[ViewVC] Contents of: cvs/Linux-Clone/README

NAME
    Linux::Clone - an interface to the linux clone, unshare, setns,
    pivot_root and kcmp syscalls

SYNOPSIS
     use Linux::Clone;

DESCRIPTION
    This module exposes the linux clone(2), unshare(2) and related syscalls
    to Perl.

    $retval = unshare $flags
        The following CLONE_ flag values (without CLONE_ prefix) are
        supported for unshare, if found, in this release. See the
        documentation for unshare(2) for more info on what they do:

           Linux::Clone::FILES
           Linux::Clone::FS
           Linux::Clone::NEWNS   (in unshare, implies FS)
           Linux::Clone::VM      (in unshare, implies SIGHAND)
           Linux::Clone::THREAD  (in unshare, implies VM, SIGHAND)
           Linux::Clone::SIGHAND
           Linux::Clone::SYSVSEM
           Linux::Clone::NEWUSER (in unshare, implies CLONE_THREAD)
           Linux::Clone::NEWPID
           Linux::Clone::NEWUTS
           Linux::Clone::NEWIPC
           Linux::Clone::NEWNET
           Linux::Clone::NEWCGROUP

        Example: unshare the network namespace and prove that by calling
        ifconfig, showing only an unconfigured lo interface.

           Linux::Clone::unshare Linux::Clone::NEWNET
              and "unshare: $!";
           system "ifconfig -a";

        Example: unshare the network namespace, initialise the loopback
        interface, create a veth interface pair, put one interface into the
        parent processes namespace (use ifconfig -a from another shell),
        configure the other interface with 192.168.99.2 -> 192.168.99.1 and
        start a shell.

           use Linux::Clone;

           # unshare our network namespace
           Linux::Clone::unshare Linux::Clone::NEWNET
             and "unshare: $!";

           my $ppid = getppid;

           system "
              # configure loopback interface
              ip link set lo up
              ip route add 127.0.0.0/8 dev lo

              # create veth pair
              ip link add name veth_master type veth peer name veth_slave

              # move veth_master to our parent process' namespace
              ip link set veth_master netns $ppid

              # configure the local interface
              ip link set veth_slave up
              ip addr add 192.168.99.2/32 dev veth_slave
              ip route add 192.168.99.1/32 dev veth_slave
           ";

           print <<EOF;
           say hi to your new network namespace, use exit to return.

           try this from another shell to get networking up:

           ip link set veth_master up
           ip addr add 192.168.99.1/32 dev veth_master
           ip route add 192.168.99.2/32 dev veth_master

           EOF
           system "bash";

        Example: unshare the filesystem namespace and make a confusing bind
        mount only visible to the current process.

           use Linux::Clone;

           Linux::Clone::unshare Linux::Clone::NEWNS
              and die "unshare: $!";

           # now bind-mount /lib over /etc and ls -l /etc - scary
           system "mount -n --bind /lib /etc";
           system "ls -l /etc";

    $retval = Linux::Clone::clone $coderef, $stacksize, $flags[, $ptid,
    $tls, $ctid]
        Clones a new process as specified via $flags and calls $coderef
        without any arguments (a closure might help you if you need to pass
        arguments without global variables). The return value from coderef
        is returned to the system.

        The $stacksize specifies how large a stack to allocate for the
        child. If it is 0, then a default stack size (currently 4MB) will be
        allocated. There is currently no way to free this area again in the
        child.

        $ptid, if specified, will receive the thread id, $tls, if specified,
        must contain a "struct user_desc" and $ctid is currently totally
        unsupported and must not be specified.

        Since this call basically bypasses both perl and your libc (for
        example, $$ might reflect the parent *or* child pid in the child),
        you need to be very careful when using this call, which means you
        should probably have a very good understanding of perl memory
        management and how fork and clone work.

        The following flags are supported for clone, in addition to all
        flags supported by "unshare", above, and a signal number. When in
        doubt, refer to the clone(2) manual page.

           Linux::Clone::PTRACE
           Linux::Clone::VFORK
           Linux::Clone::SETTLS         (not yet implemented)
           Linux::Clone::PARENT_SETTID  (not yet implemented)
           Linux::Clone::CHILD_SETTID   (not yet implemented)
           Linux::Clone::CHILD_CLEARTID (not yet implemented)
           Linux::Clone::DETACHED
           Linux::Clone::UNTRACED
           Linux::Clone::IO

        Note that for practical reasons you basically must not use
        "Linux::Clone::VM" or "Linux::Clone::VFORK", as perl is unlikely to
        cope with that.

