Re: [PATCH] user_ns: use correct check for single-threadedness

From: Eric W. Biederman
Date: Tue Aug 11 2015 - 21:25:04 EST

Oleg Nesterov <oleg@xxxxxxxxxx> writes:

> On 08/06, Oleg Nesterov wrote:
>> On 08/05, Eric W. Biederman wrote:
>> >
>> > So I have to ask.
>> I hope you are asking someone else, not me ;) I never understood what
>> exactly we try to restrict and why.
>> > Is it possible to rework these checks such that we
>> > look at the sighand struct and signal sharing handling sharing instead
>> > of the count on the mm_struct?
>> Then why we can't simply check thread_group_empty() == T ? Why should we
>> worry about CLONE_SIGHAND at all?
> The same for clone() actually... I forgot why we decided to check
> CLONE_SIGHAND, iirc I suggested CLONE_THREAD initially then we switched
> to CLONE_SIGHAND "just in case", to make it as strict as possible.

I do agree that making the test be for CLONE_THREAD is safe, makes
sense, and is less confusing than what we have now.x

> How about the patch below?
> (note that the "or parent" part of the comment is wrong in any case).

It was correct. You failed to removed it when you removed CLONE_PARENT
from that test.


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at