Re: SELinux lead to soft lockup when pid 1 proceess reap child

From: Paul Moore
Date: Mon Jan 09 2017 - 18:49:44 EST


On Mon, Jan 9, 2017 at 1:43 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> On Mon, 2017-01-09 at 19:29 +0100, Oleg Nesterov wrote:
>> Seriously, could someone explain why do we need the
>> security_task_wait()
>> hook at all?
>
> I would be ok with killing it.
> IIRC, the original motivation was to block an unauthorized data flow
> from child to parent when the child context differs, but part of that
> original design was also to reparent the child automatically, and that
> was never implemented. I don't think there is a real use case for it
> in practice and it just breaks things, so let's get rid of it unless
> someone objects.

Patches are always welcome, plenty of time to get things in for 4.11 :)

--
paul moore
www.paul-moore.com