Re: [RFC][PATCH 4/5] Protect cinit from fatal signals

[Bastian Blank]

On Tue, Dec 02, 2008 at 12:51:30PM -0800, Sukadev Bhattiprolu wrote:
> Bastian Blank [bastian@xxxxxxxxxxxx] wrote:
> | No. They have are not special from the outside namespace.
> I agree that they should not be. But they are special today in at least one
> respect - terminating a container-init will terminate all processes in the
> container even those that are in unrelated process groups.

This is part of the definition.

> Secondly, a poorly written container-inits can take the entire container down,
> So we expect that container-inits to handle/ignore all signals rather than
> SIG_DFL them. Current global inits do that today and container-inits should
> too. It does not look like an unreasonable requirement.

So you intend to workaround tools which are used as container-init but
does not qualify for this work. Why?

> So the basic requirements are:
> 
> 	- container-init receives/processes all signals from ancestor namespace.
> 	- container-init ignores fatal signals from own namespace.
> 
> We are simplifying the first to say that:
> 
> 	- parent-ns must have a way to terminate container-init
> 	- cinit will ignore SIG_DFL signals that may terminate cinit even if
> 	  they come from parent ns

This is no simplification. This are more constraints.

Bastian

-- 
No one can guarantee the actions of another.
		-- Spock, "Day of the Dove", stardate unknown
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/