[RFC][v8][PATCH 0/10] Implement clone3() system call
Sukadev Bhattiprolu
sukadev at linux.vnet.ibm.com
Fri Oct 23 13:48:12 PDT 2009
Sukadev Bhattiprolu [sukadev at linux.vnet.ibm.com] wrote:
| Eric W. Biederman [ebiederm at xmission.com] wrote:
| | > Anyway, is RESERVED_PIDS meant for initial kernel-threads/daemons - if so
| | > would it be ok enforce it only in init_pid_ns ?
| |
| | It is mean for initial user space daemons, things that start on boot.
| |
| | I don't know how much the protection matters at this date, but we have it.
|
| Well, since it is not security or other critical restriction, can we allow
| set_pidmap() a free hand - even in init-pid-ns ? It could prevent a simple
| subtree C/R of one of the early daemons for debug for instance.
So here is how I have it at present. I would like to remove the RESERVED_PIDS
check in set_pidmap() if its ok to do so.
alloc_pid() does this:
if (target_pids)
set_pidmap(tmp, target_pids[i])
else
alloc_pidmap(tmp);
Sukadev
---
More information about the Containers
mailing list