mirror of https://github.com/mkerrisk/man-pages
namespaces.7: Note treatment of PID namespace "init" process with respect to signals
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
33a3c1b8ec
commit
e17d07c17b
|
@ -345,6 +345,18 @@ the kernel terminates all of the processes in the namespace.
|
|||
This behavior reflects the fact that the "init" process
|
||||
is essential for the correct operation of a PID namespace.
|
||||
|
||||
Only signals for which the "init" process has established a signal handler
|
||||
can be sent to the "init" process by other members of the PID namespace.
|
||||
This restriction applies even to privileged processes,
|
||||
and prevents other members of the PID namespace from
|
||||
accidentally killing the "init" process.
|
||||
However, within ancestor namespaces
|
||||
the "init" process is treated as a normal user process:
|
||||
any process can\(emsubject to the usual permission checks described in
|
||||
.BR kill (2)\(emsend
|
||||
any signal to the "init" process,
|
||||
including signals that may result in its termination.
|
||||
|
||||
PID namespaces can be nested.
|
||||
When a new PID namespace is created,
|
||||
the processes in that namespace are visible
|
||||
|
|
Loading…
Reference in New Issue