clone, __clone2 — create a child process
#define _GNU_SOURCE /* See feature_test_macros(7) */ #include <sched.h>
| int
            clone( | int (*fn) (void
            *), | 
| void *child_stack, | |
| int flags, | |
| void *arg, | |
| ... /* pid_t *ptid, struct
            user_desc *tls, pid_t *ctid
            */ ); | 
clone() creates a new
      process, in a manner similar to fork(2). It is actually a
      library function layered on top of the underlying
      clone() system call,
      hereinafter referred to as sys_clone. A description of
      sys_clone is given
      toward the end of this page.
Unlike fork(2), these calls allow
      the child process to share parts of its execution context
      with the calling process, such as the memory space, the table
      of file descriptors, and the table of signal handlers. (Note
      that on this manual page, "calling process" normally
      corresponds to "parent process". But see the description of
      CLONE_PARENT below.)
The main use of clone() is
      to implement threads: multiple threads of control in a
      program that run concurrently in a shared memory space.
When the child process is created with clone(), it executes the function
      application fn(arg). (This differs from
      fork(2), where execution
      continues in the child from the point of the fork(2) call.) The
      fn argument is a
      pointer to a function that is called by the child process at
      the beginning of its execution. The arg argument is passed to the
      fn function.
When the fn(arg) function application
      returns, the child process terminates. The integer returned
      by fn is the exit
      code for the child process. The child process may also
      terminate explicitly by calling exit(2) or after receiving
      a fatal signal.
The child_stack
      argument specifies the location of the stack used by the
      child process. Since the child and calling process may share
      memory, it is not possible for the child process to execute
      in the same stack as the calling process. The calling process
      must therefore set up memory space for the child stack and
      pass a pointer to this space to clone(). Stacks grow downward on all
      processors that run Linux (except the HP PA processors), so
      child_stack usually
      points to the topmost address of the memory space set up for
      the child stack.
The low byte of flags contains the number of
      the termination signal
      sent to the parent when the child dies. If this signal is
      specified as anything other than SIGCHLD, then the parent process must
      specify the __WALL or
      __WCLONE options when waiting
      for the child with wait(2). If no signal is
      specified, then the parent process is not signaled when the
      child terminates.
flags may also be
      bitwise-or'ed with zero or more of the following constants,
      in order to specify what is shared between the calling
      process and the child process:
CLONE_CHILD_CLEARTID (since Linux
          2.5.49)Erase child thread ID at location ctid in child memory
            when the child exits, and do a wakeup on the futex at
            that address. The address involved may be changed by
            the set_tid_address(2)
            system call. This is used by threading libraries.
CLONE_CHILD_SETTID (since Linux
          2.5.49)Store child thread ID at location ctid in child
            memory.
CLONE_FILESIf CLONE_FILES is set,
            the calling process and the child process share the
            same file descriptor table. Any file descriptor created
            by the calling process or by the child process is also
            valid in the other process. Similarly, if one of the
            processes closes a file descriptor, or changes its
            associated flags (using the fcntl(2) F_SETFD operation), the other process
            is also affected.
If CLONE_FILES is not
            set, the child process inherits a copy of all file
            descriptors opened in the calling process at the time
            of clone(). (The
            duplicated file descriptors in the child refer to the
            same open file descriptions (see open(2)) as the
            corresponding file descriptors in the calling process.)
            Subsequent operations that open or close file
            descriptors, or change file descriptor flags, performed
            by either the calling process or the child process do
            not affect the other process.
CLONE_FSIf CLONE_FS is set,
            the caller and the child process share the same file
            system information. This includes the root of the file
            system, the current working directory, and the umask.
            Any call to chroot(2), chdir(2), or
            umask(2) performed by
            the calling process or the child process also affects
            the other process.
If CLONE_FS is not
            set, the child process works on a copy of the file
            system information of the calling process at the time
            of the clone() call.
            Calls to chroot(2), chdir(2), umask(2) performed
            later by one of the processes do not affect the other
            process.
