For review: pid_namespaces(7) man page
Eric W. Biederman
ebiederm at xmission.com
Fri Mar 1 08:36:03 UTC 2013
"Michael Kerrisk (man-pages)" <mtk.manpages at gmail.com> writes:
> [CC += Lennart]
>
> On Thu, Feb 28, 2013 at 3:24 PM, Vasily Kulikov <segoon at openwall.com> wrote:
>> Hi Michael,
>>
>> On Thu, Feb 28, 2013 at 12:24 +0100, Michael Kerrisk (man-pages) wrote:
>>> The namespace init process
>>> The first process created in a new namespace (i.e., the process
>>> created using clone(2) with the CLONE_NEWPID flag, or the first
>>> child created by a process after a call to unshare(2) using the
>>> CLONE_NEWPID flag) has the PID 1, and is the "init" process for
>>> the namespace (see init(1)). Children that are orphaned within
>>> the namespace will be reparented to this process rather than
>>> init(1).
>>
>> Probably it worth noting here that this is true unless
>> prctl() with PR_SET_CHILD_SUBREAPER option is called.
>
> Thanks Vasily. It probably is worth mentioning that, and I will add some words.
>
> One thing I am not sure of (have not tested), but maybe you (or Eric)
> know the answer: does the effect of PR_SET_CHILD_SUBREAPER cross a
> PID namespace boundary?
No.
> In other words, if it was a process in the
> parent PID namespace that employed PR_SET_CHILD_SUBREAPER , will that
> affect child processes in a child PID namespace, or wiill
> PR_SET_CHILD_SUBREAPER only apply to child processes in the same PID
> namespace as the caller?
With respect to reparenting it acts like an additional pid namespace
init is on the path.
If you want to read the code it is in kernel/exit.c:find_new_reaper().
called from forget_original_parent, which does the actual reparenting.
Eric
More information about the Containers
mailing list