Janak Desai wrote:
Don't allow namespace unsharing, if sharing fs (CLONE_FS)
Makes sense. clone() has the same test at the start. (I think
namespace should be a property of fs, not task, anyway. Or completely
eliminated because it's implied by the task's root dentry+vfsmnt).
Don't allow sighand unsharing if not unsharing vm
Why not? It's permitted to clone with unshared sighand and shared vm,
and it's useful too.
It's the combination shared sighand + unshared vm which is not
allowed by clone - so I think that's what you should refuse.
Don't allow vm unsharing if task cloned with CLONE_THREAD
It would be better to do what clone does, and say "don't allow sighand
unsharing if task cloned with CLONE_THREAD". This is because
CLONE_THREAD tasks must have shared signals.
In combination with the rule above for sighand (my rule, not yours),
that implies "don't allow vm unsharing.." as a consequence.
Don't allow vm unsharing if the task is performing async io
Async ios are tied to an mm (see lookup_ioctx in fs/aio.c), which may
be shared among tasks. I see no reason why the async ios can't
continue and be waited in on in other tasks that may be using the old mm.
The new mm, if vm is unshared, would simply not see the outstanding
aios - in the same way as if a vm was unshared by fork().