Re: For review: pid_namespaces(7) man page

[Eric W. Biederman]

Rob Landley <rob@xxxxxxxxxxx> writes:

> On 03/04/2013 11:52:19 AM, Eric W. Biederman wrote:
>> > How about this:
>> >
>> >        The  point  here is that unshare(2) and setns(2) change the  
>> PID
>> >        namespace for processes subsequently created by the caller,  
>> but
>> >        not  for the calling process, while clone(2) CLONE_VM  
>> specifies
>> >        the creation of a new thread in the same process.
>> 
>> Hmm.  How about this.
>> 
>>          The point here is that unshare(2) and setns(2) change the PID
>>          namespace that will be used by in all subsequent calls to  
>> clone
>>          and fork by the caller, but not for the calling process, and
>>          that all threads in a process must share the same PID
>>          namespace.  Which makes a subsequent clone(2) CLONE_VM
>>          specify the creation of a new thread in the a different PID
>>          namespace but in the same process which is impossible.
>
> CLONE_VM and CLONE_NEWPID are incompatible because all threads of the  
> same process must be in the same PID namespace. Since unshare(2) and  
> setns(2) change the PID namespace for subsequent calls to clone(2),  
> those subsequent calls cannot create new threads (unless you setns(2)  
> back to the original namespace first).
>
> That last bit's a guess. :)

Good wording thank you, and the last bit is right.  You can restore
the pid namespace  with setns(2), and that will allow thread and process
creation creation again.

Eric

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/