pidns: Don't allow new processes in a dead pid namespace.
By adding a flag to track when a pid namespace is dead, and
by testing that flag just before a process attaches to the
pid namespace, it is possible to guarantee that processes
never enter a dead pid namespace. Currently sending SIGKILL
to all of the process in a dead pid namespace gives us this
guarantee but we need something a little strong to support
unsharing and joining a pid namespace.
To ensure that this does not slow down the common case I
tested this code with lat_proc from lm_bench and I did
not see any increase in the fork overhead.
Signed-off-by: Eric W. Biederman <firstname.lastname@example.org>
4 files changed