diff options
author | Sukadev Bhattiprolu <sukadev@us.ibm.com> | 2007-10-18 23:40:13 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-10-19 11:53:40 -0700 |
commit | 0fbc26a6cfab9f377e82e28225f2c0c6b4661e5c (patch) | |
tree | e91632584a3e10a2a4b0ba34843d9363eca66302 /kernel | |
parent | c9c5d92211883e9ae22394d1f157ab0d3a7ec895 (diff) | |
download | op-kernel-dev-0fbc26a6cfab9f377e82e28225f2c0c6b4661e5c.zip op-kernel-dev-0fbc26a6cfab9f377e82e28225f2c0c6b4661e5c.tar.gz |
pid namespaces: allow signalling cgroup-init
Only the global-init process must be special - any other cgroup-init
process must be killable to prevent run-away processes in the system.
TODO: Ideally we should allow killing the cgroup-init only from parent
cgroup and prevent it being killed from within the cgroup.
But that is a more complex change and will be addressed by a follow-on
patch. For now allow the cgroup-init to be terminated by any process
with sufficient privileges.
Signed-off-by: Sukadev Bhattiprolu <sukadev@us.ibm.com>
Acked-by: Pavel Emelyanov <xemul@openvz.org>
Cc: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Sukadev Bhattiprolu <sukadev@us.ibm.com>
Cc: Paul Menage <menage@google.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/signal.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/kernel/signal.c b/kernel/signal.c index 8214ffa..9892388 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -1835,11 +1835,9 @@ relock: continue; /* - * Init of a pid space gets no signals it doesn't want from - * within that pid space. It can of course get signals from - * its parent pid space. + * Global init gets no signals it doesn't want. */ - if (current == task_child_reaper(current)) + if (is_global_init(current)) continue; if (sig_kernel_stop(signr)) { |