[PATCH 8/9] Manual pages: unshare.1: fix examples, part 2

From: Michael Kerrisk <mtk.manpages@gmail.com>
To: mtk.manpages@gmail.com, Karel Zak <kzak@redhat.com>
Cc: util-linux@vger.kernel.org
Subject: [PATCH 8/9] Manual pages: unshare.1: fix examples, part 2
Date: Sat, 23 May 2020 08:43:24 +0200	[thread overview]
Message-ID: <20200523064325.78491-8-mtk.manpages@gmail.com> (raw)
In-Reply-To: <20200523064325.78491-1-mtk.manpages@gmail.com>

The explanation of the --kill-child example was quite confused and
also the example shell demo was broken because of quoting issues.

It is not the case that the *children* of 'program' would adopted by
init, but rather that 'program' itself (which would be running as PID
1 inside the namespace and is a child of 'unshare') would be adopted
by init.

Rework the --kill-child example. Add a lot more explanation, and
expand the example shell session to give the reader a much better
picture of what is going on.

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 sys-utils/unshare.1 | 56 +++++++++++++++++++++++++++++++++++++++------
 1 file changed, 49 insertions(+), 7 deletions(-)

diff --git a/sys-utils/unshare.1 b/sys-utils/unshare.1
index b8ef371a0..38f7a62cf 100644
--- a/sys-utils/unshare.1
+++ b/sys-utils/unshare.1
@@ -317,16 +317,58 @@ makes sure that the bind mount is created on a shared filesystem.
 .EE
 .in
 .PP
-Reliable killing of subprocesses of the \fIprogram\fR.
-When \fBunshare\fR gets killed, everything below it gets killed as well.
-Without it, the children of \fIprogram\fR would have orphaned and
-been re-parented to PID 1.
+The following commands demonstrate the use of the
+.B \-\-kill-child
+option when creating a PID namespace, in order to ensure that when
+.B unshare
+is killed, all of the processes within the PID namespace are killed.
+.PP
+.in +4n
+.EX
+.BR "# set +m                " "# Don't print job status messages"
+.B # unshare \-\-pid \-\-fork \-\-mount\-proc \-\-kill\-child \-\- \e
+.B "       bash \-\-norc \-c \(aq(sleep 555 &) && (ps a &) && sleep 999\(aq &"
+[1] 53456
+#     PID TTY      STAT   TIME COMMAND
+      1 pts/3    S+     0:00 sleep 999
+      3 pts/3    S+     0:00 sleep 555
+      5 pts/3    R+     0:00 ps a
+
+.BR "# ps h \-o 'comm' $!     " "# Show that background job is unshare(1)"
+unshare
+.BR "# kill $!               " "# Kill unshare(1)
+.B # pidof sleep
+.EE
+.in
+.PP
+The
+.B pidof
+command prints no output, because the
+.B sleep
+processes have been killed.
+More precisely, when the
+.B sleep
+process that has PID 1 in the namespace (i.e., the namespace's init process)
+was killed, this caused all other processes in the namespace to be killed.
+By contrast, a similar series of commands where the
+.B \-\-kill\-child
+option is not used shows that when
+.B unshare
+terminates, the processes in the PID namespace are not killed:
 .PP
 .in +4n
 .EX
-.B # unshare \-pf \-\-kill-child \-\- bash \-c "(sleep 999 &) && sleep 1000" &
-.B # pid=$!
-.B # kill $pid
+.B # unshare \-\-pid \-\-fork \-\-mount\-proc \-\- \e
+.B "       bash \-\-norc \-c \(aq(sleep 555 &) && (ps a &) && sleep 999\(aq &"
+[1] 53479
+#     PID TTY      STAT   TIME COMMAND
+      1 pts/3    S+     0:00 sleep 999
+      3 pts/3    S+     0:00 sleep 555
+      5 pts/3    R+     0:00 ps a
+
+.B # kill $!
+.B # pidof sleep
+53482 53480
 .EE
 .in
 .PP
-- 
2.26.2

