Even to init SIGKILL and SIGSTOP are alwasys delivered if they are sent, so don't allow tracing an init task allow them.
Signed-off-by: "Eric W. Biederman" <ebied...@xmission.com> --- kernel/signal.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/kernel/signal.c b/kernel/signal.c index 5eff2f9f8c42..627b482fa3f8 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -98,8 +98,12 @@ static int sig_ignored(struct task_struct *t, int sig, bool force) /* * Tracers may want to know about even ignored signals. + * We can never safely allow SIGKILL or SIGSTOP to + * be sent to init from it's children. */ - return !t->ptrace; + return !t->ptrace || + ((t->signal->flags & SIGNAL_UNKILLABLE) && + sig_kernel_only(sig) && !force); } /* -- 2.10.1