[apple/xnu.git] / bsd / man / man2 / posix_spawn.2

.\"
.\" Copyright (c) 2000-2007 Apple Inc. All rights reserved.
.\"
.\" @APPLE_OSREFERENCE_LICENSE_HEADER_START@
.\" 
.\" This file contains Original Code and/or Modifications of Original Code
.\" as defined in and that are subject to the Apple Public Source License
.\" Version 2.0 (the 'License'). You may not use this file except in
.\" compliance with the License. The rights granted to you under the License
.\" may not be used to create, or enable the creation or redistribution of,
.\" unlawful or unlicensed copies of an Apple operating system, or to
.\" circumvent, violate, or enable the circumvention or violation of, any
.\" terms of an Apple operating system software license agreement.
.\" 
.\" Please obtain a copy of the License at
.\" http://www.opensource.apple.com/apsl/ and read it before using this file.
.\" 
.\" The Original Code and all software distributed under the License are
.\" distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
.\" EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
.\" INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
.\" FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
.\" Please see the License for the specific language governing rights and
.\" limitations under the License.
.\" 
.\" @APPLE_OSREFERENCE_LICENSE_HEADER_END@
.\"
.\"     @(#)posix_spawn.2
.
.Dd August 9, 2007
.Dt POSIX_SPAWN 2
.Os "Mac OS X"
.Sh NAME
.Nm posix_spawn
.Nm posix_spawnp
.Nd spawn a process
.Sh SYNOPSIS
.Fd #include <spawn.h>
.Ft int
.Fo posix_spawn
.Fa "pid_t *restrict pid"
.Fa "const char *restrict path"
.Fa "const posix_spawn_file_actions_t *file_actions"
.Fa "const posix_spawnattr_t *restrict attrp"
.Fa "char *const argv[restrict]"
.Fa "char *const envp[restrict]"
.Fc
.Ft int
.Fo posix_spawnp
.Fa "pid_t *restrict pid"
.Fa "const char *restrict file"
.Fa "const posix_spawn_file_actions_t *file_actions"
.Fa "const posix_spawnattr_t *restrict attrp"
.Fa "char *const argv[restrict]"
.Fa "char *const envp[restrict]"
.Fc
.Sh DESCRIPTION
The
.Fn posix_spawn
function creates a new process from the executable file, called the
.Em new process file ,
specified by
.Em path ,
which is an absolute or relative path to the file.
The
.Fn posix_spawnp
function is identical to the
.Fn posix_spawn
function if the
.Em file
specified contains a slash character; otherwise, the
.Em file
parameter is used to construct a pathname, with its path prefix being
obtained by a search of the path specified in the environment by the
.Dq Ev PATH variable .
If this variable isn't specified, the default path is set according
to the
.Dv _PATH_DEFPATH
definition in
.In paths.h ,
which is set to
.Dq Ev /usr/bin:/bin .
This pathname either refers to an executable object file,
or a file of data for an interpreter;
.Xr execve 2
for more details.
.Pp
The argument
.Fa pid
is a pointer to a pid_t variable to receive the pid of the spawned
process; if this is NULL, then the pid of the spawned process is
not returned.  If this pointer is non-NULL, then on successful
completion, the variable will be modified to contain the pid of the
spawned process.  The value is undefined in the case of a failure.
.Pp
The argument
.Fa file_actions
is either NULL, or it is a a pointer to a file actions object that was
initialized by a call to
.Xr posix_spawn_file_actions_init 3
and represents zero or more file actions.
.Pp
File descriptors open in the calling process image remain open in
the new process image, except for those for which the close-on-exec
flag is set (see
.Xr close 2
and
.Xr fcntl 2 ) .
Descriptors that remain open are unaffected by
.Fn posix_spawn
unless their behaviour is modified by a file action; see
.Xr posix_spawn_file_actions_init 3
for more information.
