pid_namespaces.7: Mention unshare()+fork() failure case if "init" terminates

Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

diff --git a/man7/pid_namespaces.7 b/man7/pid_namespaces.7
index 294bad56b022e29857756631e70bf7ac044afedf..fb8de55be3ac659e3ed36c35524e27bd60ff367c 100644 (file)
--- a/man7/pid_namespaces.7
+++ b/man7/pid_namespaces.7
@@ -79,15 +79,24 @@ This behavior reflects the fact that the "init" process
 is essential for the correct operation of a PID namespace.
 In this case, a subsequent
 .BR fork (2)
-into this PID namespace (e.g., from a process that has done a
-.BR setns (2)
-into the namespace using an open file descriptor for a
-.I /proc/[pid]/ns/pid
-file corresponding to a process that was in the namespace)
-will fail with the error
+into this PID namespace will fail with the error
 .BR ENOMEM ;
 it is not possible to create a new processes in a PID namespace whose "init"
 process has terminated.
+Such scenarios can occur when, for example,
+a process uses an open file descriptor for a
+.I /proc/[pid]/ns/pid
+file corresponding to a process that was in a namespace to
+.BR setns (2)
+into that namespace after the "init" process has terminated.
+Another possible scenario can occur after a call to
+.BR unshare (2):
+if the first child subsequently created by a
+.BR fork (2)
+terminates, then subsequent calls to
+.BR fork (2)
+will fail with
+.BR ENOMEM .
 
 Only signals for which the "init" process has established a signal handler
 can be sent to the "init" process by other members of the PID namespace.