[lxc-devel] Two process on a same namespcae with clone()

Thu Feb 17 22:59:53 UTC 2011

On 02/17/2011 03:55 AM, Maheswara Reddy C - ERS, HCL Tech wrote:
> Thanks Rob,
> 
> Here  ABC_stack or XYZ_stack mean different vendor networking stack,

Good to know.

> these two network stack want to run in one namespace as tow different process.

In one _what_ namespace?

Ok, imagine I'm a bartender like this guy:

http://caskstrength.blogspot.com/2010/11/bitterest-pillis-sometimes-tastiest.html

Imagine you're asking questions about making a drink.  You come up to me
and say "I have liquid, liquid, liquid, and cubes.  I add liquid to
liquid to make drink.  Why didn't it work?"

Imagine that the answer you're actually after is "it needs to be served
in a chilled croupette glass".  How do we get from point A to point B here?

I'm _guessing_ you want two processes with the same mount namespace but
different network namespaces.  A mount namespace is not the same thing
as a network namespace.  There are also device namespaces, PID
namespaces, UID namespaces... None of them is just a "namespace".  You
do actually have to specify which you mean.

> Similarly I have to create N number of namespaces.
> 
> 
> Main()
> 
> {
>   int flags= CLONE_NEWNS| CLONE_NEWNET;
>   pid1= clone(do_clone, stack, flags ,&clone_arg)
> 
> }
> 
> do_clone()
> {
>  int flags=0;
>  pid2= clone(do_clone2, stack, flags ,&clone_arg)
> }
> 
> Does this way both pid1 and pid2 run in the same namespace? Or in the min itself I can run clone() with flags=0

Did you try it?  Run some tests and see what happens?  Perform any
experiments?

It's been ages since I've played with clone() directly.  I think flags 0
will do what you want, but let's confirm:

  http://lmgtfy.com/?q=clone+example+c

The first hit on that is a Linux Journal article written back when the
clone() system call was added, and its second C listing is an example of
how to use the clone system call.  It looks like with no flags, it

Another google for "clone flags fork" finds this:

  http://www.slidefinder.net/c/chapter_processes/16193998/p5

And slide 9 confirms that fork uses the clone system call with all clone
flags cleared, so yes.  If you have something against fork() and would
like to replace a posix mechanism with a nonportable linux-specific one
for no obvious _reason_, you can do that.

So, going back to your above example: the first clone (creating pid 1)
creates a new process with its own network namespace, and its own mount
namespace.  If you call clone again from the new PID (which starts
execution in do_clone) then it shares pid1's namespaces.  If you call
clone again from main() it shared the namespaces main() had.

It sounds like calling clone() again from do_clone() might be what you
want, but I AM STILL GUESSING AT WHAT YOU ARE TRYING TO DO.  "The two
should be different, which one should the third use" is not a complete
thought.

It's also entirely possible that you want your first clone to use
CLONE_NEWNET (creating a new network namespace) but not CLONE_NEWNS
(creating a new mount namespace).  These flags are independent, they do
orthogonal things, they do not need to be used together.

Rob