OLD | NEW |
1 The [LinuxSUIDSandbox](LinuxSUIDSandbox.md) currently relies on support for the
CLONE\_NEWPID flag in Linux's [clone() system call](http://www.kernel.org/doc/ma
n-pages/online/pages/man2/clone.2.html). You can check whether your system supp
orts PID namespaces with the code below, which must be run as root: | 1 # Linux PID Namespace Support |
2 | 2 |
3 ``` | 3 The [LinuxSUIDSandbox](linux_suid_sandbox.md) currently relies on support for |
| 4 the `CLONE_NEWPID` flag in Linux's |
| 5 [clone() system call](http://www.kernel.org/doc/man-pages/online/pages/man2/clon
e.2.html). |
| 6 You can check whether your system supports PID namespaces with the code below, |
| 7 which must be run as root: |
| 8 |
| 9 ```c |
4 #define _GNU_SOURCE | 10 #define _GNU_SOURCE |
5 #include <unistd.h> | 11 #include <unistd.h> |
6 #include <sched.h> | 12 #include <sched.h> |
7 #include <stdio.h> | 13 #include <stdio.h> |
8 #include <sys/wait.h> | 14 #include <sys/wait.h> |
9 | 15 |
10 #if !defined(CLONE_NEWPID) | 16 #if !defined(CLONE_NEWPID) |
11 #define CLONE_NEWPID 0x20000000 | 17 #define CLONE_NEWPID 0x20000000 |
12 #endif | 18 #endif |
13 | 19 |
(...skipping 18 matching lines...) Expand all Loading... |
32 const pid_t child = clone(worker, stack + sizeof(stack), CLONE_NEWPID, NULL); | 38 const pid_t child = clone(worker, stack + sizeof(stack), CLONE_NEWPID, NULL); |
33 if (child == -1) { | 39 if (child == -1) { |
34 perror("clone"); | 40 perror("clone"); |
35 fprintf(stderr, "Clone failed. PID namespaces ARE NOT supported\n"); | 41 fprintf(stderr, "Clone failed. PID namespaces ARE NOT supported\n"); |
36 } | 42 } |
37 | 43 |
38 waitpid(child, NULL, 0); | 44 waitpid(child, NULL, 0); |
39 | 45 |
40 return 0; | 46 return 0; |
41 } | 47 } |
42 ``` | 48 ``` |
OLD | NEW |