow the cgroup-init to be terminated by any process with sufficient privileges. Signed-off-by: Sukadev Bhattiprolu <sukadev@us.ibm.com> Acked-by: Pavel Emelyanov <xemul@openvz.org> Cc: Oleg Nesterov <oleg@tv-sign.ru> Cc: Sukadev Bhattiprolu <sukadev@us.ibm.com> Cc: Paul Menage <menage@google.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
c9c5d92211
commit
0fbc26a6cf
@ -1835,11 +1835,9 @@ relock:
|
||||
continue;
|
||||
|
||||
/*
|
||||
* Init of a pid space gets no signals it doesn't want from
|
||||
* within that pid space. It can of course get signals from
|
||||
* its parent pid space.
|
||||
* Global init gets no signals it doesn't want.
|
||||
*/
|
||||
if (current == task_child_reaper(current))
|
||||
if (is_global_init(current))
|
||||
continue;
|
||||
|
||||
if (sig_kernel_stop(signr)) {
|
||||
|
Loading…
x
Reference in New Issue
Block a user