1
// Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
2
// SPDX-License-Identifier: Apache-2.0
3

4
/*
5
 * This is a very simple tool, used by the testing system to clone/exec into
6
 * the jailer.
7
 * All it does is
8
 * - clone() into a new PID namespace, then
9
 * - have the child process exec() into the binary received via command line,
10
 *   and
11
 * - have the parent process print the child PID to stdout.
12
 *
13
 * Usage: ./newpid_cloner <binary_to_execute> <arg1> <arg2> ...
14
 * Example: ./newpid_cloner /bin/firecracker --api-sock /var/run/fire.sock
15
 *
16
 */
17

18
#define _GNU_SOURCE
19

20
#include <sched.h>
21
#include <stdio.h>
22
#include <unistd.h>
23
#include <errno.h>
24
#include <sys/mman.h>
25

26

27
#define CHILD_STACK_SIZE 4096
28

29

30
int child_main(void *arg) {
31
    char **argv = (char**)arg;
32
    execv(argv[0], argv);
33
}
34

35
int main(int argc, char *const argv[]) {
36

37
    char child_stack[CHILD_STACK_SIZE];
38
    int child_pid = child_pid = clone(
39
        child_main,
40
        (char*)child_stack + CHILD_STACK_SIZE,
41
        CLONE_NEWPID,
42
        ((char **)argv) + 1
43
    );
44

45
    printf("%d", child_pid);
46
    return (child_pid != -1) ? 0 : errno;
47
}
48

49