pid namespaces: allow signalling cgroup-init

Sukadev Bhattiprolu · Linus Torvalds · commit 0fbc26a6cfab · 2007-10-19T11:53:40.000-07:00
Only the global-init process must be special - any other cgroup-init
process must be killable to prevent run-away processes in the system.

TODO: 	Ideally we should allow killing the cgroup-init only from parent
	cgroup and prevent it being killed from within the cgroup.
	But that is a more complex change and will be addressed by a follow-on
	patch. For now allow the cgroup-init to be terminated by any process
	with sufficient privileges.

Signed-off-by: Sukadev Bhattiprolu &lt;sukadev@us.ibm.com&gt;
Acked-by: Pavel Emelyanov &lt;xemul@openvz.org&gt;
Cc: Oleg Nesterov &lt;oleg@tv-sign.ru&gt;
Cc: Sukadev Bhattiprolu &lt;sukadev@us.ibm.com&gt;
Cc: Paul Menage &lt;menage@google.com&gt;
Cc: "Eric W. Biederman" &lt;ebiederm@xmission.com&gt;
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
diff --git a/kernel/signal.c b/kernel/signal.c
@@ -1835,11 +1835,9 @@ int get_signal_to_deliver(siginfo_t *info, struct k_sigaction *return_ka,
 			continue;
 
 		/*
-		 * Init of a pid space gets no signals it doesn't want from
-		 * within that pid space. It can of course get signals from
-		 * its parent pid space.
+		 * Global init gets no signals it doesn't want.
 		 */
-		if (current == task_child_reaper(current))
+		if (is_global_init(current))
 			continue;
 
 		if (sig_kernel_stop(signr)) {
