clone, __clone2 — create a child process
#define _GNU_SOURCE #include <sched.h>
int clone( |
int (*fn)( void
*) , |
void *child_stack, | |
int flags, | |
void *arg, | |
... /* pid_t *ptid, struct
user_desc *tls, pid_t *ctid
*/) ; |
clone
() creates a new
process, in a manner similar to fork(2). It is actually a
library function layered on top of the underlying
clone
() system call,
hereinafter referred to as sys_clone
. A description of
sys_clone
is given
towards the end of this page.
Unlike fork(2), these calls allow
the child process to share parts of its execution context
with the calling process, such as the memory space, the table
of file descriptors, and the table of signal handlers. (Note
that on this manual page, "calling process" normally
corresponds to "parent process". But see the description of
CLONE_PARENT
below.)
The main use of clone
() is
to implement threads: multiple threads of control in a
program that run concurrently in a shared memory space.
When the child process is created with clone
(), it executes the function
application fn
(arg
). (This differs from
fork(2), where execution
continues in the child from the point of the fork(2) call.) The
fn
argument is a
pointer to a function that is called by the child process at
the beginning of its execution. The arg
argument is passed to the
fn
function.
When the fn
(arg
) function application
returns, the child process terminates. The integer returned
by fn
is the exit
code for the child process. The child process may also
terminate explicitly by calling exit(2) or after receiving
a fatal signal.
The child_stack
argument specifies the location of the stack used by the
child process. Since the child and calling process may share
memory, it is not possible for the child process to execute
in the same stack as the calling process. The calling process
must therefore set up memory space for the child stack and
pass a pointer to this space to clone
(). Stacks grow downwards on all
processors that run Linux (except the HP PA processors), so
child_stack
usually
points to the topmost address of the memory space set up for
the child stack.
The low byte of flags
contains the number of
the termination signal
sent to the parent when the child dies. If this signal is
specified as anything other than SIGCHLD
, then the parent process must
specify the __WALL
or
__WCLONE
options when waiting
for the child with wait(2). If no signal is
specified, then the parent process is not signaled when the
child terminates.
flags
may also be
bitwise-or'ed with zero or more of the following constants,
in order to specify what is shared between the calling
process and the child process:
CLONE_CHILD_CLEARTID
(since Linux
2.5.49)Erase child thread ID at location ctid
in child memory
when the child exits, and do a wakeup on the futex at
that address. The address involved may be changed by
the set_tid_address(2)
system call. This is used by threading libraries.
CLONE_CHILD_SETTID
(since Linux
2.5.49)Store child thread ID at location ctid
in child
memory.
CLONE_FILES
If CLONE_FILES
is set,
the calling process and the child process share the
same file descriptor table. Any file descriptor created
by the calling process or by the child process is also
valid in the other process. Similarly, if one of the
processes closes a file descriptor, or changes its
associated flags (using the fcntl(2) F_SETFD
operation), the other process
is also affected.
If CLONE_FILES
is not
set, the child process inherits a copy of all file
descriptors opened in the calling process at the time
of clone
(). (The
duplicated file descriptors in the child refer to the
same open file descriptions (see open(2)) as the
corresponding file descriptors in the calling process.)
Subsequent operations that open or close file
descriptors, or change file descriptor flags, performed
by either the calling process or the child process do
not affect the other process.
CLONE_FS
If CLONE_FS
is set,
the caller and the child process share the same file
system information. This includes the root of the file
system, the current working directory, and the umask.
Any call to chroot(2), chdir(2), or
umask(2) performed by
the calling process or the child process also affects
the other process.
If CLONE_FS
is not
set, the child process works on a copy of the file
system information of the calling process at the time
of the clone
() call.
Calls to chroot(2), chdir(2), umask(2) performed
later by one of the processes do not affect the other
process.
CLONE_IO
(since Linux
2.6.25)If CLONE_IO
is set,
then the new process shares an I/O context with the
calling process. If this flag is not set, then (as with
fork(2)) the new
process has its own I/O context.
