[patch 1/1][RFC] do not sys_reboot when not in init_pid_ns
Dave Hansen
dave at linux.vnet.ibm.com
Mon Nov 3 10:59:15 PST 2008
On Sun, 2008-11-02 at 01:00 +0100, Daniel Lezcano wrote:
> +++ net-next-2.6/kernel/sys.c
> @@ -355,6 +355,9 @@ asmlinkage long sys_reboot(int magic1, i
> if (!capable(CAP_SYS_BOOT))
> return -EPERM;
>
> + if (current->nsproxy->pid_ns != &init_pid_ns)
> + return 0;
> +
> /* For safety, we require "magic" arguments. */
> if (magic1 != LINUX_REBOOT_MAGIC1 ||
> (magic2 != LINUX_REBOOT_MAGIC2 &&
One problem I have with this is that it specifically defines being "in a
container" as being in a pid_ns other than the init_pid_ns. If we're
going to go down this road, it should be at *least*:
int in_a_container(void)
{
return current->nsproxy->pid_ns != &init_pid_ns;
}
But, this also sucks because we don't want to be introducing new code
paths all over the kernel for the "container" case. What we'll end up
with little craplets like this spread all over:
if (in_a_container()) {
/* don't ever test this code path */
}
:)
So I think we should avoid what you're trying to do here like the
plague.
-- Dave
More information about the Containers
mailing list