Re: PID namespace init releases its file locks before its children die

Next message: Mark Brown: "linux-next: build failure after merge of the mailbox tree"
Previous message: Pedro Demarchi Gomes: "[PATCH] ALSA: usb: fpc: replace kmalloc_array followed by copy_from_user with memdup_array_user"
In reply to: Demi Marie Obenour: "Re: PID namespace init releases its file locks before its children die"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Christian Brauner

Date: Tue Oct 07 2025 - 08:03:04 EST

On Fri, Oct 03, 2025 at 02:38:28PM +0200, Oleg Nesterov wrote:
> Add CCs.
>
> I can't really help, just my 2 cents...
>
> I don't think we can change do_exit() to call exit_files() after
> exit_notify().
>
> At first glance, technically it is possible to change do_exit() so
> that the exiting reaper does zap_pid_ns_processes() earlier... But
> even if this is possible, I think that this complication needs more
> justification.

I agree. Relying on side-effect of file locks being released isn't exactly
a great idea. I'm certainly don't want to give any guarantee there. It's
doable with cgroups which is the correct solution for this imho.