Why does ps show all processes in a new pid namespace?

Question

If I create a new PID namespace using unshare

sudo unshare -pf /bin/sh

and run ps ux,

# ps ux | head 
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.1 160536  9968 ?        Ss   11:37   0:18 /sbin/init splash
root         2  0.0  0.0      0     0 ?        S    11:37   0:00 [kthreadd]
root         4  0.0  0.0      0     0 ?        I<   11:37   0:00 [kworker/0:0H]
root         6  0.0  0.0      0     0 ?        I<   11:37   0:00 [mm_percpu_wq]
root         7  0.0  0.0      0     0 ?        S    11:37   0:00 [ksoftirqd/0]
root         8  0.1  0.0      0     0 ?        I    11:37   1:07 [rcu_sched]
root         9  0.0  0.0      0     0 ?        I    11:37   0:00 [rcu_bh]
root        10  0.0  0.0      0     0 ?        S    11:37   0:00 [migration/0]
root        11  0.0  0.0      0     0 ?        S    11:37   0:00 [watchdog/0]

it shows all processes that are running, including those in the root namespace. However, the current process in the new namespace has a PID 1, and is not the same process with PID 1 in the output of ps.

# echo $$
1

Shouldn't the processes in the new namespace be isolated?

Answer 1

i cant give you an excellent answer but the point is that when you enter to a new pid namespace you stay in the same mount namespace at the same time.

command ps uses /proc to get statisitcs. /proc is still kind of the same or almost the same, so ps reads /proc and see all the information about host pid namespace. to get ideal situation you need to create not only pid namespace but also new mount namespace. in this case ps will not show any "extra" information.

the good news when you work in the new pid namespace you cant kill any process in host name space in spite you see it. a better explanation you can find here - https://josephmuia.ca/2018-09-19-ps-proc-and-the-pid-namespace/