mirror of https://github.com/mkerrisk/man-pages
namespaces.7: Repair discussion of signals that can be sent to pidns init process
From outside a PID namespace, only the SIGKILL and SIGSTOP signals can be sent to the init process. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
3c96796395
commit
fc49d2ac6b
|
@ -352,11 +352,16 @@ This restriction applies even to privileged processes,
|
|||
and prevents other members of the PID namespace from
|
||||
accidentally killing the "init" process.
|
||||
However, within ancestor namespaces
|
||||
the "init" process is treated as a normal user process:
|
||||
the "init" process is treated more like a normal user process:
|
||||
any process can\(emsubject to the usual permission checks described in
|
||||
.BR kill (2)\(emsend
|
||||
any signal to the "init" process,
|
||||
including signals that may result in its termination.
|
||||
.B SIGKILL
|
||||
or
|
||||
.B SIGSTOP
|
||||
to the "init" process.
|
||||
Neither of these signals can be caught by the "init" process,
|
||||
and so will result in the usual actions associated with those signals
|
||||
(respectively, terminating and stopping the process).
|
||||
|
||||
PID namespaces can be nested.
|
||||
When a new PID namespace is created,
|
||||
|
|
Loading…
Reference in New Issue