Here's a preview from my zine, How Containers Work!! If you want to see more comics like this, sign up for my saturday comics newsletter or browse more comics!
get the zine!
read the transcript!
the same process has different PIDs in different namespaces
PID in host / PID in container
23512 / 1 (PID 1 is special)
23513 / 4
23518 / 12
PID namespaces are in a tree
Diagram showing “host PID namespace (the root)” with three arrows coming down from it, each pointing to a label that says “child”.
Often the tree is just 1 level deep (every child is a container)
you can see processes in child PID namespaces
Illustration of a host, represented by a box with heart eyes and a big smile.
host: aw! look at all those containers running!
if PID 1 exits, everyone gets killed
Illustration of PID 1, represented by a box with a smiley face, and Linux, represented by its penguin mascot.
PID 1: ok I’m done!
Linux: I’m kill -q’ing everyone else in this PID namespace IMMEDIATELY
Killing PID 1 accidentally would be bad
Illustration of a container process, represented by a box with a smiley face, and Linux, represented by its penguin mascot.
container process: kill 1
Linux: do you WANT everyone to die? I’m not gonna let you do that
rules for signaling PID 1
- from same container: only works if the process has set a signal handler
- from the host: only SIGKILL and SIGSTOP are ok, or if there’s a signal handler