diff options
| author | Michael Kerrisk <mtk.manpages@gmail.com> | 2013-01-22 23:14:45 +0100 |
|---|---|---|
| committer | Michael Kerrisk <mtk.manpages@gmail.com> | 2014-09-13 20:15:58 -0700 |
| commit | fc49d2ac6be360b45417d129545f9fc6f882b9f4 (patch) | |
| tree | d0d20ba78ea0bf7ab1853e3947d6013eb26a9f72 /man7/namespaces.7 | |
| parent | 3c967963958f4fb94a949d506287cb80e3af4057 (diff) | |
| download | man-pages-fc49d2ac6be360b45417d129545f9fc6f882b9f4.tar.gz | |
namespaces.7: Repair discussion of signals that can be sent to pidns init process
From outside a PID namespace, only the SIGKILL and SIGSTOP
signals can be sent to the init process.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
Diffstat (limited to 'man7/namespaces.7')
| -rw-r--r-- | man7/namespaces.7 | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/man7/namespaces.7 b/man7/namespaces.7 index 89f70e007b..ae80db832e 100644 --- a/man7/namespaces.7 +++ b/man7/namespaces.7 @@ -352,11 +352,16 @@ This restriction applies even to privileged processes, and prevents other members of the PID namespace from accidentally killing the "init" process. However, within ancestor namespaces -the "init" process is treated as a normal user process: +the "init" process is treated more like a normal user process: any process can\(emsubject to the usual permission checks described in .BR kill (2)\(emsend -any signal to the "init" process, -including signals that may result in its termination. +.B SIGKILL +or +.B SIGSTOP +to the "init" process. +Neither of these signals can be caught by the "init" process, +and so will result in the usual actions associated with those signals +(respectively, terminating and stopping the process). PID namespaces can be nested. When a new PID namespace is created, |