Subject: disable sys_reboot when not in init_pid_ns
From: Daniel Lezcano <[EMAIL PROTECTED]>
This simple patch avoid to shutdown the host within a container. Without this
patch a call to the 'halt' inside a container will switch to the right runlevel
but finishing with 'shutdown -f' in the last init script with the effect of
shutting down the real host.
This patch has been tested with the lxc tools and a debian minimal container.
The 'init' process running inside the container does correctly call the
different shutdown services and the container exits gracefully.
I didn't try with the 'init' from the upstart package. It uses an abstract
unix socket, that means this patch should work if the container is network
isolated too.
Signed-off-by: Daniel Lezcano <[EMAIL PROTECTED]>
---
kernel/sys.c | 3 +++
1 file changed, 3 insertions(+)
Index: net-next-2.6/kernel/sys.c
===================================================================
--- net-next-2.6.orig/kernel/sys.c
+++ net-next-2.6/kernel/sys.c
@@ -355,6 +355,9 @@ asmlinkage long sys_reboot(int magic1, i
if (!capable(CAP_SYS_BOOT))
return -EPERM;
+ if (current->nsproxy->pid_ns != &init_pid_ns)
+ return 0;
+
/* For safety, we require "magic" arguments. */
if (magic1 != LINUX_REBOOT_MAGIC1 ||
(magic2 != LINUX_REBOOT_MAGIC2 &&
_______________________________________________
Containers mailing list
[EMAIL PROTECTED]
https://lists.linux-foundation.org/mailman/listinfo/containers
_______________________________________________
Devel mailing list
[email protected]
https://openvz.org/mailman/listinfo/devel
