Hello Jann,
On 6/22/18 5:14 PM, Jann Horn wrote:
> See copy_process() in kernel/fork.c:
>
> if (clone_flags & CLONE_THREAD) {
> if ((clone_flags & (CLONE_NEWUSER | CLONE_NEWPID)) ||
> (task_active_pid_ns(current) !=
> current->nsproxy->pid_ns_for_children))
> return ERR_PTR(-EINVAL);
> }
>
> current->nsproxy->pid_ns_for_children is where unshare(CLONE_NEWPID)
> stashes the pending namespace.
>
> Signed-off-by: Jann Horn <jannh@xxxxxxxxxx>
> ---
>
> Does this look better? The "or called setns(2) on a file descriptor referring to
> a PID namespace" still seems slightly arkward - do you think "or used setns(2)
> to reassociate itself with a PID namespace" would be better?
Thanks. Patch applied. And I used your suggested alternate wording in
the above sentence.
Thanks,
Michael
> man2/clone.2 | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/man2/clone.2 b/man2/clone.2
> index 36a2e23df..bbca958ce 100644
> --- a/man2/clone.2
> +++ b/man2/clone.2
> @@ -992,6 +992,16 @@ was not.
> .\" (Since Linux 2.6.0-test6.)
> .TP
> .B EINVAL
> +.B CLONE_THREAD
> +was specified, but the current process previously called
> +.BR unshare (2)
> +with the
> +.B CLONE_NEWPID
> +flag or called
> +.BR setns (2)
> +on a file descriptor referring to a PID namespace.
> +.TP
> +.B EINVAL
> .\" commit e66eded8309ebf679d3d3c1f5820d1f2ca332c71
> Both
> .B CLONE_FS
>
--
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/
