Hi Andrew and Christian,
On 8/30/21 9:38 AM, Christian Brauner wrote:
On Sun, Aug 29, 2021 at 03:57:06PM -0400, Andrew Wock wrote:
Resending because it's my first time mailing the lkml and I used html.
Reattempting w/ gmail's plaintext mode. I apologise if this is
reaching you twice.
I noticed that clone3 can send the EACCES errno after I wrote a
program that used clone3 with the CLONE_INTO_CGROUP flag. To me, it's
important to know what kind of failure occurred if the clone3 fails,
so I was glad that a unique errno is set for this case, but it wasn't
documented on the clone man page.
In essence, any error that could occur during regular fs-based migration
at write-time can also occur during CLONE_INTO_CGROUP. The clone3()
manpage just has the inverse of that above statement:
"Note that all of the usual restrictions (described in cgroups(7)) on
placing a process into a version 2 cgroup apply."
Thanks for the patch! Applied.
And I added both of your comments into the git commit.
I've attached a patch and a test program.
Test program is attached as clone3_doc.c. Create
/sys/fs/cgroup/not-allowed as root, then run the program. It should
set errno to EACCES.
This is a manpage update, right? In that case it's not necessarily
needed to Cc lkml aka linux-kernel@... itself.
For the content:
Acked-by: Christian Brauner <christian.brauner@xxxxxxxxxx>
Thanks for that! Tag added.
(I have no idea what patch format Michael will accept so I can't really
ack that. :))
We very much prefer inline patches, preferably ones that apply easily
with git-apply(1). :)
Cheers,
Alex
Thanks,
Andrew Wock
#include <stdio.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <signal.h>
#include <fcntl.h>
#include <linux/sched.h> /* Definition of struct clone_args */
#include <sched.h> /* Definition of CLONE_* constants */
#include <sys/syscall.h> /* Definition of SYS_* constants */
#include <unistd.h>
/*
* Preconditions:
* - /sys/fs/cgroup/not-allowed is a real cgroup.
* - You are not root and do not have write permissions to
* /sys/fs/cgroup/not-allowed/cgroup.procs
*/
int main() {
pid_t pid;
int fd;
struct clone_args cl_args = {0};
char *cgPath = "/sys/fs/cgroup/not-allowed";
fd = open(cgPath, O_RDONLY);
if (fd == -1) {
fprintf(stderr, "Could not open cgroup %s: %s\n", cgPath, strerror(errno));
exit(1);
}
cl_args.exit_signal = SIGCHLD;
cl_args.flags = CLONE_INTO_CGROUP;
cl_args.cgroup = fd;
pid = syscall(SYS_clone3, &cl_args, sizeof(cl_args));
if (pid == -1) {
if (errno == EACCES) {
printf("EACCES detected\n");
exit(0);
}
fprintf(stderr, "Could not clone into cgroup: %s\n", strerror(errno));
} else if (pid == 0) {
fprintf(stderr, "Are you root, or do you have write access to %s?\n", cgPath);
}
exit(1);
}
--
Alejandro Colomar
Linux man-pages comaintainer; https://www.kernel.org/doc/man-pages/
http://www.alejandro-colomar.es/