.Pp
The argument
.Fa attrp
is either NULL, or it is a pointer to an attributes object that was
initialized by a call to
.Xr posix_spawnattr_init 3
and represents a set of spawn attributes to apply.  If NULL, then the
default attributes are applied; otherwise, these attributes can control
various aspects of the spawned process, and are applied prior to the
spawned process beginning execution; see
.Xr posix_spawnattr_init 3
for more information.
.Pp
The argument
.Fa argv
is a pointer to a null-terminated array of
character pointers to null-terminated character strings.
These strings construct the argument list to be made available to the new
process.  At least
.Fa argv[0]
must be present in the array, and should contain the file name of the
program being spawned, e.g. the last component of the
.Em path
or
.Em file
argument.
.Pp
The argument
.Fa envp
is a pointer to a null-terminated array of character pointers to
null-terminated strings.  A pointer to this array is normally stored
in the global variable
.Va environ.
These strings pass information to the
new process that is not directly an argument to the command (see
.Xr environ 7 ) .
.Pp
Signals set to be ignored in the calling process are set to be ignored in
the new process, unless the behaviour is modified by user specified
.Em spawn attributes .
Signals which are set to be caught in the calling process image are set to
default action in the new process image.
Blocked signals remain blocked regardless of changes to the signal action,
unless the mask is overridden by user specified
.Em spawn attributes .
The signal stack is reset to be undefined (see
.Xr sigaction 2
for more information).
.Pp
By default, the effective user ID and group ID will be the same as those of
the calling process image; however, this may be overridden to force them to
be the real user ID and group ID of the parent process by user specified
.Em spawn attributes
(see
.Xr posix_spawnattr_init 3
for more information).
.Pp
If the set-user-ID mode bit of the new process image file is set
(see
.Xr chmod 2 ) ,
the effective user ID of the new process image is set to the owner ID
of the new process image file.
If the set-group-ID mode bit of the new process image file is set,
the effective group ID of the new process image is set to the group ID
of the new process image file.
(The effective group ID is the first element of the group list.)
The real user ID, real group ID and supplementary group IDs of the new
process image remain the same as the calling process image.
After any set-user-ID and set-group-ID processing,
the effective user ID is recorded as the saved set-user-ID,
and the effective group ID is recorded as the saved set-group-ID.
These values may be used in changing the effective IDs later (see
.Xr setuid 2 ) .
.Pp
The new process also inherits the following attributes from
the calling process:
.Pp
.Bl -column parent_process_ID -offset indent -compact
.It parent process ID Ta see Xr getppid 2
.It process group ID Ta see Xr getpgrp 2 , Xr posix_spawnattr_init 3
.It access groups Ta see Xr getgroups 2
.It working directory Ta see Xr chdir 2
.It root directory Ta see Xr chroot 2
.It control terminal Ta see Xr termios 4
.It resource usages Ta see Xr getrusage 2
.It interval timers Ta see Xr getitimer 2
.It resource limits Ta see Xr getrlimit 2
.It file mode mask Ta see Xr umask 2
.It signal mask Ta see Xr sigaction 2 , Xr sigsetmask 2 ,
.Xr posix_spawnattr_init 3
.El
.Pp
When a program is executed as a result of a
.Fn posix_spawn
or
.Fn posix_spawnp
call, it is entered as follows:
.Bd -literal -offset indent
main(argc, argv, envp)
int argc;
char **argv, **envp;
.Ed
.Pp
where
.Fa argc
is the number of elements in
.Fa argv
(the ``arg count'')
and
.Fa argv
points to the array of character pointers
to the arguments themselves.
.Sh RETURN VALUES
If the
.Em pid
argument is NULL, no pid is returned to the calling process; if it is
non-NULL, then
.Fn posix_spawn
and
.Fn posix_spawnp
functions return the process ID of the child process into the pid_t
variable pointed to by the
.Em pid
argument and return a 0 on success.  If an error occurs, they return
a non-zero error code as the function return value, and no child process
is created.