The I/O context is the I/O scope of the disk
scheduler (i.e, what the I/O scheduler uses to model
scheduling of a process's I/O). If processes share the
same I/O context, they are treated as one by the I/O
scheduler. As a consequence, they get to share disk
time. For some I/O schedulers, if two processes share
an I/O context, they will be allowed to interleave
their disk access. If several threads are doing I/O on
behalf of the same process (aio_read(3), for
instance), they should employ CLONE_IO
to get better I/O
performance.
If the kernel is not configured with the
CONFIG_BLOCK
option, this
flag is a no-op.
CLONE_NEWIPC
(since Linux
2.6.19)If CLONE_NEWIPC
is
set, then create the process in a new IPC namespace. If
this flag is not set, then (as with fork(2)), the process
is created in the same IPC namespace as the calling
process. This flag is intended for the implementation
of containers.
An IPC namespace consists of the set of identifiers for System V IPC objects. (These objects are created using msgctl(2), semctl(2), and shmctl(2)). Objects created in an IPC namespace are visible to all other processes that are members of that namespace, but are not visible to processes in other IPC namespaces.
When an IPC namespace is destroyed (i.e, when the last process that is a member of the namespace terminates), all IPC objects in the namespace are automatically destroyed.
Use of this flag requires: a kernel configured with
the CONFIG_SYSVIPC
and
CONFIG_IPC_NS
options and
that the process be privileged (CAP_SYS_ADMIN
). This flag can't be
specified in conjunction with CLONE_SYSVSEM
.
CLONE_NEWNET
(since Linux
2.6.24)(The implementation of this flag is not yet complete, but probably will be mostly complete by about Linux 2.6.28.)
If CLONE_NEWNET
is
set, then create the process in a new network
namespace. If this flag is not set, then (as with
fork(2)), the process
is created in the same network namespace as the calling
process. This flag is intended for the implementation
of containers.
A network namespace provides an isolated view of the
networking stack (network device interfaces, IPv4 and
IPv6 protocol stacks, IP routing tables, firewall
rules, the /proc/net
and
/sys/class/net
directory
trees, sockets, etc.). A physical network device can
live in exactly one network namespace. A virtual
network device ("veth") pair provides a pipe-like
abstraction that can be used to create tunnels between
network namespaces, and can be used to create a bridge
to a physical network device in another namespace.
When a network namespace is freed (i.e., when the last process in the namespace terminates), its physical network devices are moved back to the initial network namespace (not to the parent of the process).
Use of this flag requires: a kernel configured with
the CONFIG_NET_NS
option
and that the process be privileged (CAP_SYS_ADMIN
).
CLONE_NEWNS
(since Linux
2.4.19)Start the child in a new mount namespace.
Every process lives in a mount namespace. The
namespace
of
a process is the data (the set of mounts) describing
the file hierarchy as seen by that process. After a
fork(2) or
clone
() where the
CLONE_NEWNS
flag is not
set, the child lives in the same mount namespace as the
parent. The system calls mount(2) and
umount(2) change the
mount namespace of the calling process, and hence
affect all processes that live in the same namespace,
but do not affect processes in a different mount
namespace.
After a clone
() where
the CLONE_NEWNS
flag is
set, the cloned child is started in a new mount
namespace, initialized with a copy of the namespace of
the parent.
Only a privileged process (one having the
CAP_SYS_ADMIN
capability)
may specify the CLONE_NEWNS
flag. It is not permitted
to specify both CLONE_NEWNS
and CLONE_FS
in the same clone
() call.
CLONE_NEWPID
(since Linux
2.6.24)If CLONE_NEWPID
is
set, then create the process in a new PID namespace. If
this flag is not set, then (as with fork(2)), the process
is created in the same PID namespace as the calling
process. This flag is intended for the implementation
of containers.
A PID namespace provides an isolated environment for PIDs: PIDs in a new namespace start at 1, somewhat like a standalone system, and calls to fork(2), vfork(2), or clone(2) will produce processes with PIDs that are unique within the namespace.
