Re: [Devel] [PATCH rh7] signal/ve: allow to send signal from another ve namespace

Konstantin Khorenko Wed, 18 Nov 2015 04:59:51 -0800

And do we need the following patch after sig_ve_ignored() is removed?



commit 5bd842976fb9d014452287bdadc9d592aabe688b
Author: Cyrill Gorcunov <[email protected]>
Date:   Thu Nov 13 18:10:09 2014 +0400

    ve/signal: Fix NULL dereference in sig_ve_ignored


--
Best regards,

Konstantin Khorenko,
Virtuozzo Linux Kernel Team

On 11/16/2015 03:00 PM, Stanislav Kinsburskiy wrote:



16.11.2015 12:44, Andrey Ryabinin пишет:

On 11/12/2015 08:07 PM, Stanislav Kinsburskiу wrote:

12 нояб. 2015 г. 17:51 пользователь Andrey Wagin <[email protected]> написал:



[root@fc22-vm ~]# unshare --fork -p
[root@fc22-vm ~]# kill -9 1
[root@fc22-vm ~]# kill -9 1
[root@fc22-vm ~]# kill -9 1
[root@fc22-vm ~]# kill -9 1
[root@fc22-vm ~]# kill -USR1 1
[root@fc22-vm ~]# kill -USR1 1
[root@fc22-vm ~]#

   Ok then. Probably, this patch should be ported to rhel6 as well.

Probably not, simply removing sig_ve_ignored() doesn't work (it allows to kill 
init from container).
In rhel6 creation of namespace's init handled via proc_pid_ns_attach_init() 
which doesn't set SIGNAL_UNKILLABLE.
In 3.10 we use CLONE_NEWPID, and fork sets SIGNAL_UNKILLALBLE flag for 
container's init.

Ok, I got it. Thanks.
_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel

_______________________________________________
Devel mailing list
[email protected]
https://lists.openvz.org/mailman/listinfo/devel

Re: [Devel] [PATCH rh7] signal/ve: allow to send signal from another ve namespace

Reply via email to