Re: [Devel] [PATCH rh7] signal/ve: allow to send signal from another ve namespace

Thu, 12 Nov 2015 07:11:52 -0800 


12.11.2015 15:53, Andrey Wagin пишет:

2015-11-12 17:46 GMT+03:00 Stanislav Kinsburskiу <skinsbur...@odin.com>:

12 нояб. 2015 г. 15:14 пользователь Andrey Ryabinin <aryabi...@virtuozzo.com> 
написал:

CRIU sends SIGKILL to container's init process as a part of
cleanup process if restoring failed.
CRIU does this from a different ve, which is currently not allowed
without any apparent reason.

The reason looks very clear to me: improve namespaces isolation.
It espesially applies to killing child reaper of another ve.
You throwed away this check, and now it's possible to kill one container from 
another one.
Or I'm missing somethig?

Each container has its own pidns, so you can't kill anyone who isn't
in this pidns.


So how CRIU sends kill signal from one ve to another then?




SIGKILL just ignored, thus CRIU
hangs on wait for process being killed.
So this patch allows such signals.

https://jira.sw.ru/browse/PSBM-40896

Signed-off-by: Andrey Ryabinin <aryabi...@virtuozzo.com>
---
include/linux/ve_proto.h |  3 ---
kernel/signal.c          | 27 ++-------------------------
2 files changed, 2 insertions(+), 28 deletions(-)

diff --git a/include/linux/ve_proto.h b/include/linux/ve_proto.h
index 0f5898e..153f18b 100644
--- a/include/linux/ve_proto.h
+++ b/include/linux/ve_proto.h
@@ -31,7 +31,6 @@ static inline bool ve_is_super(struct ve_struct *ve)
}

#define get_exec_env() (current->task_ve)
-#define get_env_init(ve) (ve->ve_ns->pid_ns->child_reaper)

const char *ve_name(struct ve_struct *ve);

@@ -122,8 +121,6 @@ static inline struct ve_struct *get_exec_env(void)
return NULL;
}

-#define get_env_init(ve) (ve->ve_ns->pid_ns->child_reaper)
-
static inline bool ve_is_super(struct ve_struct *ve)
{
return true;
diff --git a/kernel/signal.c b/kernel/signal.c
index 357f164..49fbdb0 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -55,27 +55,6 @@ static inline int is_si_special(const struct siginfo *info);

int print_fatal_signals __read_mostly;

-static int sig_ve_ignored(int sig, struct siginfo *info, struct task_struct *t)
-{
- struct ve_struct *ve;
-
- /* always allow signals from the kernel */
- if (info == SEND_SIG_FORCED ||
-     (!is_si_special(info) && SI_FROMKERNEL(info)))
- return 0;
-
- ve = get_exec_env();
- if (ve_is_super(ve))
- return 0;
- rcu_read_lock();
- if (ve->ve_ns && get_env_init(ve) != t) {
- rcu_read_unlock();
- return 0;
- }
- rcu_read_unlock();
- return !sig_user_defined(t, sig) || sig_kernel_only(sig);
-}
-
static void __user *sig_handler(struct task_struct *t, int sig)
{
return t->sighand->action[sig - 1].sa.sa_handler;
@@ -1361,8 +1340,7 @@ int group_send_sig_info(int sig, struct siginfo *info, 
struct task_struct *p)
rcu_read_unlock();

if (!ret && sig)
- ret = sig_ve_ignored(sig, info, p) ? 0 :
- do_send_sig_info(sig, info, p, true);
+ ret = do_send_sig_info(sig, info, p, true);

return ret;
}
@@ -2976,8 +2954,7 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct 
siginfo *info)
* probe.  No signal is actually delivered.
*/
if (!error && sig) {
- if (!sig_ve_ignored(sig, info, p))
- error = do_send_sig_info(sig, info, p, false);
+ error = do_send_sig_info(sig, info, p, false);
/*
* If lock_task_sighand() failed we pretend the task
* dies after receiving the signal. The window is tiny,
--
2.4.10

_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel

_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel


_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel






















					Reply via email to