namespaces/ns_child_exec.cThis is namespaces/ns_child_exec.c, an example to accompany the book, The Linux Programming Interface. This file is not printed in the book; it demonstrates Linux features that are not described in the book (typically features that have appeared since the book was published). The source code file is copyright 2025, Michael Kerrisk, and is licensed under the GNU General Public License, version 3. In the listing below, the names of Linux system calls and C library functions are hyperlinked to manual pages from the Linux man-pages project, and the names of functions implemented in the book are hyperlinked to the implementations of those functions.
|
/* ns_child_exec.c Copyright 2013, Michael Kerrisk Licensed under GNU General Public License v2 or later Create a child process that executes a shell command in new namespace(s). See https://lwn.net/Articles/532748/ */ #define _GNU_SOURCE #include <sched.h> #include <unistd.h> #include <stdlib.h> #include <sys/wait.h> #include <signal.h> #include <stdio.h> #include <sys/mman.h> #ifndef CLONE_NEWCGROUP /* Added in Linux 4.6 */ #define CLONE_NEWCGROUP 0x02000000 #endif /* A simple error-handling function: print an error message based on the value in 'errno' and terminate the calling process */ #define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \ } while (0)
static void usage(char *pname) { fprintf(stderr, "Usage: %s [options] cmd [arg...]\n", pname); fprintf(stderr, "Options can be:\n"); fprintf(stderr, " -C new cgroup namespace\n"); fprintf(stderr, " -i new IPC namespace\n"); fprintf(stderr, " -m new mount namespace\n"); fprintf(stderr, " -n new network namespace\n"); fprintf(stderr, " -p new PID namespace\n"); fprintf(stderr, " -u new UTS namespace\n"); fprintf(stderr, " -U new user namespace\n"); fprintf(stderr, " -v Display verbose messages\n"); exit(EXIT_FAILURE); }
static int /* Start function for cloned child */ childFunc(void *arg) { char **argv = arg; execvp(argv[0], argv); errExit("execvp"); } #define STACK_SIZE (1024 * 1024)
int main(int argc, char *argv[]) { int flags = 0; int verbose = 0; /* Parse command-line options. The initial '+' character in the final getopt() argument prevents GNU-style permutation of command-line options. That's useful, since sometimes the 'command' to be executed by this program itself has command-line options. We don't want getopt() to treat those as options to this program. */ int opt; while ((opt = getopt(argc, argv, "+CimnpuUv")) != -1) { switch (opt) { case 'C': flags |= CLONE_NEWCGROUP; break; case 'i': flags |= CLONE_NEWIPC; break; case 'm': flags |= CLONE_NEWNS; break; case 'n': flags |= CLONE_NEWNET; break; case 'p': flags |= CLONE_NEWPID; break; case 'u': flags |= CLONE_NEWUTS; break; case 'U': flags |= CLONE_NEWUSER; break; case 'v': verbose = 1; break; default: usage(argv[0]); } } if (optind >= argc) usage(argv[0]); char *stack = mmap(NULL, STACK_SIZE, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_STACK, -1, 0); if (stack == MAP_FAILED) errExit("mmap"); pid_t child_pid = clone(childFunc, stack + STACK_SIZE, flags | SIGCHLD, &argv[optind]); if (child_pid == -1) errExit("clone"); if (verbose) printf("%s: PID of child created by clone() is %ld\n", argv[0], (long) child_pid); munmap(stack, STACK_SIZE); /* Parent falls through to here */ if (waitpid(child_pid, NULL, 0) == -1) /* Wait for child */ errExit("waitpid"); if (verbose) printf("%s: terminating\n", argv[0]); exit(EXIT_SUCCESS); }
Note that, in most cases, the programs rendered in these web pages are not free standing: you'll typically also need a few other source files (mostly in the lib/ subdirectory) as well. Generally, it's easier to just download the entire source tarball and build the programs with make(1). By hovering your mouse over the various hyperlinked include files and function calls above, you can see which other source files this file depends on.