namespaces.7: Explain why unshare() and setns() do not change caller's PID namespace

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
author: Michael Kerrisk <mtk.manpages@gmail.com> 2013-01-16 05:21:24 +0100
committer: Michael Kerrisk <mtk.manpages@gmail.com> 2014-09-13 20:15:58 -0700
commit: ca291567072e0dc3650db1ed499dc3f414dc2c03 (patch)
tree: 3e38c990bfbf96c774312581872dac958602187c /man7/namespaces.7
parent: e13b53a6116cfa602001b98fe05bf7d455c5618a (diff)
download: man-pages-ca291567072e0dc3650db1ed499dc3f414dc2c03.tar.gz
1 files changed, 19 insertions, 0 deletions
diff --git a/man7/namespaces.7 b/man7/namespaces.7
index 9a95e2407c..031e8919d3 100644
--- a/man7/namespaces.7
+++ b/man7/namespaces.7
@@ -416,6 +416,25 @@ then it isn't necessary to change the root directory:
 a new procfs instance can be mounted directly over
 .IR /proc .)
 
+Calls to
+.BR setns (2)
+that specify a PID namespace file descriptor
+and calls to
+.BR unshare (2)
+with the
+.BR CLONE_NEWPID
+flag cause children subsequently created
+by the caller to be placed in a different PID namespace from the caller.
+These calls do not, however,
+change the PID namespace of the calling process,
+because doing so would change the caller's idea of its own PID
+(as reported by
+.BR getpid ()),
+which would break many applications and libraries.
+To put things another way:
+a process's PID namespace membership is determined when the process is created
+and cannot be changed thereafter.
+
 Every thread in a process must be in the same PID namespace.
 For this reason, the two following call sequences will fail:
author	Michael Kerrisk <mtk.manpages@gmail.com>	2013-01-16 05:21:24 +0100
committer	Michael Kerrisk <mtk.manpages@gmail.com>	2014-09-13 20:15:58 -0700
commit	ca291567072e0dc3650db1ed499dc3f414dc2c03 (patch)
tree	3e38c990bfbf96c774312581872dac958602187c /man7/namespaces.7
parent	e13b53a6116cfa602001b98fe05bf7d455c5618a (diff)
download	man-pages-ca291567072e0dc3650db1ed499dc3f414dc2c03.tar.gz