1

run bash in a new namespace with unshare pid

$ sudo unshare -fp bash

then run cat, and try to interrupt by press ctrl+c

$ cat
^C

cat is not killed. it seems cat not receive the SIGINT signal, but press ctrl+d, cat exit.

there's no this problem, if run without -fp.

$ sudo unshare bash
yuanjianpeng
  • 335
  • 1
  • 9
  • The explanation for option `-f` in https://man7.org/linux/man-pages/man1/unshare.1.html states "Fork the specified *program* as a child process of `unshare` rather than running it directly. This is useful when creating a new PID namespace. Note that when `unshare` is waiting for the child process, then it ignores `SIGINT` and `SIGTERM` and does not forward any signals to the child. It is necessary to send signals to the child process." (CTRL+C normally sends `SIGINT`.) – Bodo Jan 14 '22 at 16:30
  • @Bodo but without the -f option, I got error `bash: fork: Cannot allocate memory` – yuanjianpeng Jan 15 '22 at 05:42
  • @Bodo how docker support this condition – yuanjianpeng Jan 15 '22 at 05:59
  • I didn't recommend to remove the `-f` option but only cited the part of the documentation that explains why your prosecc doesn't receive a signal when you press CTRL+C. – Bodo Jan 17 '22 at 09:00

1 Answers1

0

I write a helper command to do a fork, then unshare don't need the -f option.

#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <sys/wait.h>

int main(int argc, char **argv)
{
    int pid;

    if (argc == 1) {
        fprintf(stderr, "invalid arguments\n");
        return 1;
    }

    pid = fork();
    if (pid < 0) {
        fprintf(stderr, "fork failed: %s\n", strerror(errno));
        return 1;
    }
    else if (pid == 0) {
        execvp(argv[1], &argv[1]);
        fprintf(stderr, "execvp failed: %s\n", strerror(errno));
        return 1;
    }

    while (wait(NULL) != -1);
    return 0;
}

then call like this

$ sudo unshare -p unshare-pid-start /bin/bash -i
yuanjianpeng
  • 335
  • 1
  • 9