Ok. This is in qemu linux-user/syscall.c:
#define CLONE_IGNORED_FLAGS \
(CLONE_DETACHED | CLONE_IO)
/* Flags for fork which we can implement within QEMU itself */
#define CLONE_OPTIONAL_FORK_FLAGS \
(CLONE_SETTLS | CLONE_PARENT_SETTID | CLONE_PIDFD | \
CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID)
#define CLONE_INVALID_FORK_FLAGS \
(~(CSIGNAL | CLONE_OPTIONAL_FORK_FLAGS | CLONE_IGNORED_FLAGS))
This is basically it: the list of clone(2) flags supported by
qemu-user is given in CLONE_OPTIONAL_FORK_FLAGS.
systemd does this (from qemu running with QEMU_STRACE=1):
1 clone(CLONE_NEWNS|0x11,child_stack=0x0000000000000000,parent_tidptr=0x0000000000000000,tls=0xfffffffe7fffffff,child_tidptr=0x0000000000000000) =
-1 errno=22 (Invalid argument)
In the same qemu source we read:
/* CLONE_VFORK is special cased early in do_fork(). The other flag bits
* have almost all been allocated. We cannot support any of
* CLONE_NEWNS, CLONE_NEWCGROUP, CLONE_NEWUTS, CLONE_NEWIPC,
* CLONE_NEWUSER, CLONE_NEWPID, CLONE_NEWNET, CLONE_PTRACE, CLONE_UNTRACED.
* The checks against the invalid thread masks above will catch these.
* (The one remaining unallocated bit is 0x1000 which used to be CLONE_PID.)
*/
In particular, CLONE_NEWNS in qemu is marked as "we cannot support".
Note: this CLONE_NEWNS is now used when forking off systemd-generators.
This happens since this commit in systemd:
commit ca6ce62d2a437432082b5c6e5d4275d56055510f
Author: Zbigniew Jędrzejewski-Szmek <zbys...@in.waw.pl>
Date: Tue Dec 13 14:32:35 2022 +0100
manager: execute generators in a mount namespace "sandbox"
FWIW.
/mjt
