Commit 0fbc26a6 authored Oct 18, 2007 by Sukadev Bhattiprolu Committed by Linus Torvalds Oct 19, 2007

pid namespaces: allow signalling cgroup-init



Only the global-init process must be special - any other cgroup-init
process must be killable to prevent run-away processes in the system.

TODO: 	Ideally we should allow killing the cgroup-init only from parent
	cgroup and prevent it being killed from within the cgroup.
	But that is a more complex change and will be addressed by a follow-on
	patch. For now allow the cgroup-init to be terminated by any process
	with sufficient privileges.

Signed-off-by: Sukadev Bhattiprolu <sukadev@us.ibm.com>
Acked-by: Pavel Emelyanov <xemul@openvz.org>
Cc: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Sukadev Bhattiprolu <sukadev@us.ibm.com>
Cc: Paul Menage <menage@google.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent c9c5d922

kernel/signal.c

+2 −4

Original line number	Original line	Diff line number	Diff line
	@@ -1835,11 +1835,9 @@ int get_signal_to_deliver(siginfo_t info, struct k_sigaction return_ka,
	continue;		continue;

	/*		/*
	* Init of a pid space gets no signals it doesn't want from		* Global init gets no signals it doesn't want.
	* within that pid space. It can of course get signals from
	* its parent pid space.
	*/		*/
	if (current == task_child_reaper(current))		if (is_global_init(current))
	continue;		continue;

	if (sig_kernel_stop(signr)) {		if (sig_kernel_stop(signr)) {