.Sh ERRORS
The
.Fn posix_spawn
and
.Fn posix_spawnp
functions will fail and return to the calling process if:
.Bl -tag -width Er
.\" ==========
.It Bq Er EINVAL
The value specified by
.Fa file_actions
or
.Fa attrp
is invalid.
.\" ==========
.It Bq Er E2BIG
The number of bytes in the new process's argument list
is larger than the system-imposed limit.
This limit is specified by the
.Xr sysctl 3
MIB variable
.Dv KERN_ARGMAX .
.\" ==========
.It Bq Er EACCES
Search permission is denied for a component of the path prefix.
.\" ==========
.It Bq Er EACCES
The new process file is not an ordinary file.
.\" ==========
.It Bq Er EACCES
The new process file mode denies execute permission.
.\" ==========
.It Bq Er EACCES
The new process file is on a filesystem mounted
with execution disabled
.Pf ( Dv MNT_NOEXEC
in
.Ao Pa sys/mount.h Ac ) .
.\" ==========
.It Bq Er EFAULT
The new process file is not as long as indicated by
the size values in its header.
.\" ==========
.It Bq Er EFAULT
.Fa Path ,
.Fa argv ,
or
.Fa envp
point
to an illegal address.
.\" ==========
.It Bq Er EIO
An I/O error occurred while reading from the file system.
.\" ==========
.It Bq Er ELOOP
Too many symbolic links were encountered in translating the pathname.
This is taken to be indicative of a looping symbolic link.
.\" ==========
.It Bq Er ENAMETOOLONG
A component of a pathname exceeded 
.Dv {NAME_MAX}
characters, or an entire path name exceeded 
.Dv {PATH_MAX}
characters.
.\" ==========
.It Bq Er ENOENT
The new process file does not exist.
.\" ==========
.It Bq Er ENOEXEC
The new process file has the appropriate access
permission, but has an unrecognized format
(e.g., an invalid magic number in its header).
.\" ==========
.It Bq Er ENOMEM
The new process requires more virtual memory than
is allowed by the imposed maximum
.Pq Xr getrlimit 2 .
.\" ==========
.It Bq Er ENOTDIR
A component of the path prefix is not a directory.
.\" ==========
.It Bq Er ETXTBSY
The new process file is a pure procedure (shared text)
file that is currently open for writing or reading by some process.
.El
.Sh CAVEAT
If a program is
.Em setuid
to a non-super-user, but is executed when
the real
.Em uid
is ``root'', then the program has some of the powers
of a super-user as well.
.Sh SEE ALSO
.Xr exit 2 ,
.Xr fork 2 ,
.Xr execl 3 ,
.Xr sysctl 3 ,
.Xr environ 7 ,
.Xr posix_spawnattr_init 3 ,
.Xr posix_file_actions_init 3
.Sh STANDARDS
.St -susv3 [SPN]
.Sh HISTORY
The
.Fn posix_spawn
and
.Fn posix_spawnp
function calls appeared in
.St -susv3 [SPN] .
Commit	Line	Data
2d21ac55 A	1	.\"
	2	.\" Copyright (c) 2000-2007 Apple Inc. All rights reserved.
	3	.\"
	4	.\" @APPLE_OSREFERENCE_LICENSE_HEADER_START@
	5	.\"
	6	.\" This file contains Original Code and/or Modifications of Original Code
	7	.\" as defined in and that are subject to the Apple Public Source License
	8	.\" Version 2.0 (the 'License'). You may not use this file except in
	9	.\" compliance with the License. The rights granted to you under the License
	10	.\" may not be used to create, or enable the creation or redistribution of,
	11	.\" unlawful or unlicensed copies of an Apple operating system, or to
	12	.\" circumvent, violate, or enable the circumvention or violation of, any
	13	.\" terms of an Apple operating system software license agreement.
	14	.\"
	15	.\" Please obtain a copy of the License at
	16	.\" http://www.opensource.apple.com/apsl/ and read it before using this file.
