[Bug libc/26371] [RFE] please add clone3() wrapper (in particular the CLONE_INTO_CGROUP feature of it)

["mztyvop at 0pointer dot net" <sourceware-bugzilla@sourceware.org>]

https://sourceware.org/bugzilla/show_bug.cgi?id=26371

--- Comment #3 from Lennart Poettering <mztyvop at 0pointer dot net> ---
> My understanding if this issue is that the clone3 wrapper will not actually help you that much.

It would, if it was a wrapper like fork(), i.e. that it exposes this
return-twice behaviour. It would be much less useful if it was like glibc's
existing clone() wrapper, which hides that, or even worse if it was like
posix_spawn(), that gives us no chance to change process attributes in the
child between the clone3() and the execve().

> I suspect what you actually need is a way to perform certain system calls after calling clone3. The newly created userspace thread will eventually call execve, but it is *not* expected to replace the original process (unlike calling execve from a full libc thread created by pthread_create).

Correct.

> Can you describe in a bit more detail what you need? To what extent to do you need to share address space? Are you looking for a vfork-style clone? It makes things simpler because you could share the stack, and error reporting could use shared memory.

vfork() would not really suffice. We do NSS stuff (getpwnam() and friends) in
the child before we execve(), and that's blocking, but we really can't block
PID 1. In fact we do various other blocking things too there, that we
explicitly chose to do in the child so not to block PID 1.

> Which system calls do you need to call?

Many. The obvious ones are process attributes, such as nice levels, other
scheduling params, prctl, and so on. Then there's the per-process and
per-cgroup stuff exposed in the fs. For that we use open() and related calls. 
keyring stuff, selinux and other MAC stuff. fs namespacing stuff, seccomp
setup. There's some IPC going on, hidden behind NSS and in some form even in
our code. In some cases we ask a question via /dev/console (for confirmation,
if the user asks for interactive boot-up). We also set up some per-service dirs
if that's configured. Also, if people specify RootImage= we'll attach a
loopback block device and mount a file system off it as chroot() env.

We don't do threads in the child process between fork() and execve(), but
pretty much everything else ends up being on the table I guess.

> Would you be able to call different functions than the usual system call wrappers to perform the tasks you need?

Well, we invoke NSS to resolve user names and groups, and we don't know what
might be behind that...

-- 
You are receiving this mail because:
You are on the CC list for the bug.