On Fri, May 18, 2018 at 5:35 PM Michael Kerrisk (man-pages)
<mtk.manpages@xxxxxxxxx> wrote:
>
> Hello Jann,
>
> I wonder if some things some in your patch may need fixing.
>
> I presume the general point is this:
> * If the process has previously called unshare(CLONE_NEWPID)
> or has done a setns() to a PID namespace, then...
> * It is not possible to employ clone(CLONE_THREAD)
>
> Is that correct?
Yes.
> See my comment on the patch, below.
>
> On 05/15/2018 07:14 PM, Jann Horn wrote:
> > See copy_process() in kernel/fork.c:
> >
> > if (clone_flags & CLONE_THREAD) {
> > if ((clone_flags & (CLONE_NEWUSER | CLONE_NEWPID)) ||
> > (task_active_pid_ns(current) !=
> > current->nsproxy->pid_ns_for_children))
> > return ERR_PTR(-EINVAL);
> > }
> >
> > current->nsproxy->pid_ns_for_children is where unshare(CLONE_NEWPID)
> > stashes the pending namespace.
> >
> > Signed-off-by: Jann Horn <jannh@xxxxxxxxxx>
> > ---
> > man2/clone.2 | 8 ++++++++
> > 1 file changed, 8 insertions(+)
> >
> > diff --git a/man2/clone.2 b/man2/clone.2
> > index 36a2e23df..b79ba8087 100644
> > --- a/man2/clone.2
> > +++ b/man2/clone.2
> > @@ -992,6 +992,14 @@ was not.
> > .\" (Since Linux 2.6.0-test6.)
> > .TP
> > .B EINVAL
> > +.B CLONE_THREAD
> > +was specified, but the current process previously called
> > +.BR setns (2)
> > +with the
> > +.B CLONE_NEWPID
> > +flag.
>
> The above piece is misphrased. I think you mean "unshare() with the
> CLONE_NEWPID" flag, right? Also, the setns() to a PID namespace case
> should also be mentioned, should it not?
Yeah, you're right. I'll send a v2.
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
