Chapter 2: Process Management and Scheduling
ns->root_user = alloc_uid(ns, 0);
/* Reset current->user with a new one */
new_user = alloc_uid(ns, current->uid);
switch_uid(new_user);
return ns;
}
alloc_uidis a helper function that allocates an instance ofuser_structfor a user with a given UID in
the current namespace if none exists yet. Once an instance has been set up for both root and the current
user,switch_uidensures that the newuser_structwill be used to account resources from now on. This
essentially works by setting theuserelement ofstruct task_structto the newuser_structinstance.
Notice that if support for user namespaces is not compiled in, cloning a user namespace is a null opera-
tion: The default namespace is always used.
2.3.3 Process Identification Numbers
Unixprocesses are always assigned a number to uniquely identify them in their namespace. This number
is called theprocess identification numberorPIDfor short. Each process generated withforkorcloneis
automatically assigned a new unique PID value by the kernel.
Process Duplication
Each process is, however, not only characterized by its PID but also by other identifiers. Several types are
possible:
❑ All processes in a thread group (i.e., differentexecution contexts of a process created by call-
ingclonewithCLONE_THREADas we will see below) have a uniformthread group id(TGID). If a
process does not use threads, its PID and TGID are identical.
The main process in a thread group is called thegroup leader.Thegroup_leaderelement of the
task structures of allcloned threads points to thetask_structinstance of the group leader.
❑ Otherwise, independent processes can be combined into aprocess group(using thesetpgrpsys-
tem call). Thepgrpelements of their task structures all have the same value, namely, the PID of
the process group leader. Process groups facilitate the sending of signals to all members of the
group, which is helpful for various system programming applications (see the literature on sys-
tem programming, e.g., [SR05]). Notice that processes connected with pipes are contained in a
process group.
❑ Several process groups can be combined in a session. All processes in a session have the same
session ID which is held in thesessionelement of the task structure. The SID can be set using
thesetsidsystem call. It is used in terminal programming but is of no particular relevance to us
here.
Namespaces add some additional complexity to how PIDs are managed. Recall that PID namespaces are
organized in a hierarchy. When a new namespace is created, all PIDs that are used in this namespace
are visible to the parent namespace, but the child namespace does not see PIDs of the parent name-
space. However this implies that some tasks are equipped with more than one PID, namely, one per