CLONE_IO (since Linux
          2.6.25)If CLONE_IO is set,
            then the new process shares an I/O context with the
            calling process. If this flag is not set, then (as with
            fork(2)) the new
            process has its own I/O context.
The I/O context is the I/O scope of the disk
            scheduler (i.e, what the I/O scheduler uses to model
            scheduling of a process's I/O). If processes share the
            same I/O context, they are treated as one by the I/O
            scheduler. As a consequence, they get to share disk
            time. For some I/O schedulers, if two processes share
            an I/O context, they will be allowed to interleave
            their disk access. If several threads are doing I/O on
            behalf of the same process (aio_read(3), for
            instance), they should employ CLONE_IO to get better I/O
            performance.
If the kernel is not configured with the
            CONFIG_BLOCK option, this
            flag is a no-op.
CLONE_NEWIPC (since Linux
          2.6.19)If CLONE_NEWIPC is
            set, then create the process in a new IPC namespace. If
            this flag is not set, then (as with fork(2)), the process
            is created in the same IPC namespace as the calling
            process. This flag is intended for the implementation
            of containers.
An IPC namespace consists of the set of identifiers for System V IPC objects. (These objects are created using msgctl(2), semctl(2), and shmctl(2)). Objects created in an IPC namespace are visible to all other processes that are members of that namespace, but are not visible to processes in other IPC namespaces.
When an IPC namespace is destroyed (i.e, when the last process that is a member of the namespace terminates), all IPC objects in the namespace are automatically destroyed.
Use of this flag requires: a kernel configured with
            the CONFIG_SYSVIPC and
            CONFIG_IPC_NS options and
            that the process be privileged (CAP_SYS_ADMIN). This flag can't be
            specified in conjunction with CLONE_SYSVSEM.
CLONE_NEWNET (since Linux
          2.6.24)(The implementation of this flag was only completed by about kernel version 2.6.29.)
If CLONE_NEWNET is
            set, then create the process in a new network
            namespace. If this flag is not set, then (as with
            fork(2)), the process
            is created in the same network namespace as the calling
            process. This flag is intended for the implementation
            of containers.
A network namespace provides an isolated view of the
            networking stack (network device interfaces, IPv4 and
            IPv6 protocol stacks, IP routing tables, firewall
            rules, the /proc/net and
            /sys/class/net directory
            trees, sockets, etc.). A physical network device can
            live in exactly one network namespace. A virtual
            network device ("veth") pair provides a pipe-like
            abstraction that can be used to create tunnels between
            network namespaces, and can be used to create a bridge
            to a physical network device in another namespace.
When a network namespace is freed (i.e., when the last process in the namespace terminates), its physical network devices are moved back to the initial network namespace (not to the parent of the process).
Use of this flag requires: a kernel configured with
            the CONFIG_NET_NS option
            and that the process be privileged (CAP_SYS_ADMIN).
CLONE_NEWNS (since Linux
          2.4.19)Start the child in a new mount namespace.
Every process lives in a mount namespace. The
            namespace of
            a process is the data (the set of mounts) describing
            the file hierarchy as seen by that process. After a
            fork(2) or
            clone() where the
            CLONE_NEWNS flag is not
            set, the child lives in the same mount namespace as the
            parent. The system calls mount(2) and
            umount(2) change the
            mount namespace of the calling process, and hence
            affect all processes that live in the same namespace,
            but do not affect processes in a different mount
            namespace.
After a clone() where
            the CLONE_NEWNS flag is
            set, the cloned child is started in a new mount
            namespace, initialized with a copy of the namespace of
            the parent.
Only a privileged process (one having the
            CAP_SYS_ADMIN capability)
            may specify the CLONE_NEWNS flag. It is not permitted
            to specify both CLONE_NEWNS and CLONE_FS in the same clone() call.
CLONE_NEWPID (since Linux
          2.6.24)If CLONE_NEWPID is
            set, then create the process in a new PID namespace. If
            this flag is not set, then (as with fork(2)), the process
            is created in the same PID namespace as the calling
            process. This flag is intended for the implementation
            of containers.
