prctl(PR_SET_PDEATHSIG, ...) should be called after fork(), not before
igor-anferov opened this issue · comments
Igor Anferov commented
From the official Linux documentation:
The parent-death signal setting is cleared for the child of a fork(2).
So, calling prctl(PR_SET_PDEATHSIG, ...)
before spawn()
, which is currently the case, doesn't make sense.
Thomas Orozco commented
The commit that introduced this explains the use case:
eb0f6de
Their goal was indeed to signal Tini when its parent dies, not to signal
Tini’s child when Tini dies.
…On Tue, 13 Jun 2023 at 16:24, Igor Anferov ***@***.***> wrote:
From the official Linux documentation
<https://man7.org/linux/man-pages/man2/prctl.2.html>:
The parent-death signal setting is cleared for the child of a fork(2).
So, calling prctl(PR_SET_PDEATHSIG, ...) before spawn(), which is
currently the case, doesn't make sense.
—
Reply to this email directly, view it on GitHub
<#213>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AANIHVTRI5BEKRWQ4PPLPCLXLBZYXANCNFSM6AAAAAAZE6XQOM>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
Igor Anferov commented
Aaah, I see, thanks for your explanation. But I still don't understand the last phrase from the commit message:
$ unshare --pid --fork setpriv --reuid user tini -s -p SIGKILL -- <prog>
As soon as unshare is getting killed, tini will get signalled SIGKILL
and exit as well, tearing down <prog> with it.
Why would be torn down in this case?
Thomas Orozco commented
When you’re in a PID namespace and PID1 in that namespace exits the rest of
the namespace will be killed too
…On Wed, 14 Jun 2023 at 01:40, Igor Anferov ***@***.***> wrote:
Aaah, I see, thanks for your explanation. But I still don't understand the
last phrase from the commit message:
$ unshare --pid --fork setpriv --reuid user tini -s -p SIGKILL -- <prog>
As soon as unshare is getting killed, tini will get signalled SIGKILL
and exit as well, tearing down <prog> with it.
Why would be torn down in this case?
—
Reply to this email directly, view it on GitHub
<#213 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AANIHVSNLP3L2GOOV7GBTXLXLD27TANCNFSM6AAAAAAZE6XQOM>
.
You are receiving this because you commented.Message ID:
***@***.***>
Igor Anferov commented
Got it, thank you!