[RFC][PATCH] Disable CLONE_PARENT for init
Oleg Nesterov
oleg at redhat.com
Thu Jul 2 05:36:26 PDT 2009
On 07/02, Oleg Nesterov wrote:
>
> On 07/01, Sukadev Bhattiprolu wrote:
> >
> > --- linux-mmotm.orig/kernel/fork.c 2009-06-30 23:01:06.000000000 -0700
> > +++ linux-mmotm/kernel/fork.c 2009-07-01 17:29:09.000000000 -0700
> > @@ -974,6 +974,16 @@ static struct task_struct *copy_process(
> > if ((clone_flags & CLONE_SIGHAND) && !(clone_flags & CLONE_VM))
> > return ERR_PTR(-EINVAL);
> >
> > + /*
> > + * Siblings of global init remain as zombies on exit since they are
> > + * not reaped by their parent (swapper). To solve this and to avoid
> > + * multi-rooted process trees, prevent global and container-inits
> > + * from creating siblings.
> > + */
> > + if ((clone_flags & CLONE_PARENT) &&
> > + current->signal->flags & SIGNAL_UNKILLABLE)
> > + return ERR_PTR(-EINVAL);
>
> Acked-by: Oleg Nesterov <oleg at redhat.com>
Thinking more, perhaps it makes sense to disallow CLONE_VM too.
If init forks CLONE_VM task, this task can be killed by
sig_kernel_coredump signal. In that case init will be killed too
and the kernel will crash.
But this is minor, we can trust the global init.
Oleg.
More information about the Containers
mailing list