Hello Jann,
I wonder if some things some in your patch may need fixing.
I presume the general point is this:
* If the process has previously called unshare(CLONE_NEWPID)
or has done a setns() to a PID namespace, then...
* It is not possible to employ clone(CLONE_THREAD)
Is that correct?
See my comment on the patch, below.
On 05/15/2018 07:14 PM, Jann Horn wrote:
> See copy_process() in kernel/fork.c:
>
> if (clone_flags & CLONE_THREAD) {
> if ((clone_flags & (CLONE_NEWUSER | CLONE_NEWPID)) ||
> (task_active_pid_ns(current) !=
> current->nsproxy->pid_ns_for_children))
> return ERR_PTR(-EINVAL);
> }
>
> current->nsproxy->pid_ns_for_children is where unshare(CLONE_NEWPID)
> stashes the pending namespace.
>
> Signed-off-by: Jann Horn <jannh@xxxxxxxxxx>
> ---
> man2/clone.2 | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/man2/clone.2 b/man2/clone.2
> index 36a2e23df..b79ba8087 100644
> --- a/man2/clone.2
> +++ b/man2/clone.2
> @@ -992,6 +992,14 @@ was not.
> .\" (Since Linux 2.6.0-test6.)
> .TP
> .B EINVAL
> +.B CLONE_THREAD
> +was specified, but the current process previously called
> +.BR setns (2)
> +with the
> +.B CLONE_NEWPID
> +flag.
The above piece is misphrased. I think you mean "unshare() with the
CLONE_NEWPID" flag, right? Also, the setns() to a PID namespace case
should also be mentioned, should it not?
Thanks,
Michael
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
