Resending because it's my first time mailing the lkml and I used html. Reattempting w/ gmail's plaintext mode. I apologise if this is reaching you twice. I noticed that clone3 can send the EACCES errno after I wrote a program that used clone3 with the CLONE_INTO_CGROUP flag. To me, it's important to know what kind of failure occurred if the clone3 fails, so I was glad that a unique errno is set for this case, but it wasn't documented on the clone man page. I've attached a patch and a test program. Test program is attached as clone3_doc.c. Create /sys/fs/cgroup/not-allowed as root, then run the program. It should set errno to EACCES. Thanks, Andrew Wock
#include <stdio.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <signal.h>
#include <fcntl.h>
#include <linux/sched.h> /* Definition of struct clone_args */
#include <sched.h> /* Definition of CLONE_* constants */
#include <sys/syscall.h> /* Definition of SYS_* constants */
#include <unistd.h>
/*
* Preconditions:
* - /sys/fs/cgroup/not-allowed is a real cgroup.
* - You are not root and do not have write permissions to
* /sys/fs/cgroup/not-allowed/cgroup.procs
*/
int main() {
pid_t pid;
int fd;
struct clone_args cl_args = {0};
char *cgPath = "/sys/fs/cgroup/not-allowed";
fd = open(cgPath, O_RDONLY);
if (fd == -1) {
fprintf(stderr, "Could not open cgroup %s: %s\n", cgPath, strerror(errno));
exit(1);
}
cl_args.exit_signal = SIGCHLD;
cl_args.flags = CLONE_INTO_CGROUP;
cl_args.cgroup = fd;
pid = syscall(SYS_clone3, &cl_args, sizeof(cl_args));
if (pid == -1) {
if (errno == EACCES) {
printf("EACCES detected\n");
exit(0);
}
fprintf(stderr, "Could not clone into cgroup: %s\n", strerror(errno));
} else if (pid == 0) {
fprintf(stderr, "Are you root, or do you have write access to %s?\n", cgPath);
}
exit(1);
}
Attachment:
clone.2.diff
Description: Binary data
