Figure 5-12: The task structure
The kernel maintains a circular
5.2.2Process creation and destruction
The SLES kernel provides these system calls for creating a new process: clone(), fork(), and vfork(). When a new process is created, resources owned by the parent process are duplicated in the child process. Because this duplication is done using memory regions and demand paging, the object reuse requirement is satisfied.
The vfork() system call differs from fork() by sharing the address space of its parent. To prevent the parent from overwriting data needed by the child, the execution of the parent is blocked until the child exits or executes a new program. Lightweight processes are created using the clone() system call, which allows both the parent and the child to share many
5.2.2.1Control of child processes
The child process inherits the parent’s
5.2.2.2DAC controls
5.2.2.2.1setuid()and setgid()
These set the effective user and group ID of the current process. If the effective user ID of the caller is root, then the real and saved user and group IDs are also set.
5.2.2.2.2seteuid()and setegid()
These set the effective user and group ID of the current process. Normal user processes may only set the effective user and group ID to the real user and group ID, the effective user and group ID, or the saved user and group ID.
5.2.2.2.3setreuid()and setregid()
These set the real and effective user and group IDs of the current process. Normal users may only set the real user and group ID to the real user and group ID or the effective user and group ID, and can only set the effective user and group ID to the real user and group ID, the effective user and group ID or the saved user and group ID. If the real user and group ID is set or the effective user and group ID is set to a value not equal to the previous real user and group ID, the saved user and group ID is set to the new effective user and group ID.
57
