On Tue, Nov 25, 2008 at 07:46:34PM -0800, Sukadev Bhattiprolu wrote: > To protect container-init from fatal signals, set SIGNAL_UNKILLABLE but > clear it if it receives SIGKILL from parent namespace - so it is still > killable from ancestor namespace. This sounds like a workaround. > Note that container-init is still somewhat special compared to 'normal > processes' - unhandled fatal signals like SIGUSR1 to a container-init > are dropped even if they are from ancestor namespace. SIGKILL from an > ancestor namespace is the only reliable way to kill a container-init. It sounds not right to make this special case for a "normal" process. However, no idea how to do this better. Bastian -- The heart is not a logical organ. -- Dr. Janet Wallace, "The Deadly Years", stardate 3479.4 _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers