|
|
|
[RFC][PATCH] Disable CLONE_PARENT for init | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
Disable CLONE_PARENT for init When global or container-init processes use CLONE_PARENT, they create a multi-rooted process tree. Besides, if the siblings of init exit, the SIGCHLD is not sent to init process resulting in the zombies sticking around indefinitely. So disable CLONE_PARENT for init. Lightly tested, RFC patch :-) Changelog[v2]: - Simplify patch description based on comments from Eric Biederman and Oleg Nesterov. - [Oleg Nesterov] Use SIGNAL_UNKILLABLE instead of is_global_init() Signed-off-by: Sukadev Bhattiprolu <sukadev@xxxxxxxxxx> Acked-by: Roland McGrath <roland@xxxxxxxxxx> --- kernel/fork.c | 11 +++++++++++ 1 file changed, 11 insertions(+) Index: linux-mmotm/kernel/fork.c =================================================================== --- linux-mmotm.orig/kernel/fork.c 2009-06-30 23:01:06.000000000 -0700 +++ linux-mmotm/kernel/fork.c 2009-06-30 23:13:53.000000000 -0700 @@ -974,6 +974,17 @@ static struct task_struct *copy_process( if ((clone_flags & CLONE_SIGHAND) && !(clone_flags & CLONE_VM)) return ERR_PTR(-EINVAL); + /* + * Swapper process sets the handler for SIGCHLD to SIG_DFL. If init + * creates a sibling and the sibling exits, the SIGCHLD is sent to + * the swapper (since the swapper's handler for SIGCHLD is SIG_DFL). + * But since the swapper does not reap its children, the zombie will + * remain forever. So prevent init from using CLONE_PARENT. + */ + if ((clone_flags & CLONE_PARENT) && + current->signal->flags & SIGNAL_UNKILLABLE) + return ERR_PTR(-EINVAL); + retval = security_task_create(clone_flags); if (retval) goto fork_out; -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[Site Home] [Other Archives] [Linux Kernel Newbies] [Fedora Kernel] [Linux Kernel Testers] [Linux SH] [Linux Omap] [Linux Kbuild] [Linux Tape] [Linux Input] [Linux Kernel Janitors] [Linux Kernel Packagers] [Linux Doc] [Linux Man Pages] [Linux API] [Linux Modules] [Linux Standards] [Kernel Announce] [Memory] [Netdev] [Git] [Linux PCI] [Linux I2C] [Linux NUMA] [Netfilter] [Netfilter Devel] [SELinux] [Bugtraq] [FIO] [Linux Serial] [Linux PPP] [Linux ISDN] [Linux Next] [Kernel Stable Commits] [Linux Tip Commits] [Kernel MM Commits] [Linux Security Module] [Ext3] [Ext4] [Linux BTRFS] [Linux XFS] [Linux NFS] [Linux Cachefs] [Reiser FS] [Initramfs] [Fastboot] [Linux RT Users] [Linux Virtualization] [LVS Devel] [Hot Plug] [KVM] [KVM PPC] [KVM ia64] [Linux Containers] [Util Linux NG] [Sk Drivers] [Wireless] [Linux Bluetooth] [Bluez Devel] [Ethernet Bridging] [Embedded Linux] [Sparse] [Linux Arch] [Linux ACPI] [Linux IBM ACPI] [Linux OpenGL] [CPU Freq] [Linux Power Management] [Linux DCCP] [Linux SCTP] [ALSA Devel] [Linux USB] [Large Format Photos] [DVD Store] [Tux] [Gimp] [Yosemite National Park Forum] [Linux PA RISC] [MIPS Linux] [IBM S/390 Linux] [ARM Linux] [ARM Kernel] [Sparc Linux] [Linux Security] [Linux Sound] [Linux Media] [Video 4 Linux] [Linux for the blind] [Linux RAID] [Linux ATA RAID] [Linux Clusters] [Linux SCSI] [Linux SCSI Target Infrastructure] [Linux IDE] [Linux SMP] [Linux AXP] [Linux Alpha] [Linux M68K] [Linux ia64] [Linux 8086] [Linux x86_64] [Linux Config] [Linux Apps] [Linux MSDOS] [Linux X.25] [Linux Crypto] [DM Crypt] [Linux Btrace] [Utrace Devel] [Yosemite Photos] [Linux C Programming] [Linux Assembly] [Dash] [DWARVES] [Older Kernel Mail]
|
|