Use separate pid namespace for worker processes (!22) · Merge requests · Arch Linux / arch-install-scripts

Jelle van der Waa requested to merge github/fork/Forty-Bot/pid_fix into master Jul 28, 2022

Created by: Forty-Bot

As described in 2be79c62 ("run the chroot in a new PID namespace"), child processes can hang around and keep various files open. This may prevent filesystems from being unmounted (as they are still in-use).

When adding unshare mode, I did not quite understand this distinction (and I wasn't testing with e.g. gnupg) so I didn't catch this. Fix this by always using unshare to create a second pid namespace for "worker" processes. This ensures that all children are dead when we start unmounting things. As the top-level unshare is no longer always necessary, convert the unshare variable to a binary value.

Admin message

Use separate pid namespace for worker processes

Merge request reports