Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 02 May 2022 23:25:07 +0200
From: Florian Weimer <fweimer@...hat.com>
To: Rich Felker <dalias@...c.org>
Cc: Alexey Izbyshev <izbyshev@...ras.ru>,  musl@...ts.openwall.com
Subject: Re: vfork()-based posix_spawn() has more failure modes than
 fork()-based one

* Rich Felker:

> I'm trying to understand how this comes to be. The child should
> inherit the namespaces of the parent and thus should not be in a
> different namespace that precludes spawn. I'm guessing this is some
> oddity where unshare doesn't affect the process itself, only its
> children? If so, it seems like a bug that it doesn't affect the
> process itself after execve (after unshare(1) runs your test program),
> but that probably can't be fixed now on the Linux side for stability
> reasons. :(

It's about fundamentally conflicting requirements.

The vDSO data mapping needs to store the time offset, so it has to be
distinct from the original namespace.  vfork preserves the VM sharing.
It's not possible to do both things at the same time.

unshare(CLONE_NEWTIME) should have been specified to only take effect
after execve, when the vDSO is remapped anyway.

Thanks,
Florian

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.