# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2024-06-01 06:08+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: TH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "pid_namespaces" msgstr "" #. type: TH #: archlinux debian-unstable opensuse-tumbleweed #, no-wrap msgid "2024-05-02" msgstr "" #. type: TH #: archlinux debian-unstable #, no-wrap msgid "Linux man-pages 6.8" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "NAME" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "pid_namespaces - overview of Linux PID namespaces" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "DESCRIPTION" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "For an overview of namespaces, see B(7)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "PID namespaces isolate the process ID number space, meaning that processes " "in different PID namespaces can have the same PID. PID namespaces allow " "containers to provide functionality such as suspending/resuming the set of " "processes in the container and migrating the container to a new host while " "the processes inside the container maintain the same PIDs." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "PIDs in a new PID namespace start at 1, somewhat like a standalone system, " "and calls to B(2), B(2), or B(2) will produce processes " "with PIDs that are unique within the namespace." msgstr "" # #. ============================================================ #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Use of PID namespaces requires a kernel that is configured with the " "B option." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "The namespace init process" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The first process created in a new namespace (i.e., the process created " "using B(2) with the B flag, or the first child created " "by a process after a call to B(2) using the B flag) " "has the PID 1, and is the \"init\" process for the namespace (see " "B(1)). This process becomes the parent of any child processes that " "are orphaned because a process that resides in this PID namespace terminated " "(see below for further details)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "If the \"init\" process of a PID namespace terminates, the kernel terminates " "all of the processes in the namespace via a B signal. This " "behavior reflects the fact that the \"init\" process is essential for the " "correct operation of a PID namespace. In this case, a subsequent " "B(2) into this PID namespace fail with the error B; it is not " "possible to create a new process in a PID namespace whose \"init\" process " "has terminated. Such scenarios can occur when, for example, a process uses " "an open file descriptor for a IpidI file corresponding to a " "process that was in a namespace to B(2) into that namespace after " "the \"init\" process has terminated. Another possible scenario can occur " "after a call to B(2): if the first child subsequently created by a " "B(2) terminates, then subsequent calls to B(2) fail with " "B." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Only signals for which the \"init\" process has established a signal handler " "can be sent to the \"init\" process by other members of the PID namespace. " "This restriction applies even to privileged processes, and prevents other " "members of the PID namespace from accidentally killing the \"init\" process." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Likewise, a process in an ancestor namespace can\\[em]subject to the usual " "permission checks described in B(2)\\[em]send signals to the \"init\" " "process of a child PID namespace only if the \"init\" process has " "established a handler for that signal. (Within the handler, the " "I I field described in B(2) will be zero.) " "B or B are treated exceptionally: these signals are " "forcibly delivered when sent from an ancestor PID namespace. Neither of " "these signals can be caught by the \"init\" process, and so will result in " "the usual actions associated with those signals (respectively, terminating " "and stopping the process)." msgstr "" # #. ============================================================ #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Starting with Linux 3.4, the B(2) system call causes a signal to be " "sent to the namespace \"init\" process. See B(2) for more details." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Nesting PID namespaces" msgstr "" #. commit f2302505775fd13ba93f034206f1e2a587017929 #. The kernel constant MAX_PID_NS_LEVEL #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "PID namespaces can be nested: each PID namespace has a parent, except for " "the initial (\"root\") PID namespace. The parent of a PID namespace is the " "PID namespace of the process that created the namespace using B(2) " "or B(2). PID namespaces thus form a tree, with all namespaces " "ultimately tracing their ancestry to the root namespace. Since Linux 3.7, " "the kernel limits the maximum nesting depth for PID namespaces to 32." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A process is visible to other processes in its PID namespace, and to the " "processes in each direct ancestor PID namespace going back to the root PID " "namespace. In this context, \"visible\" means that one process can be the " "target of operations by another process using system calls that specify a " "process ID. Conversely, the processes in a child PID namespace can't see " "processes in the parent and further removed ancestor namespaces. More " "succinctly: a process can see (e.g., send signals with B(2), set nice " "values with B(2), etc.) only processes contained in its own PID " "namespace and in descendants of that namespace." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A process has one process ID in each of the layers of the PID namespace " "hierarchy in which is visible, and walking back though each direct ancestor " "namespace through to the root PID namespace. System calls that operate on " "process IDs always operate using the process ID that is visible in the PID " "namespace of the caller. A call to B(2) always returns the PID " "associated with the namespace in which the process was created." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Some processes in a PID namespace may have parents that are outside of the " "namespace. For example, the parent of the initial process in the namespace " "(i.e., the B(1) process with PID 1) is necessarily in another " "namespace. Likewise, the direct children of a process that uses " "B(2) to cause its children to join a PID namespace are in a " "different PID namespace from the caller of B(2). Calls to " "B(2) for such processes return 0." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "While processes may freely descend into child PID namespaces (e.g., using " "B(2) with a PID namespace file descriptor), they may not move in the " "other direction. That is to say, processes may not enter any ancestor " "namespaces (parent, grandparent, etc.). Changing PID namespaces is a one-" "way operation." msgstr "" # #. ============================================================ #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "The B B(2) operation can be used to discover the " "parental relationship between PID namespaces; see B(2)." