See copy_process() in kernel/fork.c:
if (clone_flags & CLONE_THREAD) {
if ((clone_flags & (CLONE_NEWUSER | CLONE_NEWPID)) ||
(task_active_pid_ns(current) !=
current->nsproxy->pid_ns_for_children))
return ERR_PTR(-EINVAL);
}
current->nsproxy->pid_ns_for_children is where unshare(CLONE_NEWPID)
stashes the pending namespace.
Signed-off-by: Jann Horn <jannh@xxxxxxxxxx>
---
Does this look better? The "or called setns(2) on a file descriptor referring to
a PID namespace" still seems slightly arkward - do you think "or used setns(2)
to reassociate itself with a PID namespace" would be better?
man2/clone.2 | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/man2/clone.2 b/man2/clone.2
index 36a2e23df..bbca958ce 100644
--- a/man2/clone.2
+++ b/man2/clone.2
@@ -992,6 +992,16 @@ was not.
.\" (Since Linux 2.6.0-test6.)
.TP
.B EINVAL
+.B CLONE_THREAD
+was specified, but the current process previously called
+.BR unshare (2)
+with the
+.B CLONE_NEWPID
+flag or called
+.BR setns (2)
+on a file descriptor referring to a PID namespace.
+.TP
+.B EINVAL
.\" commit e66eded8309ebf679d3d3c1f5820d1f2ca332c71
Both
.B CLONE_FS
--
2.18.0.rc2.346.g013aa6912e-goog
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
