lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Dec 2011 16:22:42 -0800 From: Andrew Morton <akpm@...ux-foundation.org> To: Daniel Lezcano <daniel.lezcano@...e.fr> Cc: serge.hallyn@...onical.com, oleg@...hat.com, containers@...ts.linux-foundation.org, gkurz@...ibm.com, linux-kernel@...r.kernel.org, mtk.manpages@...il.com Subject: Re: [PATCH][V4] Add reboot_pid_ns to handle the reboot syscall On Mon, 12 Dec 2011 01:17:44 +0100 Daniel Lezcano <daniel.lezcano@...e.fr> wrote: > In the case of a child pid namespace, rebooting the system does not > really makes sense. When the pid namespace is used in conjunction > with the other namespaces in order to create a linux container, the > reboot syscall leads to some problems. > > A container can reboot the host. That can be fixed by dropping > the sys_reboot capability but we are unable to correctly poweroff/ > halt/reboot a container and the container stays stuck at the shutdown > time with the container's init process waiting indefinitively. > > After several attempts, no solution from userspace was found to reliabily > handle the shutdown from a container. > > This patch propose to make the init process of the child pid namespace to > exit with a signal status set to : SIGINT if the child pid namespace called > "halt/poweroff" and SIGHUP if the child pid namespace called "reboot". > When the reboot syscall is called and we are not in the initial > pid namespace, we kill the pid namespace for "HALT", "POWEROFF", "RESTART", > and "RESTART2". Otherwise we return EINVAL. > > Returning EINVAL is also an easy way to check if this feature is supported > by the kernel when invoking another 'reboot' option like CAD. > > By this way the parent process of the child pid namespace knows if > it rebooted or not and can take the right decision. > > ... > > +static inline int reboot_pid_ns(struct pid_namespace *pid_ns, int cmd) > +{ > + BUG(); > +} > #endif /* CONFIG_PID_NS */ I'd recommend compile-testing this... > --- a/kernel/sys.c > +++ b/kernel/sys.c > @@ -444,6 +444,9 @@ SYSCALL_DEFINE4(reboot, int, magic1, int, magic2, unsigned int, cmd, > magic2 != LINUX_REBOOT_MAGIC2C)) > return -EINVAL; > > + if (task_active_pid_ns(current) != &init_pid_ns) > + return reboot_pid_ns(task_active_pid_ns(current), cmd); > + > /* Instead of trying to make the power_off code look like > * halt when pm_power_off is not set do it the easy way. > */ I'll repeat my cruelly-ignored review comment for v3: This adds a bunch of useless code if CONFIG_PID_NS=n. It would be better to do #ifdef CONFIG_PID_NS extern void pidns_handle_reboot(int cmd); #else static inline void pidns_handle_reboot(int cmd) { } #endif (And thereby move the additional code into pid_namespace.c) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists