On 11/12/2015 08:07 PM, Stanislav Kinsburskiу wrote: > > 12 нояб. 2015 г. 17:51 пользователь Andrey Wagin <[email protected]> написал: >> >> >> >> [root@fc22-vm ~]# unshare --fork -p >> [root@fc22-vm ~]# kill -9 1 >> [root@fc22-vm ~]# kill -9 1 >> [root@fc22-vm ~]# kill -9 1 >> [root@fc22-vm ~]# kill -9 1 >> [root@fc22-vm ~]# kill -USR1 1 >> [root@fc22-vm ~]# kill -USR1 1 >> [root@fc22-vm ~]# >> > > Ok then. Probably, this patch should be ported to rhel6 as well. >
Probably not, simply removing sig_ve_ignored() doesn't work (it allows to kill init from container). In rhel6 creation of namespace's init handled via proc_pid_ns_attach_init() which doesn't set SIGNAL_UNKILLABLE. In 3.10 we use CLONE_NEWPID, and fork sets SIGNAL_UNKILLALBLE flag for container's init. _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
