Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1108834imm; Thu, 6 Sep 2018 15:45:41 -0700 (PDT) X-Google-Smtp-Source: ANB0VdYWG47C8pR05QGwII6yIMNvDpfysXLu4G+/ZFjbWlZh4W4+uL+djNpVaCBSYWrFhYPXv0va X-Received: by 2002:a62:234d:: with SMTP id j74-v6mr5325403pfj.106.1536273941556; Thu, 06 Sep 2018 15:45:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536273941; cv=none; d=google.com; s=arc-20160816; b=kiMj8ov8IEZPRC3ZaTehUzxlTZquVSCsbPdGnVuuQcY9ykOd6RFyVFuyc4Kydx+Nns LrDcJ+KN7GURGUEnMVR2lstW0cwZpIlNrMK9cvrivRdqFGqs1o35o3wZ3z7WVRTaM84X vfaDSBzUfmrZqaWmXCkLOh5burIJM1LK1c7q+1Om12eiNsb4+PrVUDt46LkpGiDjprgb fX9y7geB1SwEDrDprv/xDz0fMB7AoCdaDRUOXEa9GbJEu7c+XRxPyhMtIkwrnVH07qHF hSqAUPtz0s6AjnIWmFNaozRxloUyuCjmzdJof3WRUco9P1ESm00p6az00T11zNQN0hmW 0WGQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date; bh=f9AuVYcTXsDnTmkN5MG90jMaUfCZkbSQ0GnuhePj7vo=; b=d7wqSLYSboyt76KOg4kvu+uGrNhX752juPaLkqcqBiyJ0ES33cjQqoL103fXGzPnRo 5lsBDUUK72DmW5FMCRW0RwCiKBgrzYpmemu6m8gNmgT4sc2QbFwiXNxlzWGGrMCyQshe mKPNOVc4ByNOm8B6lCuBXehBkAxeIapK/p/L/DdtEbQnZa9dCXJzbRc5uqfPEq+E09QN RIv47OjcTeVzvMcpnl8SKRXFnKB4cwojZZHYGedAhYf74kAiEhRnzcmbwNVPLV9Q8w8V mo9RK/LgacwxMo5QAoIayEC6y1WEQhxn6UVYUL6k1sBcjKmpXEThPvNNT3F315p4/Qu9 w6+A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o126-v6si6393773pfb.20.2018.09.06.15.45.25; Thu, 06 Sep 2018 15:45:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728130AbeIGDTv convert rfc822-to-8bit (ORCPT + 99 others); Thu, 6 Sep 2018 23:19:51 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:50762 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726116AbeIGDTv (ORCPT ); Thu, 6 Sep 2018 23:19:51 -0400 Received: from akpm3.svl.corp.google.com (unknown [104.133.8.65]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 596A8D0A; Thu, 6 Sep 2018 22:42:09 +0000 (UTC) Date: Thu, 6 Sep 2018 15:42:08 -0700 From: Andrew Morton To: =?ISO-8859-1?Q?J=FCrg?= Billeter Cc: Oleg Nesterov , Thomas Gleixner , Eric Biederman , linux-api@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v3 2/2] prctl: add PR_[GS]ET_KILLABLE Message-Id: <20180906154208.24f397896957116d1a644a3b@linux-foundation.org> In-Reply-To: <20180803144021.56920-2-j@bitron.ch> References: <20180730075241.24002-1-j@bitron.ch> <20180803144021.56920-1-j@bitron.ch> <20180803144021.56920-2-j@bitron.ch> X-Mailer: Sylpheed 3.6.0 (GTK+ 2.24.31; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 3 Aug 2018 16:40:21 +0200 J?rg Billeter wrote: > PR_SET_KILLABLE clears the SIGNAL_UNKILLABLE flag. This allows > CLONE_NEWPID tasks to restore normal signal behavior, opting out of the > special signal protection for init processes. This prctl does not allow > setting the SIGNAL_UNKILLABLE flag, only clearing. > > The SIGNAL_UNKILLABLE flag, which is implicitly set for tasks cloned > with CLONE_NEWPID, has the effect of ignoring all signals (from > userspace) if the corresponding handler is set to SIG_DFL. The only > exceptions are SIGKILL and SIGSTOP and they are only accepted if raised > from an ancestor namespace. > > SIGINT, SIGQUIT and SIGTSTP are used in job control for ^C, ^\, ^Z. > While a task with the SIGNAL_UNKILLABLE flag could install handlers for > these signals, this is not sufficient to implement a shell that uses > CLONE_NEWPID for child processes: > > * As SIGSTOP is ignored when raised from the SIGNAL_UNKILLABLE process > itself, it's not possible to implement the stop action in a custom > SIGTSTP handler. > * Many applications do not install handlers for these signals and > thus, job control won't work properly with unmodified applications. > > There are other scenarios besides job control in a shell where > applications rely on the default actions as described in signal(7) and > PID isolation may be useful. This new prctl makes the signal protection > for "init" processes optional, without breaking backward compatibility. This one is above my pay grade. Eric & Oleg: could you please provide input?