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "setns(2) and unshare(2) semantics" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Calls to B(2) that specify a PID namespace file descriptor and calls " "to B(2) with the B flag cause children subsequently " "created by the caller to be placed in a different PID namespace from the " "caller. (Since Linux 4.12, that PID namespace is shown via the IpidI file, as described in B(7).) These " "calls do not, however, change the PID namespace of the calling process, " "because doing so would change the caller's idea of its own PID (as reported " "by B()), which would break many applications and libraries." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "To put things another way: a process's PID namespace membership is " "determined when the process is created and cannot be changed thereafter. " "Among other things, this means that the parental relationship between " "processes mirrors the parental relationship between PID namespaces: the " "parent of a process is either in the same namespace or resides in the " "immediate parent PID namespace." msgstr "" # #. ============================================================ #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A process may call B(2) with the B flag only once. " "After it has performed this operation, its IpidI symbolic link will be empty until the first child is " "created in the namespace." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Adoption of orphaned children" msgstr "" # #. Furthermore, by definition, the parent of the "init" process #. of a PID namespace resides in the parent PID namespace. #. ============================================================ #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When a child process becomes orphaned, it is reparented to the \"init\" " "process in the PID namespace of its parent (unless one of the nearer " "ancestors of the parent employed the B(2) B " "command to mark itself as the reaper of orphaned descendant processes). " "Note that because of the B(2) and B(2) semantics described " "above, this may be the \"init\" process in the PID namespace that is the " "I of the child's PID namespace, rather than the \"init\" process in " "the child's own PID namespace." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Compatibility of CLONE_NEWPID with other CLONE_* flags" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "In current versions of Linux, B can't be combined with " "B. Threads are required to be in the same PID namespace such " "that the threads in a process can send signals to each other. Similarly, it " "must be possible to see all of the threads of a process in the B(5) " "filesystem. Additionally, if two threads were in different PID namespaces, " "the process ID of the process sending a signal could not be meaningfully " "encoded when a signal is sent (see the description of the I type " "in B(2)). Since this is computed when a signal is enqueued, a " "signal queue shared by processes in multiple PID namespaces would defeat " "that." msgstr "" # #. Note these restrictions were all introduced in #. 8382fcac1b813ad0a4e68a838fc7ae93fa39eda0 #. when CLONE_NEWPID|CLONE_VM was disallowed #. (restriction lifted in faf00da544045fdc1454f3b9e6d7f65c841de302) #. (restriction lifted in e79f525e99b04390ca4d2366309545a836c03bf1) #. ============================================================ #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "In earlier versions of Linux, B was additionally disallowed " "(failing with the error B) in combination with B " "(before Linux 4.3) as well as B (before Linux 3.12). The changes " "that lifted these restrictions have also been ported to earlier stable " "kernels." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "/proc and PID namespaces" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "A I filesystem shows (in the Ipid directories) only processes " "visible in the PID namespace of the process that performed the mount, even " "if the I filesystem is viewed from processes in other namespaces." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "After creating a new PID namespace, it is useful for the child to change its " "root directory and mount a new procfs instance at I so that tools " "such as B(1) work correctly. If a new mount namespace is " "simultaneously created by including B in the I argument " "of B(2) or B(2), then it isn't necessary to change the root " "directory: a new procfs instance can be mounted directly over I." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "From a shell, the command to mount I is:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "$ mount -t proc proc /proc\n" msgstr "" # #. ============================================================ #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "Calling B(2) on the path I yields the process ID of " "the caller in the PID namespace of the procfs mount (i.e., the PID namespace " "of the process that mounted the procfs). This can be useful for " "introspection purposes, when a process wants to discover its PID in other " "namespaces." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "/proc files" msgstr "" #. type: TP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "B (since Linux 3.3)" msgstr "" #. commit b8f566b04d3cddd192cfd2418ae6d54ac6353792 #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This file (which is virtualized per PID namespace) displays the last PID " "that was allocated in this PID namespace. When the next PID is allocated, " "the kernel will search for the lowest unallocated PID that is greater than " "this value, and when this file is subsequently read it will show that PID." msgstr "" # #. This ability is necessary to support checkpoint restore in user-space #. ============================================================ #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "This file is writable by a process that has the B or (since " "Linux 5.9) B capability inside the user namespace " "that owns the PID namespace. This makes it possible to determine the PID " "that is allocated to the next process that is created inside this PID " "namespace." msgstr "" #. type: SS #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "Miscellaneous" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "When a process ID is passed over a UNIX domain socket to a process in a " "different PID namespace (see the description of B in " "B(7)), it is translated into the corresponding PID value in the " "receiving process's PID namespace." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "STANDARDS" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-leap-15-6 opensuse-tumbleweed msgid "Linux." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "EXAMPLES" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "See B(7)." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed #, no-wrap msgid "SEE ALSO" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-leap-15-6 opensuse-tumbleweed msgid "" "B(2), B(2), B(2), B(2), B(5), " "B(7), B(7), B(7), " "B(7), B(7), B(8)" msgstr "" #. type: TH #: debian-bookworm #, no-wrap msgid "2023-02-05" msgstr "" #. type: TH #: debian-bookworm #, no-wrap msgid "Linux man-pages 6.03" msgstr "" #. type: Plain text #: debian-bookworm msgid "Namespaces are a Linux-specific feature." msgstr "" #. type: TH #: fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "2023-10-31" msgstr "" #. type: TH #: fedora-40 mageia-cauldron #, no-wrap msgid "Linux man-pages 6.06" msgstr "" #. type: TH #: fedora-rawhide #, no-wrap msgid "Linux man-pages 6.7" msgstr "" #. type: TH #: opensuse-leap-15-6 #, no-wrap msgid "2023-03-30" msgstr "" #. type: TH #: opensuse-leap-15-6 #, no-wrap msgid "Linux man-pages 6.04" msgstr "" #. type: TH #: opensuse-tumbleweed #, no-wrap msgid "Linux man-pages (unreleased)" msgstr ""