| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Nov 2019 11:45:04 +0100
From: Christian Brauner <christian@...uner.io>
To: mtk.manpages@...il.com
Cc: adrian@...as.de, akpm@...ux-foundation.org, arnd@...db.de,
avagin@...il.com, christian.brauner@...ntu.com,
dhowells@...hat.com, fweimer@...hat.com, jannh@...gle.com,
keescook@...omium.org, linux-api@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-man@...r.kernel.org,
mingo@...e.hu, oleg@...hat.com, xemul@...tuozzo.com
Subject: [PATCH] clone.2: Mention that CLONE_PARENT is off-limits for inits
From: Christian Brauner <christian.brauner@...ntu.com>
The CLONE_PARENT flag cannot but used by init processes. Let's mention
this in the manpages to prevent suprises.
Signed-off-by: Christian Brauner <christian.brauner@...ntu.com>
---
man2/clone.2 | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/man2/clone.2 b/man2/clone.2
index f0f29d6f1..aa98ab79b 100644
--- a/man2/clone.2
+++ b/man2/clone.2
@@ -646,6 +646,13 @@ if
.B CLONE_PARENT
is set, then the parent of the calling process, rather than the
calling process itself, will be signaled.
+.IP
+The kernel will not allow global init and init processes in pid
+namespaces to use the
+.B CLONE_PARENT
+flag. This is done to prevent the creation of multi-rooted process
+trees. It also avoids unreapable zombies in the initial pid
+namespace.
.TP
.BR CLONE_PARENT_SETTID " (since Linux 2.5.49)"
Store the child thread ID at the location pointed to by
--
2.24.0
Powered by blists - more mailing lists