lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 4 Dec 2008 10:58:30 -0800
From:	Sukadev Bhattiprolu <sukadev@...ux.vnet.ibm.com>
To:	Bastian Blank <bastian@...di.eu.org>, oleg@...hat.com,
	ebiederm@...ssion.com, roland@...hat.com,
	containers@...ts.osdl.org, linux-kernel@...r.kernel.org,
	xemul@...nvz.org
Subject: Re: [RFC][PATCH 4/5] Protect cinit from fatal signals

Bastian Blank [bastian@...di.eu.org] wrote:
| > Secondly, a poorly written container-inits can take the entire container down,
| > So we expect that container-inits to handle/ignore all signals rather than
| > SIG_DFL them. Current global inits do that today and container-inits should
| > too. It does not look like an unreasonable requirement.
| 
| So you intend to workaround tools which are used as container-init but
| does not qualify for this work. Why?

Sorry, but I don't understand the "does not qualify for this work" part.
Can you please rephrase ?

| 
| > So the basic requirements are:
| > 
| > 	- container-init receives/processes all signals from ancestor namespace.
| > 	- container-init ignores fatal signals from own namespace.
| > 
| > We are simplifying the first to say that:
| > 
| > 	- parent-ns must have a way to terminate container-init
| > 	- cinit will ignore SIG_DFL signals that may terminate cinit even if
| > 	  they come from parent ns
| 
| This is no simplification. This are more constraints.

Yes cinit ignoring SIG_DFL exit signals from parent-ns is a constraint.
So if we run say sshd as container-init, we can't use SIGINT to
terminate it, but need SIGKILL 

The question is whether this constraint makes any serious/real cinits
unusable ?

The behavior at present is that cinits can be terminated from within
and cinits cannot do anything in user-space. With this incremental
step at least user space has an option of ignoring such signals.

Sukadev
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