A PID namespace provides an isolated environment for
            PIDs: PIDs in a new namespace start at 1, somewhat like
            a standalone system, and calls to fork(2), vfork(2), or
            clone() will produce
            processes with PIDs that are unique within the
            namespace.
The first process created in a new namespace (i.e.,
            the process created using the CLONE_NEWPID flag) has the PID 1, and
            is the "init" process for the namespace. Children that
            are orphaned within the namespace will be reparented to
            this process rather than init(8). Unlike the
            traditional init process, the
            "init" process of a PID namespace can terminate, and if
            it does, all of the processes in the namespace are
            terminated.
PID namespaces form a hierarchy. When a new PID namespace is created, the processes in that namespace are visible in the PID namespace of the process that created the new namespace; analogously, if the parent PID namespace is itself the child of another PID namespace, then processes in the child and parent PID namespaces will both be visible in the grandparent PID namespace. Conversely, the processes in the "child" PID namespace do not see the processes in the parent namespace. The existence of a namespace hierarchy means that each process may now have multiple PIDs: one for each namespace in which it is visible; each of these PIDs is unique within the corresponding namespace. (A call to getpid(2) always returns the PID associated with the namespace in which the process lives.)
After creating the new namespace, it is useful for
            the child to change its root directory and mount a new
            procfs instance at /proc
            so that tools such as ps(1) work correctly. (If
            CLONE_NEWNS is also
            included in flags, then it isn't
            necessary to change the root directory: a new procfs
            instance can be mounted directly over /proc.)
Use of this flag requires: a kernel configured with
            the CONFIG_PID_NS option
            and that the process be privileged (CAP_SYS_ADMIN). This flag can't be
            specified in conjunction with CLONE_THREAD.
CLONE_NEWUTS (since Linux
          2.6.19)If CLONE_NEWUTS is
            set, then create the process in a new UTS namespace,
            whose identifiers are initialized by duplicating the
            identifiers from the UTS namespace of the calling
            process. If this flag is not set, then (as with
            fork(2)), the process
            is created in the same UTS namespace as the calling
            process. This flag is intended for the implementation
            of containers.
A UTS namespace is the set of identifiers returned by uname(2); among these, the domain name and the host name can be modified by setdomainname(2) and sethostname(2), respectively. Changes made to the identifiers in a UTS namespace are visible to all other processes in the same namespace, but are not visible to processes in other UTS namespaces.
Use of this flag requires: a kernel configured with
            the CONFIG_UTS_NS option
            and that the process be privileged (CAP_SYS_ADMIN).
CLONE_PARENT (since Linux
          2.3.12)If CLONE_PARENT is
            set, then the parent of the new child (as returned by
            getppid(2)) will be
            the same as that of the calling process.
If CLONE_PARENT is not
            set, then (as with fork(2)) the child's
            parent is the calling process.
Note that it is the parent process, as returned by
            getppid(2), which is
            signaled when the child terminates, so that if
            CLONE_PARENT is set, then
            the parent of the calling process, rather than the
            calling process itself, will be signaled.
CLONE_PARENT_SETTID (since Linux
          2.5.49)Store child thread ID at location ptid in parent and
            child memory. (In Linux 2.5.32-2.5.48 there was a flag
            CLONE_SETTID that did
            this.)
CLONE_PID (obsolete)If CLONE_PID is set,
            the child process is created with the same process ID
            as the calling process. This is good for hacking the
            system, but otherwise of not much use. Since 2.3.21
            this flag can be specified only by the system boot
            process (PID 0). It disappeared in Linux 2.5.16.
CLONE_PTRACEIf CLONE_PTRACE is
            specified, and the calling process is being traced,
            then trace the child also (see ptrace(2)).
CLONE_SETTLS (since Linux
          2.5.32)The newtls
            argument is the new TLS (Thread Local Storage)
            descriptor. (See set_thread_area(2).)
CLONE_SIGHANDIf CLONE_SIGHAND is
            set, the calling process and the child process share
            the same table of signal handlers. If the calling
            process or child process calls sigaction(2) to
            change the behavior associated with a signal, the
            behavior is changed in the other process as well.
            However, the calling process and child processes still
            have distinct signal masks and sets of pending signals.
