1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
Index: linux-2.6.17/kernel/vserver/signal.c
===================================================================
--- linux-2.6.17.orig/kernel/vserver/signal.c
+++ linux-2.6.17/kernel/vserver/signal.c
@@ -78,7 +78,10 @@ int vc_ctx_kill(struct vx_info *vxi, voi
return -EFAULT;
/* special check to allow guest shutdown */
- if (!vx_info_flags(vxi, VXF_STATE_ADMIN, 0) && (vc_data.pid != 1))
+ if (!vx_info_flags(vxi, VXF_STATE_ADMIN, 0) &&
+ /* forbid killall pid=0 when init is present */
+ (((vc_data.pid < 1) && vxi->vx_initpid) ||
+ (vc_data.pid > 1)))
return -EACCES;
return vx_info_kill(vxi, vc_data.pid, vc_data.sig);
Index: linux-2.6.17/kernel/vserver/switch.c
===================================================================
--- linux-2.6.17.orig/kernel/vserver/switch.c
+++ linux-2.6.17/kernel/vserver/switch.c
@@ -276,7 +276,7 @@ long do_vserver(uint32_t cmd, uint32_t i
__VCMD(get_dlimit, 3, VCA_NONE, VCF_INFO);
/* lower admin commands */
- __VCMD(wait_exit, 4, VCA_VXI, VCF_ADMIN);
+ __VCMD(wait_exit, 4, VCA_VXI, VCF_INFO);
__VCMD(ctx_create_v0, 5, VCA_NONE, 0);
__VCMD(ctx_create, 5, VCA_NONE, 0);
__VCMD(ctx_migrate_v0, 5, VCA_VXI, VCF_ADMIN);
|
GitWeb