	17	.\"
	18	.\" The Original Code and all software distributed under the License are
	19	.\" distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	20	.\" EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	21	.\" INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	22	.\" FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	23	.\" Please see the License for the specific language governing rights and
	24	.\" limitations under the License.
	25	.\"
	26	.\" @APPLE_OSREFERENCE_LICENSE_HEADER_END@
	27	.\"
	28	.\" @(#)posix_spawn.2
	29	.
	30	.Dd August 9, 2007
	31	.Dt POSIX_SPAWN 2
	32	.Os "Mac OS X"
	33	.Sh NAME
	34	.Nm posix_spawn
	35	.Nm posix_spawnp
	36	.Nd spawn a process
	37	.Sh SYNOPSIS
	38	.Fd #include <spawn.h>
	39	.Ft int
	40	.Fo posix_spawn
	41	.Fa "pid_t *restrict pid"
	42	.Fa "const char *restrict path"
	43	.Fa "const posix_spawn_file_actions_t *file_actions"
	44	.Fa "const posix_spawnattr_t *restrict attrp"
	45	.Fa "char *const argv[restrict]"
	46	.Fa "char *const envp[restrict]"
	47	.Fc
	48	.Ft int
	49	.Fo posix_spawnp
	50	.Fa "pid_t *restrict pid"
	51	.Fa "const char *restrict file"
	52	.Fa "const posix_spawn_file_actions_t *file_actions"
	53	.Fa "const posix_spawnattr_t *restrict attrp"
	54	.Fa "char *const argv[restrict]"
	55	.Fa "char *const envp[restrict]"
	56	.Fc
	57	.Sh DESCRIPTION
	58	The
	59	.Fn posix_spawn
	60	function creates a new process from the executable file, called the
	61	.Em new process file ,
	62	specified by
	63	.Em path ,
	64	which is an absolute or relative path to the file.
65	The
66	.Fn posix_spawnp
67	function is identical to the
68	.Fn posix_spawn
69	function if the
70	.Em file
71	specified contains a slash character; otherwise, the
72	.Em file
73	parameter is used to construct a pathname, with its path prefix being
74	obtained by a search of the path specified in the environment by the
75	.Dq Ev PATH variable .
76	If this variable isn't specified, the default path is set according
77	to the
78	.Dv _PATH_DEFPATH
79	definition in
80	.In paths.h ,
81	which is set to
82	.Dq Ev /usr/bin:/bin .
83	This pathname either refers to an executable object file,
84	or a file of data for an interpreter;
85	.Xr execve 2
86	for more details.
87	.Pp
88	The argument
89	.Fa pid
90	is a pointer to a pid_t variable to receive the pid of the spawned
91	process; if this is NULL, then the pid of the spawned process is
92	not returned. If this pointer is non-NULL, then on successful
93	completion, the variable will be modified to contain the pid of the
94	spawned process. The value is undefined in the case of a failure.
95	.Pp
96	The argument
97	.Fa file_actions
98	is either NULL, or it is a a pointer to a file actions object that was
99	initialized by a call to
100	.Xr posix_spawn_file_actions_init 3
101	and represents zero or more file actions.
102	.Pp
103	File descriptors open in the calling process image remain open in
104	the new process image, except for those for which the close-on-exec
105	flag is set (see
106	.Xr close 2
107	and
108	.Xr fcntl 2 ) .
109	Descriptors that remain open are unaffected by
110	.Fn posix_spawn
111	unless their behaviour is modified by a file action; see
112	.Xr posix_spawn_file_actions_init 3
113	for more information.
114	.Pp
115	The argument
116	.Fa attrp
117	is either NULL, or it is a pointer to an attributes object that was
118	initialized by a call to
119	.Xr posix_spawnattr_init 3
120	and represents a set of spawn attributes to apply. If NULL, then the
121	default attributes are applied; otherwise, these attributes can control
122	various aspects of the spawned process, and are applied prior to the
123	spawned process beginning execution; see
124	.Xr posix_spawnattr_init 3
125	for more information.