            So, one of them may block or unblock some signals using
            sigprocmask(2)
            without affecting the other process.
If CLONE_SIGHAND is
            not set, the child process inherits a copy of the
            signal handlers of the calling process at the time
            clone() is called. Calls
            to sigaction(2)
            performed later by one of the processes have no effect
            on the other process.
Since Linux 2.6.0-test6, flags must also include
            CLONE_VM if CLONE_SIGHAND is specified
CLONE_STOPPED (since Linux
          2.6.0-test2)If CLONE_STOPPED is
            set, then the child is initially stopped (as though it
            was sent a SIGSTOP
            signal), and must be resumed by sending it a
            SIGCONT signal.
This flag was deprecated from Linux
            2.6.25 onward, and was removed altogether in
            Linux 2.6.38.
CLONE_SYSVSEM (since Linux
          2.5.10)If CLONE_SYSVSEM is
            set, then the child and the calling process share a
            single list of System V semaphore undo values (see
            semop(2)). If this
            flag is not set, then the child has a separate undo
            list, which is initially empty.
CLONE_THREAD (since Linux
          2.4.0-test8)If CLONE_THREAD is
            set, the child is placed in the same thread group as
            the calling process. To make the remainder of the
            discussion of CLONE_THREAD more readable, the term
            "thread" is used to refer to the processes within a
            thread group.
Thread groups were a feature added in Linux 2.4 to support the POSIX threads notion of a set of threads that share a single PID. Internally, this shared PID is the so-called thread group identifier (TGID) for the thread group. Since Linux 2.4, calls to getpid(2) return the TGID of the caller.
The threads within a group can be distinguished by
            their (system-wide) unique thread IDs (TID). A new
            thread's TID is available as the function result
            returned to the caller of clone(), and a thread can obtain its
            own TID using gettid(2).
When a call is made to clone() without specifying
            CLONE_THREAD, then the
            resulting thread is placed in a new thread group whose
            TGID is the same as the thread's TID. This thread is
            the leader of
            the new thread group.
A new thread created with CLONE_THREAD has the same parent
            process as the caller of clone() (i.e., like CLONE_PARENT), so that calls to
            getppid(2) return the
            same value for all of the threads in a thread group.
            When a CLONE_THREAD
            thread terminates, the thread that created it using
            clone() is not sent a
            SIGCHLD (or other
            termination) signal; nor can the status of such a
            thread be obtained using wait(2). (The thread
            is said to be detached.)
After all of the threads in a thread group terminate
            the parent process of the thread group is sent a
            SIGCHLD (or other
            termination) signal.
If any of the threads in a thread group performs an execve(2), then all threads other than the thread group leader are terminated, and the new program is executed in the thread group leader.
If one of the threads in a thread group creates a child using fork(2), then any thread in the group can wait(2) for that child.
Since Linux 2.5.35, flags must also include
            CLONE_SIGHAND if
            CLONE_THREAD is
            specified.
Signals may be sent to a thread group as a whole (i.e., a TGID) using kill(2), or to a specific thread (i.e., TID) using tgkill(2).
Signal dispositions and actions are process-wide: if an unhandled signal is delivered to a thread, then it will affect (terminate, stop, continue, be ignored in) all members of the thread group.
Each thread has its own signal mask, as set by sigprocmask(2), but signals can be pending either: for the whole process (i.e., deliverable to any member of the thread group), when sent with kill(2); or for an individual thread, when sent with tgkill(2). A call to sigpending(2) returns a signal set that is the union of the signals pending for the whole process and the signals that are pending for the calling thread.
If kill(2) is used to send a signal to a thread group, and the thread group has installed a handler for the signal, then the handler will be invoked in exactly one, arbitrarily selected member of the thread group that has not blocked the signal. If multiple threads in a group are waiting to accept the same signal using sigwaitinfo(2), the kernel will arbitrarily select one of these threads to receive a signal sent using kill(2).
CLONE_UNTRACED (since Linux
          2.5.46)If CLONE_UNTRACED is
            specified, then a tracing process cannot force
            CLONE_PTRACE on this
            child process.
