lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 20 Dec 2010 15:51:15 +0100
From:	Kay Sievers <kay.sievers@...y.org>
To:	Scott James Remnant <scott@...split.com>
Cc:	Lennart Poettering <lennart@...ttering.net>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] exit: PR_SET_ANCHOR for marking processes as reapers for
 child processes

On Mon, Dec 20, 2010 at 15:26, Scott James Remnant <scott@...split.com> wrote:
> On Tue, Feb 2, 2010 at 12:04 PM, Lennart Poettering
> <lennart@...ttering.net> wrote:
>
>> Right now, if a process dies all its children are reparented to init.
>> This logic has good uses, i.e. for double forking when daemonizing.
>> However it also allows child processes to "escape" their parents, which
>> is a problem for software like session managers (such as gnome-session)
>> or other process supervisors.
>>
>> This patch adds a simple flag for each process that marks it as an
>> "anchor" process for all its children and grandchildren. If a child of
>> such an anchor dies all its children will not be reparented to init, but
>> instead to this anchor, escaping this anchor process is not possible. A
>> task with this flag set hence acts is little "sub-init".
>>
> Why can't you simply begin a new pid namespace with the session
> manager or other process supervisor?

We do not want to disconnect users from the system. Too much stuff
depends on that for good reasons.

This is only about a "user init" process, which is a much softer
concept which better fits into our current setups. It is not really
about disconnecting the user from the system, by putting him in a
"container".

The systems view from the management/administration perspective, with
users with their own pids, would really get far to complicated, I
think.

> That way the session
> manager/process supervisor is for all intents and purposes an init
> daemon, so shouldn't be surprised about getting SIGCHLD.

That shouldn't be a problem.

> More to the point, it means that as far as the processes themselves
> are concerned, they're being reparented to pid 1 just as they were
> before, so you wouldn't be breaking any assumptions there either.

For now, I don't think that this will break anything. Stuff that
really expects to have ppid() ==  1 should be fixed anyway.

> You could use the existing init daemon to create these pid namespaces
> when it spawns the session manager.

We already use the existing init daemon for that. :)

This is mainly about 'prettifying ps'. The cgroups already provide us
with all the needed information, it would be just nice to localize
SIGCHLD handling to the "user init", where the signal belongs to.

Kay
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists