diff options
| -rw-r--r-- | man7/namespaces.7 | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/man7/namespaces.7 b/man7/namespaces.7 index 5ca20a7e33..2224c96af1 100644 --- a/man7/namespaces.7 +++ b/man7/namespaces.7 @@ -345,6 +345,18 @@ the kernel terminates all of the processes in the namespace. This behavior reflects the fact that the "init" process is essential for the correct operation of a PID namespace. +Only signals for which the "init" process has established a signal handler +can be sent to the "init" process by other members of the PID namespace. +This restriction applies even to privileged processes, +and prevents other members of the PID namespace from +accidentally killing the "init" process. +However, within ancestor namespaces +the "init" process is treated as a normal user process: +any process can\(emsubject to the usual permission checks described in +.BR kill (2)\(emsend +any signal to the "init" process, +including signals that may result in its termination. + PID namespaces can be nested. When a new PID namespace is created, the processes in that namespace are visible |