[PATCH] 'kill sig -1' must only apply to caller's namespace - Kernel

This is a discussion on [PATCH] 'kill sig -1' must only apply to caller's namespace - Kernel ; From: Sukadev Bhattiprolu Subject: [PATCH] 'kill sig -1' must only apply to caller's namespace Currently "kill -1" kills processes in all namespaces and breaks the isolation of namespaces. Earlier attempt to fix this was discussed at: http://lkml.org/lkml/2008/7/23/148 As suggested by ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: [PATCH] 'kill sig -1' must only apply to caller's namespace

  1. [PATCH] 'kill sig -1' must only apply to caller's namespace


    From: Sukadev Bhattiprolu
    Subject: [PATCH] 'kill sig -1' must only apply to caller's namespace

    Currently "kill -1" kills processes in all namespaces and breaks the
    isolation of namespaces. Earlier attempt to fix this was discussed at:

    http://lkml.org/lkml/2008/7/23/148

    As suggested by Oleg Nesterov in that thread, use "task_pid_vnr() > 1"
    check since task_pid_vnr() returns 0 if process is outside the caller's
    namespace.

    Signed-off-by: Sukadev Bhattiprolu
    Acked-by: Eric W. Biederman
    Tested-by: Daniel Hokka Zakrisson
    ---
    kernel/signal.c | 3 ++-
    1 files changed, 2 insertions(+), 1 deletions(-)

    diff --git a/kernel/signal.c b/kernel/signal.c
    index 105217d..4530fc6 100644
    --- a/kernel/signal.c
    +++ b/kernel/signal.c
    @@ -1144,7 +1144,8 @@ static int kill_something_info(int sig, struct siginfo *info, pid_t pid)
    struct task_struct * p;

    for_each_process(p) {
    - if (p->pid > 1 && !same_thread_group(p, current)) {
    + if (task_pid_vnr(p) > 1 &&
    + !same_thread_group(p, current)) {
    int err = group_send_sig_info(sig, info, p);
    ++count;
    if (err != -EPERM)
    --
    1.5.2.5

    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  2. Re: [PATCH] 'kill sig -1' must only apply to caller's namespace

    On 10/23, sukadev@linux.vnet.ibm.com wrote:
    >
    > --- a/kernel/signal.c
    > +++ b/kernel/signal.c
    > @@ -1144,7 +1144,8 @@ static int kill_something_info(int sig, struct siginfo *info, pid_t pid)
    > struct task_struct * p;
    >
    > for_each_process(p) {
    > - if (p->pid > 1 && !same_thread_group(p, current)) {
    > + if (task_pid_vnr(p) > 1 &&
    > + !same_thread_group(p, current)) {

    Thanks Sukadev!

    Signed-off-by: Oleg Nesterov

    Oleg.

    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/
+ Reply to Thread
« [RFC PATCH v2 0/5] sched: modular find_busiest_group() | [PATCH 00/80] TTY updates for 2.6.28 »