2015-11-12 17:46 GMT+03:00 Stanislav Kinsburskiу <[email protected]>: > > 12 нояб. 2015 г. 15:14 пользователь Andrey Ryabinin <[email protected]> > написал: >> >> CRIU sends SIGKILL to container's init process as a part of >> cleanup process if restoring failed. >> CRIU does this from a different ve, which is currently not allowed >> without any apparent reason. > > The reason looks very clear to me: improve namespaces isolation. > It espesially applies to killing child reaper of another ve. > You throwed away this check, and now it's possible to kill one container from > another one. > Or I'm missing somethig?
Each container has its own pidns, so you can't kill anyone who isn't in this pidns. > >> SIGKILL just ignored, thus CRIU >> hangs on wait for process being killed. >> So this patch allows such signals. >> >> https://jira.sw.ru/browse/PSBM-40896 >> >> Signed-off-by: Andrey Ryabinin <[email protected]> >> --- >> include/linux/ve_proto.h | 3 --- >> kernel/signal.c | 27 ++------------------------- >> 2 files changed, 2 insertions(+), 28 deletions(-) >> >> diff --git a/include/linux/ve_proto.h b/include/linux/ve_proto.h >> index 0f5898e..153f18b 100644 >> --- a/include/linux/ve_proto.h >> +++ b/include/linux/ve_proto.h >> @@ -31,7 +31,6 @@ static inline bool ve_is_super(struct ve_struct *ve) >> } >> >> #define get_exec_env() (current->task_ve) >> -#define get_env_init(ve) (ve->ve_ns->pid_ns->child_reaper) >> >> const char *ve_name(struct ve_struct *ve); >> >> @@ -122,8 +121,6 @@ static inline struct ve_struct *get_exec_env(void) >> return NULL; >> } >> >> -#define get_env_init(ve) (ve->ve_ns->pid_ns->child_reaper) >> - >> static inline bool ve_is_super(struct ve_struct *ve) >> { >> return true; >> diff --git a/kernel/signal.c b/kernel/signal.c >> index 357f164..49fbdb0 100644 >> --- a/kernel/signal.c >> +++ b/kernel/signal.c >> @@ -55,27 +55,6 @@ static inline int is_si_special(const struct siginfo >> *info); >> >> int print_fatal_signals __read_mostly; >> >> -static int sig_ve_ignored(int sig, struct siginfo *info, struct task_struct >> *t) >> -{ >> - struct ve_struct *ve; >> - >> - /* always allow signals from the kernel */ >> - if (info == SEND_SIG_FORCED || >> - (!is_si_special(info) && SI_FROMKERNEL(info))) >> - return 0; >> - >> - ve = get_exec_env(); >> - if (ve_is_super(ve)) >> - return 0; >> - rcu_read_lock(); >> - if (ve->ve_ns && get_env_init(ve) != t) { >> - rcu_read_unlock(); >> - return 0; >> - } >> - rcu_read_unlock(); >> - return !sig_user_defined(t, sig) || sig_kernel_only(sig); >> -} >> - >> static void __user *sig_handler(struct task_struct *t, int sig) >> { >> return t->sighand->action[sig - 1].sa.sa_handler; >> @@ -1361,8 +1340,7 @@ int group_send_sig_info(int sig, struct siginfo *info, >> struct task_struct *p) >> rcu_read_unlock(); >> >> if (!ret && sig) >> - ret = sig_ve_ignored(sig, info, p) ? 0 : >> - do_send_sig_info(sig, info, p, true); >> + ret = do_send_sig_info(sig, info, p, true); >> >> return ret; >> } >> @@ -2976,8 +2954,7 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, >> struct siginfo *info) >> * probe. No signal is actually delivered. >> */ >> if (!error && sig) { >> - if (!sig_ve_ignored(sig, info, p)) >> - error = do_send_sig_info(sig, info, p, false); >> + error = do_send_sig_info(sig, info, p, false); >> /* >> * If lock_task_sighand() failed we pretend the task >> * dies after receiving the signal. The window is tiny, >> -- >> 2.4.10 >> >> _______________________________________________ >> Devel mailing list >> [email protected] >> https://lists.openvz.org/mailman/listinfo/devel > > _______________________________________________ > Devel mailing list > [email protected] > https://lists.openvz.org/mailman/listinfo/devel _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
