namespaces.7: Repair discussion of signals that can be sent to pidns init process

From outside a PID namespace, only the SIGKILL and SIGSTOP signals can be sent to the init process. Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
author: Michael Kerrisk <mtk.manpages@gmail.com> 2013-01-22 23:14:45 +0100
committer: Michael Kerrisk <mtk.manpages@gmail.com> 2014-09-13 20:15:58 -0700
commit: fc49d2ac6be360b45417d129545f9fc6f882b9f4 (patch)
tree: d0d20ba78ea0bf7ab1853e3947d6013eb26a9f72
parent: 3c967963958f4fb94a949d506287cb80e3af4057 (diff)
download: man-pages-fc49d2ac6be360b45417d129545f9fc6f882b9f4.tar.gz
1 files changed, 8 insertions, 3 deletions
diff --git a/man7/namespaces.7 b/man7/namespaces.7
index 89f70e007b..ae80db832e 100644
--- a/man7/namespaces.7
+++ b/man7/namespaces.7
@@ -352,11 +352,16 @@ This restriction applies even to privileged processes,
 and prevents other members of the PID namespace from
 accidentally killing the "init" process.
 However, within ancestor namespaces
-the "init" process is treated as a normal user process:
+the "init" process is treated more like a normal user process:
 any process can\(emsubject to the usual permission checks described in
 .BR kill (2)\(emsend
-any signal to the "init" process,
-including signals that may result in its termination.
+.B SIGKILL
+or
+.B SIGSTOP
+to the "init" process.
+Neither of these signals can be caught by the "init" process,
+and so will result in the usual actions associated with those signals
+(respectively, terminating and stopping the process).
 
 PID namespaces can be nested.
 When a new PID namespace is created,
author	Michael Kerrisk <mtk.manpages@gmail.com>	2013-01-22 23:14:45 +0100
committer	Michael Kerrisk <mtk.manpages@gmail.com>	2014-09-13 20:15:58 -0700
commit	fc49d2ac6be360b45417d129545f9fc6f882b9f4 (patch)
tree	d0d20ba78ea0bf7ab1853e3947d6013eb26a9f72
parent	3c967963958f4fb94a949d506287cb80e3af4057 (diff)
download	man-pages-fc49d2ac6be360b45417d129545f9fc6f882b9f4.tar.gz