diff options
| author | Serge E. Hallyn <serue@us.ibm.com> | 2007-10-19 02:39:52 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-10-19 14:53:37 -0400 |
| commit | b460cbc581a53cc088ceba80608021dd49c63c43 (patch) | |
| tree | 83c28d0adbc15f4157c77b40fa60c40a71cb8673 /kernel | |
| parent | 3743ca05ff464b8a9e345c08a6c9ce30485f9805 (diff) | |
pid namespaces: define is_global_init() and is_container_init()
is_init() is an ambiguous name for the pid==1 check. Split it into
is_global_init() and is_container_init().
A cgroup init has it's tsk->pid == 1.
A global init also has it's tsk->pid == 1 and it's active pid namespace
is the init_pid_ns. But rather than check the active pid namespace,
compare the task structure with 'init_pid_ns.child_reaper', which is
initialized during boot to the /sbin/init process and never changes.
Changelog:
2.6.22-rc4-mm2-pidns1:
- Use 'init_pid_ns.child_reaper' to determine if a given task is the
global init (/sbin/init) process. This would improve performance
and remove dependence on the task_pid().
2.6.21-mm2-pidns2:
- [Sukadev Bhattiprolu] Changed is_container_init() calls in {powerpc,
ppc,avr32}/traps.c for the _exception() call to is_global_init().
This way, we kill only the cgroup if the cgroup's init has a
bug rather than force a kernel panic.
[akpm@linux-foundation.org: fix comment]
[sukadev@us.ibm.com: Use is_global_init() in arch/m32r/mm/fault.c]
[bunk@stusta.de: kernel/pid.c: remove unused exports]
[sukadev@us.ibm.com: Fix capability.c to work with threaded init]
Signed-off-by: Serge E. Hallyn <serue@us.ibm.com>
Signed-off-by: Sukadev Bhattiprolu <sukadev@us.ibm.com>
Acked-by: Pavel Emelianov <xemul@openvz.org>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Cedric Le Goater <clg@fr.ibm.com>
Cc: Dave Hansen <haveblue@us.ibm.com>
Cc: Herbert Poetzel <herbert@13thfloor.at>
Cc: Kirill Korotaev <dev@sw.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/capability.c | 3 | ||||
| -rw-r--r-- | kernel/exit.c | 2 | ||||
| -rw-r--r-- | kernel/kexec.c | 2 | ||||
| -rw-r--r-- | kernel/pid.c | 5 | ||||
| -rw-r--r-- | kernel/signal.c | 2 | ||||
| -rw-r--r-- | kernel/sysctl.c | 2 |
6 files changed, 11 insertions, 5 deletions
diff --git a/kernel/capability.c b/kernel/capability.c index cbc5fd60c0f3..f02ad47320b9 100644 --- a/kernel/capability.c +++ b/kernel/capability.c | |||
| @@ -12,6 +12,7 @@ | |||
| 12 | #include <linux/module.h> | 12 | #include <linux/module.h> |
| 13 | #include <linux/security.h> | 13 | #include <linux/security.h> |
| 14 | #include <linux/syscalls.h> | 14 | #include <linux/syscalls.h> |
| 15 | #include <linux/pid_namespace.h> | ||
| 15 | #include <asm/uaccess.h> | 16 | #include <asm/uaccess.h> |
| 16 | 17 | ||
| 17 | /* | 18 | /* |
| @@ -129,7 +130,7 @@ static inline int cap_set_all(kernel_cap_t *effective, | |||
| 129 | int found = 0; | 130 | int found = 0; |
| 130 | 131 | ||
| 131 | do_each_thread(g, target) { | 132 | do_each_thread(g, target) { |
| 132 | if (target == current || is_init(target)) | 133 | if (target == current || is_container_init(target->group_leader)) |
| 133 | continue; | 134 | continue; |
| 134 | found = 1; | 135 | found = 1; |
| 135 | if (security_capset_check(target, effective, inheritable, | 136 | if (security_capset_check(target, effective, inheritable, |
