namespaces.7: Repair discussion of signals that can be sent to pidns init process

From outside a PID namespace, only the SIGKILL and SIGSTOP
signals can be sent to the init process.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk 2013-01-22 23:14:45 +01:00
parent 3c96796395
commit fc49d2ac6b
1 changed files with 8 additions and 3 deletions

View File

@ -352,11 +352,16 @@ This restriction applies even to privileged processes,
and prevents other members of the PID namespace from
accidentally killing the "init" process.
However, within ancestor namespaces
the "init" process is treated as a normal user process:
the "init" process is treated more like a normal user process:
any process can\(emsubject to the usual permission checks described in
.BR kill (2)\(emsend
any signal to the "init" process,
including signals that may result in its termination.
.B SIGKILL
or
.B SIGSTOP
to the "init" process.
Neither of these signals can be caught by the "init" process,
and so will result in the usual actions associated with those signals
(respectively, terminating and stopping the process).
PID namespaces can be nested.
When a new PID namespace is created,