public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
From: "mztyvop at 0pointer dot net" <sourceware-bugzilla@sourceware.org> To: glibc-bugs@sourceware.org Subject: [Bug libc/26371] [RFE] please add clone3() wrapper (in particular the CLONE_INTO_CGROUP feature of it) Date: Tue, 25 Aug 2020 14:57:26 +0000 [thread overview] Message-ID: <bug-26371-131-aiyChz0Wus@http.sourceware.org/bugzilla/> (raw) In-Reply-To: <bug-26371-131@http.sourceware.org/bugzilla/> https://sourceware.org/bugzilla/show_bug.cgi?id=26371 --- Comment #3 from Lennart Poettering <mztyvop at 0pointer dot net> --- > My understanding if this issue is that the clone3 wrapper will not actually help you that much. It would, if it was a wrapper like fork(), i.e. that it exposes this return-twice behaviour. It would be much less useful if it was like glibc's existing clone() wrapper, which hides that, or even worse if it was like posix_spawn(), that gives us no chance to change process attributes in the child between the clone3() and the execve(). > I suspect what you actually need is a way to perform certain system calls after calling clone3. The newly created userspace thread will eventually call execve, but it is *not* expected to replace the original process (unlike calling execve from a full libc thread created by pthread_create). Correct. > Can you describe in a bit more detail what you need? To what extent to do you need to share address space? Are you looking for a vfork-style clone? It makes things simpler because you could share the stack, and error reporting could use shared memory. vfork() would not really suffice. We do NSS stuff (getpwnam() and friends) in the child before we execve(), and that's blocking, but we really can't block PID 1. In fact we do various other blocking things too there, that we explicitly chose to do in the child so not to block PID 1. > Which system calls do you need to call? Many. The obvious ones are process attributes, such as nice levels, other scheduling params, prctl, and so on. Then there's the per-process and per-cgroup stuff exposed in the fs. For that we use open() and related calls. keyring stuff, selinux and other MAC stuff. fs namespacing stuff, seccomp setup. There's some IPC going on, hidden behind NSS and in some form even in our code. In some cases we ask a question via /dev/console (for confirmation, if the user asks for interactive boot-up). We also set up some per-service dirs if that's configured. Also, if people specify RootImage= we'll attach a loopback block device and mount a file system off it as chroot() env. We don't do threads in the child process between fork() and execve(), but pretty much everything else ends up being on the table I guess. > Would you be able to call different functions than the usual system call wrappers to perform the tasks you need? Well, we invoke NSS to resolve user names and groups, and we don't know what might be behind that... -- You are receiving this mail because: You are on the CC list for the bug.
next prev parent reply other threads:[~2020-08-25 14:57 UTC|newest] Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-08-11 10:24 [Bug libc/26371] New: " mztyvop at 0pointer dot net 2020-08-12 13:35 ` [Bug libc/26371] " christian.brauner at ubuntu dot com 2020-08-25 12:39 ` fweimer at redhat dot com 2020-08-25 12:46 ` christian.brauner at ubuntu dot com 2020-08-25 14:57 ` mztyvop at 0pointer dot net [this message] 2020-08-25 15:07 ` mztyvop at 0pointer dot net 2020-08-25 15:12 ` mztyvop at 0pointer dot net 2020-09-21 11:38 ` fweimer at redhat dot com 2020-09-21 12:37 ` mztyvop at 0pointer dot net 2020-09-22 9:45 ` fweimer at redhat dot com 2021-06-29 22:40 ` crrodriguez at opensuse dot org 2023-06-01 12:53 ` bluca at debian dot org 2023-06-01 13:24 ` bluca at debian dot org 2023-06-01 18:46 ` carlos at redhat dot com 2023-06-02 0:58 ` sam at gentoo dot org 2023-06-26 11:48 ` bluca at debian dot org 2023-07-03 18:52 ` adhemerval.zanella at linaro dot org 2023-07-03 19:32 ` bluca at debian dot org 2023-09-05 16:11 ` adhemerval.zanella at linaro dot org 2023-09-05 16:20 ` bluca at debian dot org 2024-02-06 10:59 ` bluca at debian dot org 2024-02-06 12:38 ` adhemerval.zanella at linaro dot org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-26371-131-aiyChz0Wus@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=glibc-bugs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).