On Wed, Dec 11, 2024 at 01:37:40PM +0000, Pavel Begunkov wrote: > Also, do you block somewhere all other opcodes? If it's indeed > an under initialised task then it's not safe to run most of them, > and you'd never know in what way, unfortunately. An fs write > might need a net namespace, a send/recv might decide to touch > fs_struct and so on. I would not expect the new task to be under-initialised, beyond the fact that it doesn't have a userspace yet (e.g. it can't return to userspace without exec-ing first); if it is, that'd be a bug. It *should* be possible to do almost any reasonable opcode. For instance, reasonable possibilities include "write a byte to a pipe, open a file, install/rearrange some file descriptors, then exec".
