Closed talex5 closed 1 year ago
This does leave us in a strange half-way house, since we don't derive any benefit from using clone3
if the interface always must be able to fallback to fork(). Any reason not to always just use fork?
Any reason not to always just use fork?
I was going to do that, but the fallback path requires some awkward code to handle the case where you spawn a process and then can't get an FD for it (e.g. due to FD limits), so I decided to use the new system when available. Also, I'm still planning to add support for namespaces at some point (it's OK if that doesn't work in a container).
clone3
is blocked by Docker's default security policy.Also, use
(uintptr_t)
when storing a pointer in auint64_t
field, otherwise it doesn't work on 32-bit systems.Fixes #514.