The first process created in a new namespace (i.e.,
the process created using the CLONE_NEWPID
flag) has the PID 1, and
is the "init" process for the namespace. Children that
are orphaned within the namespace will be reparented to
this process rather than init(8). Unlike the
traditional init
process, the
"init" process of a PID namespace can terminate, and if
it does, all of the processes in the namespace are
terminated.
PID namespaces form a hierarchy. When a new PID namespace is created, the processes in that namespace are visible in the PID namespace of the process that created the new namespace; analogously, if the parent PID namespace is itself the child of another PID namespace, then processes in the child and parent PID namespaces will both be visible in the grandparent PID namespace. Conversely, the processes in the "child" PID namespace do not see the processes in the parent namespace. The existence of a namespace hierarchy means that each process may now have multiple PIDs: one for each namespace in which it is visible; each of these PIDs is unique within the corresponding namespace. (A call to getpid(2) always returns the PID associated with the namespace in which the process lives.)
After creating the new namespace, it is useful for
the child to change its root directory and mount a new
procfs instance at /proc
so that tools such as ps(1) work correctly. (If
CLONE_NEWNS
is also
included in flags
, then it isn't
necessary to change the root directory: a new procfs
instance can be mounted directly over /proc
.)
Use of this flag requires: a kernel configured with
the CONFIG_PID_NS
option
and that the process be privileged (CAP_SYS_ADMIN
). This flag can't be
specified in conjunction with CLONE_THREAD
.
CLONE_NEWUTS
(since Linux
2.6.19)If CLONE_NEWUTS
is
set, then create the process in a new UTS namespace,
whose identifiers are initialized by duplicating the
identifiers from the UTS namespace of the calling
process. If this flag is not set, then (as with
fork(2)), the process
is created in the same UTS namespace as the calling
process. This flag is intended for the implementation
of containers.
A UTS namespace is the set of identifiers returned by uname(2); among these, the domain name and the host name can be modified by setdomainname(2) and sethostname(2), respectively. Changes made to the identifiers in a UTS namespace are visible to all other processes in the same namespace, but are not visible to processes in other UTS namespaces.
Use of this flag requires: a kernel configured with
the CONFIG_UTS_NS
option
and that the process be privileged (CAP_SYS_ADMIN
).
CLONE_PARENT
(since Linux
2.3.12)If CLONE_PARENT
is
set, then the parent of the new child (as returned by
getppid(2)) will be
the same as that of the calling process.
If CLONE_PARENT
is not
set, then (as with fork(2)) the child's
parent is the calling process.
Note that it is the parent process, as returned by
getppid(2), which is
signaled when the child terminates, so that if
CLONE_PARENT
is set, then
the parent of the calling process, rather than the
calling process itself, will be signaled.
CLONE_PARENT_SETTID
(since Linux
2.5.49)Store child thread ID at location ptid
in parent and
child memory. (In Linux 2.5.32-2.5.48 there was a flag
CLONE_SETTID
that did
this.)
CLONE_PID
(obsolete)If CLONE_PID
is set,
the child process is created with the same process ID
as the calling process. This is good for hacking the
system, but otherwise of not much use. Since 2.3.21
this flag can be specified only by the system boot
process (PID 0). It disappeared in Linux 2.5.16.
CLONE_PTRACE
If CLONE_PTRACE
is
specified, and the calling process is being traced,
then trace the child also (see ptrace(2)).
CLONE_SETTLS
(since Linux
2.5.32)The newtls
argument is the new TLS (Thread Local Storage)
descriptor. (See set_thread_area(2).)
CLONE_SIGHAND
If CLONE_SIGHAND
is
set, the calling process and the child process share
the same table of signal handlers. If the calling
process or child process calls sigaction(2) to
change the behavior associated with a signal, the
behavior is changed in the other process as well.
However, the calling process and child processes still
have distinct signal masks and sets of pending signals.
So, one of them may block or unblock some signals using
sigprocmask(2)
without affecting the other process.
