Re: [RESEND PATCH] prctl: add PR_[GS]ET_PDEATHSIG_PROC

From: Oleg Nesterov
Date: Thu Oct 05 2017 - 12:27:43 EST

Next message: Sebastian Andrzej Siewior: "Re: [PATCH 2/2] IB/hfi1: Handle packets in the theaded handler only"
Previous message: Greg KH: "Re: [PATCH v4 12/14] platform/x86: wmi: create character devices when requested by drivers"
In reply to: Eric W. Biederman: "Re: [RESEND PATCH] prctl: add PR_[GS]ET_PDEATHSIG_PROC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/03, Jürg Billeter wrote:
>
> My use case is to provide a way for a process to spawn a child and
> ensure that no descendants survive when that child dies. Avoiding
> runaway processes is desirable in many situations. My motivation is
> very lightweight (nested) sandboxing (every process is potentially
> sandboxed).
>
> I.e., pid namespaces would be a pretty good fit (assuming they are
> sufficiently lightweight) but CLONE_NEWPID

sorry if this was already discussed, I didn't read this thread yet...

if CLONE_NEWPID is not suitable for any reason. We already have
PR_SET_CHILD_SUBREAPER. Perhaps we can simply add another
PR_SET_KILL_ALL_DESCEDANTS_ON_EXIT? we can use walk_process_tree()
to send SIGKILL.

Oleg.

Next message: Sebastian Andrzej Siewior: "Re: [PATCH 2/2] IB/hfi1: Handle packets in the theaded handler only"
Previous message: Greg KH: "Re: [PATCH v4 12/14] platform/x86: wmi: create character devices when requested by drivers"
In reply to: Eric W. Biederman: "Re: [RESEND PATCH] prctl: add PR_[GS]ET_PDEATHSIG_PROC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]