126	.Pp
127	The argument
128	.Fa argv
129	is a pointer to a null-terminated array of
130	character pointers to null-terminated character strings.
131	These strings construct the argument list to be made available to the new
132	process. At least
133	.Fa argv[0]
134	must be present in the array, and should contain the file name of the
135	program being spawned, e.g. the last component of the
136	.Em path
137	or
138	.Em file
139	argument.
140	.Pp
141	The argument
142	.Fa envp
143	is a pointer to a null-terminated array of character pointers to
144	null-terminated strings. A pointer to this array is normally stored
145	in the global variable
146	.Va environ.
147	These strings pass information to the
148	new process that is not directly an argument to the command (see
149	.Xr environ 7 ) .
150	.Pp
151	Signals set to be ignored in the calling process are set to be ignored in
152	the new process, unless the behaviour is modified by user specified
153	.Em spawn attributes .
154	Signals which are set to be caught in the calling process image are set to
155	default action in the new process image.
156	Blocked signals remain blocked regardless of changes to the signal action,
157	unless the mask is overridden by user specified
158	.Em spawn attributes .
159	The signal stack is reset to be undefined (see
160	.Xr sigaction 2
161	for more information).
162	.Pp
163	By default, the effective user ID and group ID will be the same as those of
164	the calling process image; however, this may be overridden to force them to
165	be the real user ID and group ID of the parent process by user specified
166	.Em spawn attributes
167	(see
168	.Xr posix_spawnattr_init 3
169	for more information).
170	.Pp
171	If the set-user-ID mode bit of the new process image file is set
172	(see
173	.Xr chmod 2 ) ,
174	the effective user ID of the new process image is set to the owner ID
175	of the new process image file.
176	If the set-group-ID mode bit of the new process image file is set,
177	the effective group ID of the new process image is set to the group ID
178	of the new process image file.
179	(The effective group ID is the first element of the group list.)
180	The real user ID, real group ID and supplementary group IDs of the new
181	process image remain the same as the calling process image.
182	After any set-user-ID and set-group-ID processing,
183	the effective user ID is recorded as the saved set-user-ID,
184	and the effective group ID is recorded as the saved set-group-ID.
185	These values may be used in changing the effective IDs later (see
186	.Xr setuid 2 ) .
187	.Pp
188	The new process also inherits the following attributes from
189	the calling process:
190	.Pp
191	.Bl -column parent_process_ID -offset indent -compact
192	.It parent process ID Ta see Xr getppid 2
193	.It process group ID Ta see Xr getpgrp 2 , Xr posix_spawnattr_init 3
194	.It access groups Ta see Xr getgroups 2
195	.It working directory Ta see Xr chdir 2
196	.It root directory Ta see Xr chroot 2
197	.It control terminal Ta see Xr termios 4
198	.It resource usages Ta see Xr getrusage 2
199	.It interval timers Ta see Xr getitimer 2
200	.It resource limits Ta see Xr getrlimit 2
201	.It file mode mask Ta see Xr umask 2
202	.It signal mask Ta see Xr sigaction 2 , Xr sigsetmask 2 ,
203	.Xr posix_spawnattr_init 3
204	.El
205	.Pp
206	When a program is executed as a result of a
207	.Fn posix_spawn
208	or
209	.Fn posix_spawnp
210	call, it is entered as follows:
211	.Bd -literal -offset indent
212	main(argc, argv, envp)
213	int argc;
214	char argv, envp;
215	.Ed
216	.Pp
217	where
218	.Fa argc
219	is the number of elements in
220	.Fa argv
221	(the ``arg count'')
222	and
223	.Fa argv
224	points to the array of character pointers
225	to the arguments themselves.