CLONE_VFORKIf CLONE_VFORK is set,
            the execution of the calling process is suspended until
            the child releases its virtual memory resources via a
            call to execve(2) or
            _exit(2) (as with
            vfork(2)).
If CLONE_VFORK is not
            set then both the calling process and the child are
            schedulable after the call, and an application should
            not rely on execution occurring in any particular
            order.
CLONE_VMIf CLONE_VM is set,
            the calling process and the child process run in the
            same memory space. In particular, memory writes
            performed by the calling process or by the child
            process are also visible in the other process.
            Moreover, any memory mapping or unmapping performed
            with mmap(2) or munmap(2) by the
            child or calling process also affects the other
            process.
If CLONE_VM is not
            set, the child process runs in a separate copy of the
            memory space of the calling process at the time of
            clone(). Memory writes or
            file mappings/unmappings performed by one of the
            processes do not affect the other, as with fork(2).
The sys_clone
        system call corresponds more closely to fork(2) in that execution
        in the child continues from the point of the call. As such,
        the fn and
        arg arguments of
        the clone() wrapper function
        are omitted. Furthermore, the argument order changes. The
        raw system call interface is roughly:
long clone(unsigned long flags,void *child_stack,void *ptid,void *ctid,struct pt_regs *regs);
Another difference for sys_clone is that the
        child_stack
        argument may be zero, in which case copy-on-write semantics
        ensure that the child gets separate copies of stack pages
        when either process modifies the stack. In this case, for
        correct operation, the CLONE_VM option should not be
        specified.
On success, the thread ID of the child process is returned
      in the caller's thread of execution. On failure, −1 is
      returned in the caller's context, no child process will be
      created, and errno will be set
      appropriately.
Too many processes are already running.
CLONE_SIGHAND was
            specified, but CLONE_VM
            was not. (Since Linux 2.6.0-test6.)
CLONE_THREAD was
            specified, but CLONE_SIGHAND was not. (Since Linux
            2.5.35.)
Both CLONE_FS and
            CLONE_NEWNS were
            specified in flags.
Both CLONE_NEWIPC and
            CLONE_SYSVSEM were
            specified in flags.
Both CLONE_NEWPID and
            CLONE_THREAD were
            specified in flags.
Returned by clone()
            when a zero value is specified for child_stack.
CLONE_NEWIPC was
            specified in flags, but the kernel was
            not configured with the CONFIG_SYSVIPC and CONFIG_IPC_NS options.
CLONE_NEWNET was
            specified in flags, but the kernel was
            not configured with the CONFIG_NET_NS option.
CLONE_NEWPID was
            specified in flags, but the kernel was
            not configured with the CONFIG_PID_NS option.
CLONE_NEWUTS was
            specified in flags, but the kernel was
            not configured with the CONFIG_UTS option.
Cannot allocate sufficient memory to allocate a task structure for the child, or to copy those parts of the caller's context that need to be copied.
CLONE_NEWIPC,
            CLONE_NEWNET,
            CLONE_NEWNS, CLONE_NEWPID, or CLONE_NEWUTS was specified by an
            unprivileged process (process without CAP_SYS_ADMIN).
CLONE_PID was
            specified by a process other than process 0.
There is no entry for clone() in libc5. glibc2 provides
      clone() as described in this
      manual page.
The clone() and sys_clone calls are
      Linux-specific and should not be used in programs intended to
      be portable.
In the kernel 2.4.x series, CLONE_THREAD generally does not make the
      parent of the new thread the same as the parent of the
      calling process. However, for kernel versions 2.4.7 to 2.4.18
      the CLONE_THREAD flag implied
      the CLONE_PARENT flag (as in
      kernel 2.6).
For a while there was CLONE_DETACHED (introduced in 2.5.32):
      parent wants no child-exit signal. In 2.6.2 the need to give
      this together with CLONE_THREAD
      disappeared. This flag is still defined, but has no
      effect.
On i386, clone() should not
      be called through vsyscall, but directly through int $0x80.