diff --git a/kernel/exit.c b/kernel/exit.c index d1eddc753fe3..d22aefabb129 100644 --- a/kernel/exit.c +++ b/kernel/exit.c | |||
| @@ -221,7 +221,7 @@ static int will_become_orphaned_pgrp(struct pid *pgrp, struct task_struct *ignor | |||
| 221 | do_each_pid_task(pgrp, PIDTYPE_PGID, p) { | 221 | do_each_pid_task(pgrp, PIDTYPE_PGID, p) { |
| 222 | if (p == ignored_task | 222 | if (p == ignored_task |
| 223 | || p->exit_state | 223 | || p->exit_state |
| 224 | || is_init(p->real_parent)) | 224 | || is_global_init(p->real_parent)) |
| 225 | continue; | 225 | continue; |
| 226 | if (task_pgrp(p->real_parent) != pgrp && | 226 | if (task_pgrp(p->real_parent) != pgrp && |
| 227 | task_session(p->real_parent) == task_session(p)) { | 227 | task_session(p->real_parent) == task_session(p)) { |
diff --git a/kernel/kexec.c b/kernel/kexec.c index e9f1b4ea504d..fbffdb457cce 100644 --- a/kernel/kexec.c +++ b/kernel/kexec.c | |||
| @@ -51,7 +51,7 @@ struct resource crashk_res = { | |||
| 51 | 51 | ||
| 52 | int kexec_should_crash(struct task_struct *p) | 52 | int kexec_should_crash(struct task_struct *p) |
| 53 | { | 53 | { |
| 54 | if (in_interrupt() || !p->pid || is_init(p) || panic_on_oops) | 54 | if (in_interrupt() || !p->pid || is_global_init(p) || panic_on_oops) |
| 55 | return 1; | 55 | return 1; |
| 56 | return 0; | 56 | return 0; |
| 57 | } | 57 | } |
diff --git a/kernel/pid.c b/kernel/pid.c index 78c0dbffde65..bb0785109d39 100644 --- a/kernel/pid.c +++ b/kernel/pid.c | |||
| @@ -70,6 +70,11 @@ struct pid_namespace init_pid_ns = { | |||
| 70 | .child_reaper = &init_task | 70 | .child_reaper = &init_task |
| 71 | }; | 71 | }; |
| 72 | 72 | ||
| 73 | int is_global_init(struct task_struct *tsk) | ||
| 74 | { | ||
| 75 | return tsk == init_pid_ns.child_reaper; | ||
| 76 | } | ||
| 77 | |||
| 73 | /* | 78 | /* |
| 74 | * Note: disable interrupts while the pidmap_lock is held as an | 79 | * Note: disable interrupts while the pidmap_lock is held as an |
| 75 | * interrupt might come in and do read_lock(&tasklist_lock). | 80 | * interrupt might come in and do read_lock(&tasklist_lock). |
diff --git a/kernel/signal.c b/kernel/signal.c index 0a6d3726cb80..8214ffad54bc 100644 --- a/kernel/signal.c +++ b/kernel/signal.c | |||
| @@ -256,7 +256,7 @@ flush_signal_handlers(struct task_struct *t, int force_default) | |||
| 256 | 256 | ||
| 257 | int unhandled_signal(struct task_struct *tsk, int sig) | 257 | int unhandled_signal(struct task_struct *tsk, int sig) |
| 258 | { | 258 | { |
| 259 | if (is_init(tsk)) | 259 | if (is_global_init(tsk)) |
| 260 | return 1; | 260 | return 1; |
| 261 | if (tsk->ptrace & PT_PTRACED) | 261 | if (tsk->ptrace & PT_PTRACED) |
| 262 | return 0; | 262 | return 0; |
diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 067554bda8b7..44868e4df1d3 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c | |||
| @@ -1888,7 +1888,7 @@ int proc_dointvec_bset(struct ctl_table *table, int write, struct file *filp, | |||
| 1888 | return -EPERM; | 1888 | return -EPERM; |
| 1889 | } | 1889 | } |
| 1890 | 1890 | ||
| 1891 | op = is_init(current) ? OP_SET : OP_AND; | 1891 | op = is_global_init(current) ? OP_SET : OP_AND; |
| 1892 | return do_proc_dointvec(table,write,filp,buffer,lenp,ppos, | 1892 | return do_proc_dointvec(table,write,filp,buffer,lenp,ppos, |
| 1893 | do_proc_dointvec_bset_conv,&op); | 1893 | do_proc_dointvec_bset_conv,&op); |
| 1894 | } | 1894 | } |