Oleg Nesterov wrote:
> On 07/17, Daniel Hokka Zakrisson wrote:
>>
>> +int task_in_pid_ns(struct task_struct *tsk, struct pid_namespace *ns)
>> +{
>> + struct pid *pid = task_pid(tsk);
>> +
>> + if (!pid)
>> + return 0;
>> +
>> + if (pid->level < ns->level)
>> + return 0;
>> +
>> + if (pid->numbers[ns->level].ns != ns)
>> + return 0;
>> +
>> + return 1;
>> +}
>> +
>> static __init int pid_namespaces_init(void)
>> {
>> pid_ns_cachep = KMEM_CACHE(pid_namespace, SLAB_PANIC);
>> diff --git a/kernel/signal.c b/kernel/signal.c
>> index 6c0958e..93713a5 100644
>> --- a/kernel/signal.c
>> +++ b/kernel/signal.c
>> @@ -1145,7 +1145,8 @@ static int kill_something_info(int sig, struct
>> siginfo *info, int pid)
>> struct task_struct * p;
>>
>> for_each_process(p) {
>> - if (p->pid > 1 && !same_thread_group(p, current)) {
>> + if (p->pid > 1 && !same_thread_group(p, current) &&
>> + task_in_pid_ns(p, current->nsproxy->pid_ns)) {
>> int err = group_send_sig_info(sig, info, p);
>> ++count;
>> if (err != -EPERM)
>
> Do we really need all these complications? Afaics, we can make
> a simpler patch,
>
> --- kernel/signal.c
> +++ kernel/signal.c
> @@ -1136,7 +1136,7 @@ static int kill_something_info(int sig,
> struct task_struct * p;
>
> for_each_process(p) {
> - if (p->pid > 1 && !same_thread_group(p,
> current)) {
> + if (task_pid_vnr(p) > 1 &&
> !same_thread_group(p, current)) {
> int err = group_send_sig_info(sig,
> info, p);
> ++count;
> if (err != -EPERM)
>
>
> task_pid_vnr(p) returns 0 if "p" is not visible from the current's
> namespace. "> 1" ensures we don't kill the child reaper as well.
>
> No?
>
> Oleg.
You are absolutely right, that is sufficient and much cleaner.
--
Daniel Hokka Zakrisson
_______________________________________________
Containers mailing list
[EMAIL PROTECTED]
https://lists.linux-foundation.org/mailman/listinfo/containers
_______________________________________________
Devel mailing list
Devel@openvz.org
https://openvz.org/mailman/listinfo/devel
