mirror of https://github.com/mkerrisk/man-pages
namespaces.7: Repair discussion of signals that can be sent to pidns init process
From outside a PID namespace, only the SIGKILL and SIGSTOP signals can be sent to the init process. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
3c96796395
commit
fc49d2ac6b
|
@ -352,11 +352,16 @@ This restriction applies even to privileged processes,
|
||||||
and prevents other members of the PID namespace from
|
and prevents other members of the PID namespace from
|
||||||
accidentally killing the "init" process.
|
accidentally killing the "init" process.
|
||||||
However, within ancestor namespaces
|
However, within ancestor namespaces
|
||||||
the "init" process is treated as a normal user process:
|
the "init" process is treated more like a normal user process:
|
||||||
any process can\(emsubject to the usual permission checks described in
|
any process can\(emsubject to the usual permission checks described in
|
||||||
.BR kill (2)\(emsend
|
.BR kill (2)\(emsend
|
||||||
any signal to the "init" process,
|
.B SIGKILL
|
||||||
including signals that may result in its termination.
|
or
|
||||||
|
.B SIGSTOP
|
||||||
|
to the "init" process.
|
||||||
|
Neither of these signals can be caught by the "init" process,
|
||||||
|
and so will result in the usual actions associated with those signals
|
||||||
|
(respectively, terminating and stopping the process).
|
||||||
|
|
||||||
PID namespaces can be nested.
|
PID namespaces can be nested.
|
||||||
When a new PID namespace is created,
|
When a new PID namespace is created,
|
||||||
|
|
Loading…
Reference in New Issue