Date: Mon, 17 Nov 2003 12:49:54 -0800
From: Andrew Morton <akpm@osdl.org>
To: James Morris <jmorris@redhat.com>
Cc: sds@epoch.ncsc.mil, aviro@redhat.com, linux-kernel@vger.kernel.org,
       russell@coker.com.au
Subject: Re: [PATCH][RFC] Remove CLONE_FILES from init kernel thread
 creation
Message-Id: <20031117124954.6fa4e366.akpm@osdl.org>
In-Reply-To: <Xine.LNX.4.44.0311171439590.2731-100000@thoron.boston.redhat.com>
References: <Xine.LNX.4.44.0311171439590.2731-100000@thoron.boston.redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1307
Lines: 31

James Morris <jmorris@redhat.com> wrote:
>
> The patch below removes the CLONE_FILES flag from the kernel_thread() call
> which starts init.
> 
> This is to prevent other kernel threads from sharing file descriptors 
> opened by init (try 'lsof /dev/initctl' on a 2.6 system :-).
> 
> The reason this patch is being proposed is so that usermode helper apps
> launched via kernel threads (e.g. modprobe, hotplug) do not then inherit
> any such file descriptors.  This is not a problem in itself so far (other
> than being messy), but it is a problem for SELinux, which will otherwise
> need to grant access to /dev/initctl by modprobe and hotplug, a somewhat
> undesirable scenario.
> 
> As far as I can tell, there is no reason why init needs to be spawned with
> CLONE_FILES.  Please let me know if there are any objections to the
> change, which I would like to propose for 2.6.0+ as a cleanup.
> 

No, I can't think of a reason why we'd need CLONE_FILES in there.  I'll
toss it in and see what breaks.

I wonder why call_usermodehelper() uses CLONE_FILES...


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/