mirror of https://github.com/mkerrisk/man-pages
namespaces.7: Clarify details of sending signals to init from ancestor PID namespaces
After email from Eric Biederman Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
b16d757dfd
commit
c0004fb480
|
@ -353,14 +353,23 @@ can be sent to the "init" process by other members of the PID namespace.
|
|||
This restriction applies even to privileged processes,
|
||||
and prevents other members of the PID namespace from
|
||||
accidentally killing the "init" process.
|
||||
However, within ancestor namespaces
|
||||
the "init" process is treated more like a normal user process:
|
||||
any process can\(emsubject to the usual permission checks described in
|
||||
|
||||
Likewise, a process in an ancestor namespace
|
||||
can\(emsubject to the usual permission checks described in
|
||||
.BR kill (2)\(emsend
|
||||
signals to the "init" process of a child PID namespace only
|
||||
if the "init" process has established a handler for that signal.
|
||||
(Within the handler, the
|
||||
.I siginfo_t
|
||||
.I si_pid
|
||||
field described in
|
||||
.BR sigaction (2)
|
||||
will be zero.)
|
||||
.B SIGKILL
|
||||
or
|
||||
.B SIGSTOP
|
||||
to the "init" process.
|
||||
are treated exceptionally:
|
||||
these signals are forcibly delivered when sent from an ancestor PID namespace.
|
||||
Neither of these signals can be caught by the "init" process,
|
||||
and so will result in the usual actions associated with those signals
|
||||
(respectively, terminating and stopping the process).
|
||||
|
|
Loading…
Reference in New Issue