Description of problem: Currently "kill <sig> -1" kills processes in all namespaces and breaks the isolation of namespaces. Use "task_pid_vnr() > 1" to check since task_pid_vnr() returns 0 if process is outside the caller's namespace. Upstream patch: http://git.kernel.org/linus/d25141a818383b3c3b09f065698c544a7a0ec6e7
Created attachment 339796 [details] Upstream patch
PID namespaces is merged in 2.6.24. http://lwn.net/Articles/259217/
Created attachment 339815 [details] Patch for mrg-1
(In reply to comment #12) > We might need this patch too: > commit 44c4e1b2581f7273ab14ef30b6430618801c57b1 > Author: Eric W. Biederman <ebiederm> > Date: Fri Feb 8 04:19:15 2008 -0800 > > pid: Extend/Fix pid_vnr Together with this patch: [root@rhel5-server-i386 ~]# uname -a Linux rhel5-server-i386 2.6.24.7-112.bz496032.el5 #1 SMP PREEMPT RT Mon Apr 20 04:12:17 EDT 2009 i686 i686 i386 GNU/Linux [root@rhel5-server-i386 ~]# bash [root@rhel5-server-i386 ~]# ps -e PID TTY TIME CMD 1 pts/0 00:00:00 bash 33 pts/0 00:00:00 bash 41 pts/0 00:00:00 ps [root@rhel5-server-i386 ~]# /bin/kill -s SIGKILL -1 Killed [root@rhel5-server-i386 ~]# ps -e PID TTY TIME CMD 1 pts/0 00:00:00 bash 43 pts/0 00:00:00 ps [root@rhel5-server-i386 ~]# /bin/kill -s SIGKILL -1 kill -1: No such process The other observation I had in comment #7 is also fixed with this patch. This is the expected behaviour. Thanks.
Created attachment 340468 [details] To be patched with comment #6
First I tested with 2.6.29.3-15.el5rt to make sure I could get everything to work as expected, and it did. Then I tested with2.6.24.7-115.el5rt and crashed the machine. After applying the patches from #15 and #6, then everything worked as expected.
This issue has been addressed in following products: MRG for RHEL-5 Via RHSA-2009:1081 https://rhn.redhat.com/errata/RHSA-2009-1081.html