blob: 86f9fd3caa665288ab2129212e5b994a433f3ac1 [file] [log] [blame] [view]
# Process Creation
The kernel provides low-level facilities for creating and setting up processes.
However, these facilities are difficult to use because they involve directly
mapping memory for executables, shared libraries, and stacks. Instead, you should
use one of the higher-level mechanisms for creating processes.
## fuchsia.process.Launcher
Fuchsia provides a service, `fuchsia.process.Launcher`, that does the low-level
work of constructing processes for you. You provide this service with all the
kernel objects needed to construct the process (e.g., the job object in which
the process should be created, the executable image, and the standard input and
output handles), and the service does the work of parsing the ELF executable
format, configuring the address space for the process, and sending the process
the startup message.
Most clients do not need to use this service directly. Instead, most clients can
use the simple C frontend in the FDIO library called `fdio_spawn`. This
function, and its more advanced `fdio_spawn_etc` and `fdio_spawn_vmo`
companions, connect to the `fuchsia.process.Launcher` service and send the
service the appropriate messages to create the process. The
`fdio_spawn_action_t` array passed to `fdio_spawn_etc` can be used to customize
the created process.
Regardless of whether you use the `fuchsia.process.Launcher` service directly
or the `fdio_spawn` frontend, this approach to creating processes is most
appropriate for creating processes within your own namespace because you need
to supply all the kernel objects for the new process.
## fuchsia.sys.Launcher
To create a process in its own namespace, Fuchsia provides the
`fuchsia.sys.Launcher` service. Rather than providing this process all the
kernel objects needed to construct the new process, you simply provide the
service a high-level description of the process you wish to create and the
`fuchsia.sys.Launcher` implementation supplies the new process with the
appropriate kernel objects. For example, if you provide the URL of a component
within a package, `fuchsia.sys.Launcher` will create a process for that
component in a namespace appropriate for that component with access to its own
package and whatever other resources are declared in the `sandbox` section of
its manifest.
Rather than returning a `zx::process` handle directly, `fuchsia.sys.Launcher`
returns a `fuchsia.sys.ComponentController` interface. This layer of
abstraction lets `fuchsia.sys.Launcher` create components that are not backed
by individual processes. For example, if you launch a component written in
Dart, the component might run in an instance of the Dart VM that is shared
between a number of components with compatible security constraints.
## Early boot
Early on in the boot process, the system does create a number of processes
manually. For example, the kernel manually creates the first userspace process,
`userboot`, which creates `devmgr` in turn. These low-level mechanisms use the
`liblaunchpad.so` shared library, which contains the logic for parsing ELF
files. Direct construction of processes is prohibited in the `fuchsia` job tree
using a job policy.
The `liblaunchpad.so` shared library is available in Zircon but should be used
only during early boot and for low-level tests of process creation. Libraries
or programs that might be used from the `fuchsia` job tree should use
`fdio_spawn` (or its companions) to conform to the security policy.