        This is the glibc clone call, it cannot be used to emulate fork.

        Example: do a fork-like clone, sharing nothing, slightly confusing
        perl and your libc, and exit immediately.

           my $pid = Linux::Clone::clone sub { warn "in child"; 77 }, 0, POSIX::SIGCHLD;

    Linux::Clone::setns $fh_or_fd[, $nstype]
        Calls setns(2) on the file descriptor (or file handle) $fh_or_fd. If
        $nstype is missing, then 0 is used.

        The argument $nstype can be 0, "Linux::Clone::NEWIPC",
        "Linux::Clone::NEWNET", "Linux::Clone::NEUTS",
        "Linux::Clone::NEWCGROUP", "Linux::Clone::NEWNS",
        "Linux::Clone::NEWPID" or "Linux::Clone::NEWUSER".

    Linux::Clone::pivot_root $new_root, $old_root
        Calls pivot_root(2) - refer to its manpage for details.

    Linux::Clone::kcmp $pid1, $pid2, $type[, $idx1, $idx2]
        Calls kcmp(2) - refer to its manpage for details on operations.

        The following $type constants are available if the kcmp syscall
        number was available during compilation:

        "Linux::Clone::KCMP_FILE", "Linux::Clone::KCMP_VM",
        "Linux::Clone::KCMP_FILES", "Linux::Clone::KCMP_FS",
        "Linux::Clone::KCMP_SIGHAND", "Linux::Clone::KCMP_IO" and
        "Linux::Clone::KCMP_SYSVSEM".

