Re: [PATCH v3] clone.2: Fix erroneous statement about CLONE_NEWPID|CLONE_PARENT

"Serge E. Hallyn" <serge@xxxxxxxxxx> · Sun, 13 Aug 2023 09:36:10 -0500



On Sun, Aug 13, 2023 at 03:55:25PM +0200, Alejandro Colomar wrote:
> From: Sargun Dhillon <sargun@xxxxxxxxx>
> 
> CLONE_NEWPID|CLONE_PARENT was only prohibited during a short period.
> That prohibition was introduced in Linux 3.12, in commit 40a0d32d1eaf
> ("fork: unify and tighten up CLONE_NEWUSER/CLONE_NEWPID checks"), but
> was a regression, and was fixed in Linux 3.13, in commit 1f7f4dde5c94
> ("fork:  Allow CLONE_PARENT after setns(CLONE_NEWPID)").
> 
> In this test program, one can see that it works:
> 
>  #include <err.h>
>  #include <linux/sched.h>
>  #include <sched.h>
>  #include <stdio.h>
>  #include <stdlib.h>
>  #include <sys/syscall.h>
>  #include <unistd.h>
> 
> static pid_t sys_clone3(struct clone_args *args);
> 
> int
> main(void)
> {
> 	int                ret;
> 	struct clone_args  args = {
> 		.flags = CLONE_PARENT | CLONE_NEWPID,
> 	};
> 
> 	printf("main program: pid: %d, and ppid: %d\n", getpid(), getppid());
> 
> 	ret = sys_clone3(&args);
> 	switch (ret) {
> 	case -1:
> 		err(EXIT_FAILURE, "clone3");
> 	case 0:
> 		printf("child: pid: %d, and ppid: %d\n", getpid(), getppid());
> 		exit(EXIT_SUCCESS);
> 	default:
> 		exit(EXIT_SUCCESS);
> 	}
> }
> 
> static pid_t
> sys_clone3(struct clone_args *args)
> {
> 	fflush(stdout);
> 	fflush(stderr);
> 	return syscall(SYS_clone3, args, sizeof(*args));
> }
> 
> This test program (successfully) outputs:
> 
>     # ./a.out
>     main program: pid: 34663, and ppid: 34662
>     child: pid: 1, and ppid: 0
> 
> Cowritten-by: Sargun Dhillon <sargun@xxxxxxxxx>
> Cc: Serge Hallyn <serge@xxxxxxxxxx>

Reviewed-by: Serge Hallyn <serge@xxxxxxxxxx>

> Cc: John Watts <contact@xxxxxxxxxx>
> Signed-off-by: Alejandro Colomar <alx@xxxxxxxxxx>
> ---
>  man2/clone.2 | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/man2/clone.2 b/man2/clone.2
> index b91b71831..7d2dc2339 100644
> --- a/man2/clone.2
> +++ b/man2/clone.2
> @@ -736,9 +736,7 @@ .SS The flags mask
>  can employ
>  .BR CLONE_NEWPID .
>  This flag can't be specified in conjunction with
> -.B CLONE_THREAD
> -or
> -.BR CLONE_PARENT .
> +.BR CLONE_THREAD .
>  .TP
>  .B CLONE_NEWUSER
>  (This flag first became meaningful for
> -- 
> 2.40.1