If CLONE_SIGHAND
is
not set, the child process inherits a copy of the
signal handlers of the calling process at the time
clone
() is called. Calls
to sigaction(2)
performed later by one of the processes have no effect
on the other process.
Since Linux 2.6.0-test6, flags
must also include
CLONE_VM
if CLONE_SIGHAND
is specified
CLONE_STOPPED
(since Linux
2.6.0-test2)If CLONE_STOPPED
is
set, then the child is initially stopped (as though it
was sent a SIGSTOP
signal), and must be resumed by sending it a
SIGCONT
signal.
From Linux 2.6.25 this flag is deprecated. You probably never wanted to use it, you certainly shouldn't be using it, and soon it will go away.
CLONE_SYSVSEM
(since Linux
2.5.10)If CLONE_SYSVSEM
is
set, then the child and the calling process share a
single list of System V semaphore undo values (see
semop(2)). If this
flag is not set, then the child has a separate undo
list, which is initially empty.
CLONE_THREAD
(since Linux
2.4.0-test8)If CLONE_THREAD
is
set, the child is placed in the same thread group as
the calling process. To make the remainder of the
discussion of CLONE_THREAD
more readable, the term
"thread" is used to refer to the processes within a
thread group.
Thread groups were a feature added in Linux 2.4 to support the POSIX threads notion of a set of threads that share a single PID. Internally, this shared PID is the so-called thread group identifier (TGID) for the thread group. Since Linux 2.4, calls to getpid(2) return the TGID of the caller.
The threads within a group can be distinguished by
their (system-wide) unique thread IDs (TID). A new
thread's TID is available as the function result
returned to the caller of clone
(), and a thread can obtain its
own TID using gettid(2).
When a call is made to clone
() without specifying
CLONE_THREAD
, then the
resulting thread is placed in a new thread group whose
TGID is the same as the thread's TID. This thread is
the leader
of
the new thread group.
A new thread created with CLONE_THREAD
has the same parent
process as the caller of clone
() (i.e., like CLONE_PARENT
), so that calls to
getppid(2) return the
same value for all of the threads in a thread group.
When a CLONE_THREAD
thread terminates, the thread that created it using
clone
() is not sent a
SIGCHLD
(or other
termination) signal; nor can the status of such a
thread be obtained using wait(2). (The thread
is said to be detached
.)
After all of the threads in a thread group terminate
the parent process of the thread group is sent a
SIGCHLD
(or other
termination) signal.
If any of the threads in a thread group performs an execve(2), then all threads other than the thread group leader are terminated, and the new program is executed in the thread group leader.
If one of the threads in a thread group creates a child using fork(2), then any thread in the group can wait(2) for that child.
Since Linux 2.5.35, flags
must also include
CLONE_SIGHAND
if
CLONE_THREAD
is
specified.
Signals may be sent to a thread group as a whole (i.e., a TGID) using kill(2), or to a specific thread (i.e., TID) using tgkill(2).
Signal dispositions and actions are process-wide: if an unhandled signal is delivered to a thread, then it will affect (terminate, stop, continue, be ignored in) all members of the thread group.
Each thread has its own signal mask, as set by sigprocmask(2), but signals can be pending either: for the whole process (i.e., deliverable to any member of the thread group), when sent with kill(2); or for an individual thread, when sent with tgkill(2). A call to sigpending(2) returns a signal set that is the union of the signals pending for the whole process and the signals that are pending for the calling thread.
If kill(2) is used to send a signal to a thread group, and the thread group has installed a handler for the signal, then the handler will be invoked in exactly one, arbitrarily selected member of the thread group that has not blocked the signal. If multiple threads in a group are waiting to accept the same signal using sigwaitinfo(2), the kernel will arbitrarily select one of these threads to receive a signal sent using kill(2).
CLONE_UNTRACED
(since Linux
2.5.46)If CLONE_UNTRACED
is
specified, then a tracing process cannot force
CLONE_PTRACE
on this
child process.
CLONE_VFORK
If CLONE_VFORK
is set,
the execution of the calling process is suspended until
the child releases its virtual memory resources via a
call to execve(2) or
_exit(2) (as with
vfork(2)).