AUTHOR
     Marc Lehmann <schmorp@schmorp.de>
     http://home.schmorp.de/

Revision:	1.3
Committed:	Thu Nov 2 07:31:16 2017 UTC (6 years, 6 months ago) by root
Branch:	MAIN
CVS Tags:	rel-1_1, rel-1_2
Changes since 1.2:	+20 -7 lines
Log Message:	1.1
#	Content
1	NAME
2	Linux::Clone - an interface to the linux clone, unshare, setns,
3	pivot_root and kcmp syscalls
4
5	SYNOPSIS
6	use Linux::Clone;
7
8	DESCRIPTION
9	This module exposes the linux clone(2), unshare(2) and related syscalls
10	to Perl.
11
12	$retval = unshare $flags
13	The following CLONE_ flag values (without CLONE_ prefix) are
14	supported for unshare, if found, in this release. See the
15	documentation for unshare(2) for more info on what they do:
16
17	Linux::Clone::FILES
18	Linux::Clone::FS
19	Linux::Clone::NEWNS (in unshare, implies FS)
20	Linux::Clone::VM (in unshare, implies SIGHAND)
21	Linux::Clone::THREAD (in unshare, implies VM, SIGHAND)
22	Linux::Clone::SIGHAND
23	Linux::Clone::SYSVSEM
24	Linux::Clone::NEWUSER (in unshare, implies CLONE_THREAD)
25	Linux::Clone::NEWPID
26	Linux::Clone::NEWUTS
27	Linux::Clone::NEWIPC
28	Linux::Clone::NEWNET
29	Linux::Clone::NEWCGROUP
30
31	Example: unshare the network namespace and prove that by calling
32	ifconfig, showing only an unconfigured lo interface.
33
34	Linux::Clone::unshare Linux::Clone::NEWNET
35	and "unshare: $!";
36	system "ifconfig -a";
37
38	Example: unshare the network namespace, initialise the loopback
39	interface, create a veth interface pair, put one interface into the
40	parent processes namespace (use ifconfig -a from another shell),
41	configure the other interface with 192.168.99.2 -> 192.168.99.1 and
42	start a shell.
43
44	use Linux::Clone;
45
46	# unshare our network namespace
47	Linux::Clone::unshare Linux::Clone::NEWNET
48	and "unshare: $!";
49
50	my $ppid = getppid;
51
52	system "
53	# configure loopback interface
54	ip link set lo up
55	ip route add 127.0.0.0/8 dev lo
56
57	# create veth pair
58	ip link add name veth_master type veth peer name veth_slave
59
60	# move veth_master to our parent process' namespace
61	ip link set veth_master netns $ppid
62
63	# configure the local interface
64	ip link set veth_slave up
65	ip addr add 192.168.99.2/32 dev veth_slave
66	ip route add 192.168.99.1/32 dev veth_slave
67	";
68
69	print <<EOF;
70	say hi to your new network namespace, use exit to return.
71
72	try this from another shell to get networking up:
73
74	ip link set veth_master up
75	ip addr add 192.168.99.1/32 dev veth_master
76	ip route add 192.168.99.2/32 dev veth_master
77
78	EOF
79	system "bash";
80
81	Example: unshare the filesystem namespace and make a confusing bind
82	mount only visible to the current process.
83
84	use Linux::Clone;
85
86	Linux::Clone::unshare Linux::Clone::NEWNS
87	and die "unshare: $!";
88
89	# now bind-mount /lib over /etc and ls -l /etc - scary
90	system "mount -n --bind /lib /etc";
91	system "ls -l /etc";
92
93	$retval = Linux::Clone::clone $coderef, $stacksize, $flags[, $ptid,
94	$tls, $ctid]
95	Clones a new process as specified via $flags and calls $coderef
96	without any arguments (a closure might help you if you need to pass
97	arguments without global variables). The return value from coderef
98	is returned to the system.
99
100	The $stacksize specifies how large a stack to allocate for the
101	child. If it is 0, then a default stack size (currently 4MB) will be
102	allocated. There is currently no way to free this area again in the
103	child.
104
105	$ptid, if specified, will receive the thread id, $tls, if specified,
106	must contain a "struct user_desc" and $ctid is currently totally
107	unsupported and must not be specified.
108
109	Since this call basically bypasses both perl and your libc (for
110	example, $$ might reflect the parent or child pid in the child),
111	you need to be very careful when using this call, which means you
112	should probably have a very good understanding of perl memory
113	management and how fork and clone work.
114
115	The following flags are supported for clone, in addition to all
116	flags supported by "unshare", above, and a signal number. When in
117	doubt, refer to the clone(2) manual page.
118
119	Linux::Clone::PTRACE
120	Linux::Clone::VFORK
121	Linux::Clone::SETTLS (not yet implemented)
122	Linux::Clone::PARENT_SETTID (not yet implemented)
123	Linux::Clone::CHILD_SETTID (not yet implemented)
124	Linux::Clone::CHILD_CLEARTID (not yet implemented)
125	Linux::Clone::DETACHED
126	Linux::Clone::UNTRACED
127	Linux::Clone::IO
128
129	Note that for practical reasons you basically must not use
130	"Linux::Clone::VM" or "Linux::Clone::VFORK", as perl is unlikely to
131	cope with that.
132
133	This is the glibc clone call, it cannot be used to emulate fork.
134
135	Example: do a fork-like clone, sharing nothing, slightly confusing
136	perl and your libc, and exit immediately.
137
138	my $pid = Linux::Clone::clone sub { warn "in child"; 77 }, 0, POSIX::SIGCHLD;
139
140	Linux::Clone::setns $fh_or_fd[, $nstype]
141	Calls setns(2) on the file descriptor (or file handle) $fh_or_fd. If
142	$nstype is missing, then 0 is used.
143
144	The argument $nstype can be 0, "Linux::Clone::NEWIPC",
145	"Linux::Clone::NEWNET", "Linux::Clone::NEUTS",
146	"Linux::Clone::NEWCGROUP", "Linux::Clone::NEWNS",
147	"Linux::Clone::NEWPID" or "Linux::Clone::NEWUSER".
148
149	Linux::Clone::pivot_root $new_root, $old_root
150	Calls pivot_root(2) - refer to its manpage for details.
151
152	Linux::Clone::kcmp $pid1, $pid2, $type[, $idx1, $idx2]
153	Calls kcmp(2) - refer to its manpage for details on operations.
154
155	The following $type constants are available if the kcmp syscall
156	number was available during compilation:
157
158	"Linux::Clone::KCMP_FILE", "Linux::Clone::KCMP_VM",
159	"Linux::Clone::KCMP_FILES", "Linux::Clone::KCMP_FS",
160	"Linux::Clone::KCMP_SIGHAND", "Linux::Clone::KCMP_IO" and
161	"Linux::Clone::KCMP_SYSVSEM".
162
163	AUTHOR
164	Marc Lehmann <schmorp@schmorp.de>
165	http://home.schmorp.de/
166