[RFC][PATCH 4/5] Protect cinit from fatal signals
Bastian Blank
bastian at waldi.eu.org
Thu Dec 4 04:52:13 PST 2008
On Tue, Dec 02, 2008 at 12:51:30PM -0800, Sukadev Bhattiprolu wrote:
> Bastian Blank [bastian at waldi.eu.org] wrote:
> | No. They have are not special from the outside namespace.
> I agree that they should not be. But they are special today in at least one
> respect - terminating a container-init will terminate all processes in the
> container even those that are in unrelated process groups.
This is part of the definition.
> Secondly, a poorly written container-inits can take the entire container down,
> So we expect that container-inits to handle/ignore all signals rather than
> SIG_DFL them. Current global inits do that today and container-inits should
> too. It does not look like an unreasonable requirement.
So you intend to workaround tools which are used as container-init but
does not qualify for this work. Why?
> So the basic requirements are:
>
> - container-init receives/processes all signals from ancestor namespace.
> - container-init ignores fatal signals from own namespace.
>
> We are simplifying the first to say that:
>
> - parent-ns must have a way to terminate container-init
> - cinit will ignore SIG_DFL signals that may terminate cinit even if
> they come from parent ns
This is no simplification. This are more constraints.
Bastian
--
No one can guarantee the actions of another.
-- Spock, "Day of the Dove", stardate unknown
More information about the Containers
mailing list