226	.Sh RETURN VALUES
227	If the
228	.Em pid
229	argument is NULL, no pid is returned to the calling process; if it is
230	non-NULL, then
231	.Fn posix_spawn
232	and
233	.Fn posix_spawnp
234	functions return the process ID of the child process into the pid_t
235	variable pointed to by the
236	.Em pid
237	argument and return a 0 on success. If an error occurs, they return
238	a non-zero error code as the function return value, and no child process
239	is created.
240	.Sh ERRORS
241	The
242	.Fn posix_spawn
243	and
244	.Fn posix_spawnp
245	functions will fail and return to the calling process if:
246	.Bl -tag -width Er
247	.\" ==========
248	.It Bq Er EINVAL
249	The value specified by
250	.Fa file_actions
251	or
252	.Fa attrp
253	is invalid.
254	.\" ==========
255	.It Bq Er E2BIG
256	The number of bytes in the new process's argument list
257	is larger than the system-imposed limit.
258	This limit is specified by the
259	.Xr sysctl 3
260	MIB variable
261	.Dv KERN_ARGMAX .
262	.\" ==========
263	.It Bq Er EACCES
264	Search permission is denied for a component of the path prefix.
265	.\" ==========
266	.It Bq Er EACCES
267	The new process file is not an ordinary file.
268	.\" ==========
269	.It Bq Er EACCES
270	The new process file mode denies execute permission.
271	.\" ==========
272	.It Bq Er EACCES
273	The new process file is on a filesystem mounted
274	with execution disabled
275	.Pf ( Dv MNT_NOEXEC
276	in
277	.Ao Pa sys/mount.h Ac ) .
278	.\" ==========
279	.It Bq Er EFAULT
280	The new process file is not as long as indicated by
281	the size values in its header.
282	.\" ==========
283	.It Bq Er EFAULT
284	.Fa Path ,
285	.Fa argv ,
286	or
287	.Fa envp
288	point
289	to an illegal address.
290	.\" ==========
291	.It Bq Er EIO
292	An I/O error occurred while reading from the file system.
293	.\" ==========
294	.It Bq Er ELOOP
295	Too many symbolic links were encountered in translating the pathname.
296	This is taken to be indicative of a looping symbolic link.
297	.\" ==========
298	.It Bq Er ENAMETOOLONG
299	A component of a pathname exceeded
300	.Dv {NAME_MAX}
301	characters, or an entire path name exceeded
302	.Dv {PATH_MAX}
303	characters.
304	.\" ==========
305	.It Bq Er ENOENT
306	The new process file does not exist.
307	.\" ==========
308	.It Bq Er ENOEXEC
309	The new process file has the appropriate access
310	permission, but has an unrecognized format
311	(e.g., an invalid magic number in its header).
312	.\" ==========
313	.It Bq Er ENOMEM
314	The new process requires more virtual memory than
315	is allowed by the imposed maximum
316	.Pq Xr getrlimit 2 .
317	.\" ==========
318	.It Bq Er ENOTDIR
319	A component of the path prefix is not a directory.
320	.\" ==========
321	.It Bq Er ETXTBSY
322	The new process file is a pure procedure (shared text)
323	file that is currently open for writing or reading by some process.
324	.El
325	.Sh CAVEAT
326	If a program is
327	.Em setuid
328	to a non-super-user, but is executed when
329	the real
330	.Em uid
331	is ``root'', then the program has some of the powers
332	of a super-user as well.
333	.Sh SEE ALSO
334	.Xr exit 2 ,
335	.Xr fork 2 ,
336	.Xr execl 3 ,
337	.Xr sysctl 3 ,
338	.Xr environ 7 ,
339	.Xr posix_spawnattr_init 3 ,
340	.Xr posix_file_actions_init 3
341	.Sh STANDARDS
342	.St -susv3 [SPN]
343	.Sh HISTORY
344	The
345	.Fn posix_spawn
346	and
347	.Fn posix_spawnp
348	function calls appeared in
349	.St -susv3 [SPN] .