On Sat, Aug 12, 2023 at 1:05 PM John Watts <contact@xxxxxxxxxx> wrote:
>
> On Sat, Aug 12, 2023 at 07:51:43PM +0200, Alejandro Colomar wrote:
> > Does this depend on any recent kernel version? In my system,
> > the assertion fails.
> >
> >
> > $ cat clone.c
> > ...
> >
> > $ cc -Wall -Wextra clone.c
> > $ ./a.out
> > main program: pid: 18783, and ppid: 18703
> > a.out: clone.c:24: main: Assertion `ret != -1' failed.
> > Aborted
It looks like this was added in
1f7f4dde5c945f41a7abc2285be43d918029ecc5 in v3.13.
>
> On my systerm I get the same result. strace says this:
>
> clone3({flags=CLONE_PARENT|CLONE_NEWPID, exit_signal=0, stack=NULL, stack_size=0}, 88) = -1 EPERM (Operation not permitted)
>
> However when running as root it works.
>
> John.
CLONE_NEWPID requires privileges.
See:
Only a privileged process (CAP_SYS_ADMIN) can employ
CLONE_NEWPID. This flag can't be specified in conjunction
with CLONE_THREAD or CLONE_PARENT.
