From: Sukadev Bhattiprolu Date: Wed, 23 Sep 2009 22:57:20 +0000 (-0700) Subject: fork(): disable CLONE_PARENT for init X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=123be07b0b399670a7cc3d82fef0cb4f93ef885c;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git fork(): disable CLONE_PARENT for init When global or container-init processes use CLONE_PARENT, they create a multi-rooted process tree. Besides siblings of global init remain as zombies on exit since they are not reaped by their parent (swapper). So prevent global and container-inits from creating siblings. Signed-off-by: Sukadev Bhattiprolu Acked-by: Eric W. Biederman Acked-by: Roland McGrath Cc: Oren Laadan Cc: Oleg Nesterov Cc: Serge Hallyn Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/kernel/fork.c b/kernel/fork.c index 51ad0b0b7266..b51fd2ccb2f1 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -979,6 +979,16 @@ static struct task_struct *copy_process(unsigned long clone_flags, if ((clone_flags & CLONE_SIGHAND) && !(clone_flags & CLONE_VM)) return ERR_PTR(-EINVAL); + /* + * Siblings of global init remain as zombies on exit since they are + * not reaped by their parent (swapper). To solve this and to avoid + * multi-rooted process trees, prevent global and container-inits + * from creating siblings. + */ + if ((clone_flags & CLONE_PARENT) && + current->signal->flags & SIGNAL_UNKILLABLE) + return ERR_PTR(-EINVAL); + retval = security_task_create(clone_flags); if (retval) goto fork_out;