取消共享--pid/bin/bash-fork无法分配内存 [英] unshare --pid /bin/bash - fork cannot allocate memory

问题描述

我正在尝试linux名称空间.特别是pid名称空间.

I'm experimenting with linux namespaces. Specifically the pid namespace.

我以为我可以用bash测试一下，但是遇到了这个问题:

I thought I'd test something out with bash but run into this problem:

unshare -p /bin/bash
bash: fork: Cannot allocate memory

从那里运行ls进行了核心转储.退出是唯一的可能.

Running ls from there gave a core dump. Exit is the only thing possible.

为什么要这么做?

推荐答案

该错误是由PID 1进程在新名称空间中退出引起的.

The error is caused by the PID 1 process exits in the new namespace.

bash开始运行后，bash将派生几个新的子进程来执行某些操作.如果在不使用-f的情况下运行取消共享，则bash将具有与当前取消共享"进程相同的pid.当前的取消共享"进程调用取消共享系统调用，创建一个新的pid名称空间，但是当前的取消共享"进程不在新的pid名称空间中.这是linux内核的预期行为:进程A创建了一个新的名称空间，进程A本身不会放入新的名称空间，只有进程A的子进程将被放入新的名称空间.因此，当您运行时:

After bash start to run, bash will fork several new sub-processes to do somethings. If you run unshare without -f, bash will have the same pid as the current "unshare" process. The current "unshare" process call the unshare systemcall, create a new pid namespace, but the current "unshare" process is not in the new pid namespace. It is the desired behavior of linux kernel: process A creates a new namespace, the process A itself won't be put into the new namespace, only the sub-processes of process A will be put into the new namespace. So when you run:

unshare -p /bin/bash

取消共享进程将执行/bin/bash，/bin/bash派生几个子进程，bash的第一个子进程将成为新名称空间的PID 1，并且该子进程将在完成其工作后退出.这样，新名称空间的PID 1退出了.

The unshare process will exec /bin/bash, and /bin/bash forks several sub-processes, the first sub-process of bash will become PID 1 of the new namespace, and the subprocess will exit after it completes its job. So the PID 1 of the new namespace exits.

PID 1进程具有特殊功能:它应该成为所有孤立进程的父进程.如果根名称空间中的PID 1进程退出，内核将崩溃.如果子命名空间中的PID 1进程退出，Linux内核将调用disable_pid_allocation函数，该函数将清除该命名空间中的PIDNS_HASH_ADDING标志.当Linux内核创建新进程时，内核将调用alloc_pid函数在命名空间中分配PID，并且如果未设置PIDNS_HASH_ADDING标志，则alloc_pid函数将返回-ENOMEM错误.这就是为什么出现无法分配内存"错误的原因.

The PID 1 process has a special function: it should become all the orphan processes' parent process. If PID 1 process in the root namespace exits, kernel will panic. If PID 1 process in a sub namespace exits, linux kernel will call the disable_pid_allocation function, which will clean the PIDNS_HASH_ADDING flag in that namespace. When linux kernel create a new process, kernel will call alloc_pid function to allocate a PID in a namespace, and if the PIDNS_HASH_ADDING flag is not set, alloc_pid function will return a -ENOMEM error. That's why you got the "Cannot allocate memory" error.

您可以通过使用'-f'选项来解决此问题:

You can resolve this issue by use the '-f' option:

unshare -fp /bin/bash

如果使用'-f'选项运行unshare，unshare将在创建新的pid名称空间后派生一个新进程.然后在新进程中运行/bin/bash.新进程将是新pid名称空间的pid 1.然后bash还将派生几个子流程来完成一些工作.由于bash本身是新pid名称空间的pid 1，因此其子进程可以正常退出.

If you run unshare with '-f' option, unshare will fork a new process after it create the new pid namespace. And run /bin/bash in the new process. The new process will be the pid 1 of the new pid namespace. Then bash will also fork several sub-processes to do some jobs. As bash itself is the pid 1 of the new pid namespace, its sub-processes can exit without any problem.

这篇关于取消共享--pid/bin/bash-fork无法分配内存的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！