'kill sig -1' must only apply to caller's namespace

Currently "kill <sig> -1" kills processes in all namespaces and breaks the
isolation of namespaces.  Earlier attempt to fix this was discussed at:

	http://lkml.org/lkml/2008/7/23/148

As suggested by Oleg Nesterov in that thread, use "task_pid_vnr() > 1"
check since task_pid_vnr() returns 0 if process is outside the caller's
namespace.

Signed-off-by: Sukadev Bhattiprolu <[email protected]>
Acked-by: Eric W. Biederman <[email protected]>
Tested-by: Daniel Hokka Zakrisson <[email protected]>
Signed-off-by: Oleg Nesterov <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>

diff --git a/kernel/signal.c b/kernel/signal.c
index 105217da5c82eeed7fef7d7c66cf8ec59c6cc2dc..4530fc65445518272ae851fa44e90378cfd908e1 100644 (file)
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -1144,7 +1144,8 @@ static int kill_something_info(int sig, struct siginfo *info, pid_t pid)
                struct task_struct * p;
 
                for_each_process(p) {
-                       if (p->pid > 1 && !same_thread_group(p, current)) {
+                       if (task_pid_vnr(p) > 1 &&
+                                       !same_thread_group(p, current)) {
                                int err = group_send_sig_info(sig, info, p);
                                ++count;
                                if (err != -EPERM)