On ia64, a different system call is used:
int __clone2(int (*fn) (void *),void *child_stack_base, size_t stack_size, int flags, void *arg, ... /* pid_t *ptid, struct user_desc *tls, pid_t *ctid */ );
The __clone2() system call
      operates in the same way as clone(), except that child_stack_base points to
      the lowest address of the child's stack area, and stack_size specifies the size
      of the stack pointed to by child_stack_base.
Versions of the GNU C library that include the NPTL
      threading library contain a wrapper function for getpid(2) that performs
      caching of PIDs. This caching relies on support in the glibc
      wrapper for clone(), but as
      currently implemented, the cache may not be up to date in
      some circumstances. In particular, if a signal is delivered
      to the child immediately after the clone() call, then a call to getpid(2) in a handler for
      the signal may return the PID of the calling process ("the
      parent"), if the clone wrapper has not yet had a chance to
      update the PID cache in the child. (This discussion ignores
      the case where the child was created using CLONE_THREAD, when getpid(2) should return the same value
      in the child and in the process that called clone(), since the caller and the child are
      in the same thread group. The stale-cache problem also does
      not occur if the flags argument includes
      CLONE_VM.) To get the truth, it
      may be necessary to use code such as the following:
    #include <syscall.h>
    pid_t mypid;
    mypid = syscall(SYS_getpid);
      fork(2), futex(2), getpid(2), gettid(2), set_thread_area(2), set_tid_address(2), tkill(2), unshare(2), wait(2), capabilities(7), pthreads(7)
This page is part of release 3.42 of the Linux man-pages project. A
      description of the project, and information about reporting
      bugs, can be found at
      http://www.kernel.org/doc/man-pages/.
| Copyright (c) 1992 Drew Eckhardt <drewcs.colorado.edu>, March 28, 1992 and Copyright (c) Michael Kerrisk, 2001, 2002, 2005 May be distributed under the GNU General Public License. Modified by Michael Haardt <michaelmoria.de> Modified 24 Jul 1993 by Rik Faith <faithcs.unc.edu> Modified 21 Aug 1994 by Michael Chastain <mecshell.portal.com>: New man page (copied from 'fork.2'). Modified 10 June 1995 by Andries Brouwer <aebcwi.nl> Modified 25 April 1998 by Xavier Leroy <Xavier.Leroyinria.fr> Modified 26 Jun 2001 by Michael Kerrisk Mostly upgraded to 2.4.x Added prototype for sys_clone() plus description Added CLONE_THREAD with a brief description of thread groups Added CLONE_PARENT and revised entire page remove ambiguity between "calling process" and "parent process" Added CLONE_PTRACE and CLONE_VFORK Added EPERM and EINVAL error codes Renamed "__clone" to "clone" (which is the prototype in <sched.h>) various other minor tidy ups and clarifications. Modified 26 Jun 2001 by Michael Kerrisk <mtk.manpagesgmail.com> Updated notes for 2.4.7+ behavior of CLONE_THREAD Modified 15 Oct 2002 by Michael Kerrisk <mtk.manpagesgmail.com> Added description for CLONE_NEWNS, which was added in 2.4.19 Slightly rephrased, aeb. Modified 1 Feb 2003 - added CLONE_SIGHAND restriction, aeb. Modified 1 Jan 2004 - various updates, aeb Modified 2004-09-10 - added CLONE_PARENT_SETTID etc. - aeb. 2005-04-12, mtk, noted the PID caching behavior of NPTL's getpid() wrapper under BUGS. 2005-05-10, mtk, added CLONE_SYSVSEM, CLONE_UNTRACED, CLONE_STOPPED. 2005-05-17, mtk, Substantially enhanced discussion of CLONE_THREAD. 2008-11-18, mtk, order CLONE_* flags alphabetically 2008-11-18, mtk, document CLONE_NEWPID 2008-11-19, mtk, document CLONE_NEWUTS 2008-11-19, mtk, document CLONE_NEWIPC 2008-11-19, Jens Axboe, mtk, document CLONE_IO FIXME Document CLONE_NEWUSER, which is new in 2.6.23 (also supported for unshare()?) |