If CLONE_VFORK
is not
set then both the calling process and the child are
schedulable after the call, and an application should
not rely on execution occurring in any particular
order.
CLONE_VM
If CLONE_VM
is set,
the calling process and the child process run in the
same memory space. In particular, memory writes
performed by the calling process or by the child
process are also visible in the other process.
Moreover, any memory mapping or unmapping performed
with mmap(2) or munmap(2) by the
child or calling process also affects the other
process.
If CLONE_VM
is not
set, the child process runs in a separate copy of the
memory space of the calling process at the time of
clone
(). Memory writes or
file mappings/unmappings performed by one of the
processes do not affect the other, as with fork(2).
The sys_clone
system call corresponds more closely to fork(2) in that execution
in the child continues from the point of the call. Thus,
sys_clone
only
requires the flags
and child_stack
arguments, which have the same meaning as for clone
(). (Note that the order of these
arguments differs from clone
().)
Another difference for sys_clone
is that the
child_stack
argument may be zero, in which case copy-on-write semantics
ensure that the child gets separate copies of stack pages
when either process modifies the stack. In this case, for
correct operation, the CLONE_VM
option should not be
specified.
In Linux 2.4 and earlier, clone
() does not take arguments
ptid
, tls
, and ctid
.
On success, the thread ID of the child process is returned
in the caller's thread of execution. On failure, −1 is
returned in the caller's context, no child process will be
created, and errno
will be set
appropriately.
Too many processes are already running.
CLONE_SIGHAND
was
specified, but CLONE_VM
was not. (Since Linux 2.6.0-test6.)
CLONE_THREAD
was
specified, but CLONE_SIGHAND
was not. (Since Linux
2.5.35.)
Both CLONE_FS
and
CLONE_NEWNS
were
specified in flags
.
Both CLONE_NEWIPC
and
CLONE_SYSVSEM
were
specified in flags
.
Both CLONE_NEWPID
and
CLONE_THREAD
were
specified in flags
.
Returned by clone
()
when a zero value is specified for child_stack
.
CLONE_NEWIPC
was
specified in flags
, but the kernel was
not configured with the CONFIG_SYSVIPC
and CONFIG_IPC_NS
options.
CLONE_NEWNET
was
specified in flags
, but the kernel was
not configured with the CONFIG_NET_NS
option.
CLONE_NEWPID
was
specified in flags
, but the kernel was
not configured with the CONFIG_PID_NS
option.
CLONE_NEWUTS
was
specified in flags
, but the kernel was
not configured with the CONFIG_UTS
option.
Cannot allocate sufficient memory to allocate a task structure for the child, or to copy those parts of the caller's context that need to be copied.
CLONE_NEWIPC
,
CLONE_NEWNET
,
CLONE_NEWNS
, CLONE_NEWPID
, or CLONE_NEWUTS
was specified by an
unprivileged process (process without CAP_SYS_ADMIN
).
CLONE_PID
was
specified by a process other than process 0.
There is no entry for clone
() in libc5. glibc2 provides
clone
() as described in this
manual page.
The clone
() and sys_clone
calls are
Linux-specific and should not be used in programs intended to
be portable.
In the kernel 2.4.x series, CLONE_THREAD
generally does not make the
parent of the new thread the same as the parent of the
calling process. However, for kernel versions 2.4.7 to 2.4.18
the CLONE_THREAD
flag implied
the CLONE_PARENT
flag (as in
kernel 2.6).
For a while there was CLONE_DETACHED
(introduced in 2.5.32):
parent wants no child-exit signal. In 2.6.2 the need to give
this together with CLONE_THREAD
disappeared. This flag is still defined, but has no
effect.
On i386, clone
() should not
be called through vsyscall, but directly through int $0x80.
