On Tue, Dec 02, 2008 at 12:51:30PM -0800, Sukadev Bhattiprolu wrote: > Bastian Blank [bastian@xxxxxxxxxxxx] wrote: > | No. They have are not special from the outside namespace. > I agree that they should not be. But they are special today in at least one > respect - terminating a container-init will terminate all processes in the > container even those that are in unrelated process groups. This is part of the definition. > Secondly, a poorly written container-inits can take the entire container down, > So we expect that container-inits to handle/ignore all signals rather than > SIG_DFL them. Current global inits do that today and container-inits should > too. It does not look like an unreasonable requirement. So you intend to workaround tools which are used as container-init but does not qualify for this work. Why? > So the basic requirements are: > > - container-init receives/processes all signals from ancestor namespace. > - container-init ignores fatal signals from own namespace. > > We are simplifying the first to say that: > > - parent-ns must have a way to terminate container-init > - cinit will ignore SIG_DFL signals that may terminate cinit even if > they come from parent ns This is no simplification. This are more constraints. Bastian -- No one can guarantee the actions of another. -- Spock, "Day of the Dove", stardate unknown _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