On ia64, a different system call is used:
int __clone2(
int (*fn) (
void *)
,void *child_stack_base, size_t stack_size, int flags, void *arg, ... /* pid_t *ptid, struct user_desc *tls, pid_t *ctid */ )
;
The __clone2
() system call
operates in the same way as clone
(), except that child_stack_base
points to
the lowest address of the child's stack area, and stack_size
specifies the size
of the stack pointed to by child_stack_base
.
Versions of the GNU C library that include the NPTL
threading library contain a wrapper function for getpid(2) that performs
caching of PIDs. This caching relies on support in the glibc
wrapper for clone
(), but as
currently implemented, the cache may not be up to date in
some circumstances. In particular, if a signal is delivered
to the child immediately after the clone
() call, then a call to getpid
() in a handler for the signal may
return the PID of the calling process ("the parent"), if the
clone wrapper has not yet had a chance to update the PID
cache in the child. (This discussion ignores the case where
the child was created using CLONE_THREAD
, when getpid
() should
return the same value
in the child and in the process that called clone
(), since the caller and the child are
in the same thread group. The stale-cache problem also does
not occur if the flags
argument includes
CLONE_VM
.) To get the truth, it
may be necessary to use code such as the following:
#include <syscall.h> pid_t mypid; mypid = syscall(SYS_getpid);
fork(2), futex(2), getpid(2), gettid(2), set_thread_area(2), set_tid_address(2), tkill(2), unshare(2), wait(2), capabilities(7), pthreads(7)
This page is part of release 3.24 of the Linux man-pages
project. A
description of the project, and information about reporting
bugs, can be found at
http://www.kernel.org/doc/man-pages/.
Copyright (c) 1992 Drew Eckhardt <drewcs.colorado.edu>, March 28, 1992 and Copyright (c) Michael Kerrisk, 2001, 2002, 2005 May be distributed under the GNU General Public License. Modified by Michael Haardt <michaelmoria.de> Modified 24 Jul 1993 by Rik Faith <faithcs.unc.edu> Modified 21 Aug 1994 by Michael Chastain <mecshell.portal.com>: New man page (copied from 'fork.2'). Modified 10 June 1995 by Andries Brouwer <aebcwi.nl> Modified 25 April 1998 by Xavier Leroy <Xavier.Leroyinria.fr> Modified 26 Jun 2001 by Michael Kerrisk Mostly upgraded to 2.4.x Added prototype for sys_clone() plus description Added CLONE_THREAD with a brief description of thread groups Added CLONE_PARENT and revised entire page remove ambiguity between "calling process" and "parent process" Added CLONE_PTRACE and CLONE_VFORK Added EPERM and EINVAL error codes Renamed "__clone" to "clone" (which is the prototype in <sched.h>) various other minor tidy ups and clarifications. Modified 26 Jun 2001 by Michael Kerrisk <mtk.manpagesgmail.com> Updated notes for 2.4.7+ behavior of CLONE_THREAD Modified 15 Oct 2002 by Michael Kerrisk <mtk.manpagesgmail.com> Added description for CLONE_NEWNS, which was added in 2.4.19 Slightly rephrased, aeb. Modified 1 Feb 2003 - added CLONE_SIGHAND restriction, aeb. Modified 1 Jan 2004 - various updates, aeb Modified 2004-09-10 - added CLONE_PARENT_SETTID etc. - aeb. 2005-04-12, mtk, noted the PID caching behavior of NPTL's getpid() wrapper under BUGS. 2005-05-10, mtk, added CLONE_SYSVSEM, CLONE_UNTRACED, CLONE_STOPPED. 2005-05-17, mtk, Substantially enhanced discussion of CLONE_THREAD. 2008-11-18, mtk, order CLONE_* flags alphabetically 2008-11-18, mtk, document CLONE_NEWPID 2008-11-19, mtk, document CLONE_NEWUTS 2008-11-19, mtk, document CLONE_NEWIPC 2008-11-19, Jens Axboe, mtk, document CLONE_IO FIXME Document CLONE_NEWUSER, which is new in 2.6.23 (also supported for unshare()?) FIXME . 2.6.25 marks the unused CLONE_STOPPED as obsolete, and it will probably be removed in the future. |