1 EXEC(2) System Calls EXEC(2)
2
3 NAME
4 exec, execl, execle, execlp, execv, execve, execvp, fexecve execute a
5 file
6
7 SYNOPSIS
8 #include <unistd.h>
9
10 int
11 execl(const char *path, const char *arg0, ... /* const char *argn, (char *)0 */);
12
13 int
14 execv(const char *path, char *const argv[]);
15
16 int
17 execle(const char *path, const char *arg0,
18 ... /* const char *argn, (char *)0, char *const envp[] */);
19
20 int
21 execve(const char *path, char *const argv[], char *const envp[]);
22
23 int
24 execlp(const char *file, const char *arg0, ... /* const char *argn, (char *)0 */);
25
26 int
27 execvp(const char *file, char *const argv[]);
28
29 int
30 fexecve(int fd, char *const argv[], char *const envp[]);
31
32 DESCRIPTION
33 Each of the functions in the exec family replaces the current process
34 image with a new process image. The new image is constructed from a
35 regular, executable file called the new process image file. This file is
36 either an executable object file or a file of data for an interpreter.
37 There is no return from a successful call to one of these functions
38 because the calling process image is overlaid by the new process image.
39
40 An interpreter file begins with a line of the form
41
42 #! pathname [arg]
43
44 where pathname is the path of the interpreter, and arg is an optional
45 argument. When an interpreter file is executed, the system invokes the
46 specified interpreter. The pathname specified in the interpreter file is
47 passed as arg0 to the interpreter. If arg was specified in the
48 interpreter file, it is passed as arg1 to the interpreter. The remaining
49 arguments to the interpreter are arg0 through argn of the originally
50 exec'd file. The interpreter named by pathname must not be an
51 interpreter file.
52
53 When a C-language program is executed as a result of this call, it is
54 entered as a C-language function call as follows:
55
56 int main(int argc, char *argv[])
57
58 where argc is the argument count and argv is an array of character
59 pointers to the arguments themselves. In addition, the following
60 variable:
61
62 extern char **environ;
63
64 is initialized as a pointer to an array of character pointers to the
65 environment strings. The argv and environ arrays are each terminated by
66 a null pointer. The null pointer terminating the argv array is not
67 counted in argc.
68
69 The value of argc is non-negative, and if greater than 0, argv[0] points
70 to a string containing the name of the file. If argc is 0, argv[0] is a
71 null pointer, in which case there are no arguments. Applications should
72 verify that argc is greater than 0 or that argv[0] is not a null pointer
73 before dereferencing argv[0].
74
75 The arguments specified by a program with one of the exec functions are
76 passed on to the new process image in the Fn main arguments.
77
78 The path argument points to a path name that identifies the new process
79 image file.
80
81 The file argument is used to construct a pathname that identifies the new
82 process image file. If the file argument contains a slash character, it
83 is used as the pathname for this file. Otherwise, the path prefix for
84 this file is obtained by a search of the directories passed in the PATH
85 environment variable. See environ(5). The environment is supplied
86 typically by the shell. If the process image file is not a valid
87 executable object file, execlp() and execvp() use the contents of that
88 file as standard input to the shell. In this case, the shell becomes the
89 new process image. The standard to which the caller conforms determines
90 which shell is used. See standards(5).
91
92 The fexecve() function is equivalent to execve(), except that instead of
93 using a named file, the file referenced by the file descriptor fd is
94 used. Note that this file descriptor must reference a regular file and
95 must have been opened for execute (with Dv O_EXEC , defined in
96 <fcntl.h>.) The image is loaded from offset zero of the file, regardless
97 of the offset of fd.
98
99 The arguments represented by arg0... are pointers to null-terminated
100 character strings. These strings constitute the argument list available
101 to the new process image. The list is terminated by a null pointer. The
102 arg0 argument should point to a filename that is associated with the
103 process being started by one of the exec functions.
104
105 The argv argument is an array of character pointers to null-terminated
106 strings. The last member of this array must be a null pointer. These
107 strings constitute the argument list available to the new process image.
108 The value in argv[0] should point to a filename that is associated with
109 the process being started by one of the exec functions.
110
111 The envp argument is an array of character pointers to null-terminated
112 strings. These strings constitute the environment for the new process
113 image. The envp array is terminated by a null pointer. For execl(),
114 execv(), execvp(), and execlp(), the C-language run-time start-off routine
115 places a pointer to the environment of the calling process in the global
116 object environ, and it is used to pass the environment of the calling
117 process to the new process image.
118
119 The number of bytes available for the new process's combined argument and
120 environment lists is ARG_MAX. It is implementation-dependent whether null
121 terminators, pointers, and/or any alignment bytes are included in this
122 total.
123
124 File descriptors open in the calling process image remain open in the new
125 process image, except for those whose close-on-exec flag FD_CLOEXEC is set;
126 see fcntl(2). For those file descriptors that remain open, all
127 attributes of the open file description, including file locks, remain
128 unchanged.
129
130 The preferred hardware address translation size (see memcntl(2)) for the
131 stack and heap of the new process image are set to the default system
132 page size.
133
134 Directory streams open in the calling process image are closed in the new
135 process image.
136
137 The state of conversion descriptors and message catalogue descriptors in
138 the new process image is undefined. For the new process, the equivalent
139 of:
140
141 setlocale(LC_ALL, "C");
142
143 is executed at startup.
144
145 Signals set to the default action (BSIG_DFL) in the calling process image
146 are set to the default action in the new process image (see signal(3C)).
147 Signals set to be ignored (SIG_IGN) by the calling process image are set
148 to be ignored by the new process image. Signals set to be caught by the
149 calling process image are set to the default action in the new process
150 image (see signal.h(3HEAD)). After a successful call to any of the exec
151 functions, alternate signal stacks are not preserved and the SA_ONSTACK
152 flag is cleared for all signals.
153
154 After a successful call to any of the exec functions, any functions
155 previously registered by atexit(3C) are no longer registered.
156
157 The saved resource limits in the new process image are set to be a copy
158 of the process's corresponding hard and soft resource limits.
159
160 If the ST_NOSUID bit is set for the file system containing the new
161 process image file, then the effective user ID and effective group ID are
162 unchanged in the new process image. If the set-user-ID mode bit of the new
163 process image file is set (see chmod(2)), the effective user ID of the
164 new process image is set to the owner ID of the new process image file.
165 Similarly, if the set-group-ID mode bit of the new process image file is
166 set, the effective group ID of the new process image is set to the group
167 ID of the new process image file. The real user ID and real group ID of
168 the new process image remain the same as those of the calling process
169 image. The effective user ID and effective group ID of the new process
170 image are saved (as the saved set-user-ID and the saved set-group-ID for use
171 by setuid(2)).
172
173 The privilege sets are changed according to the following rules:
174
175 1. The inheritable set, I, is intersected with the limit set, L. This
176 mechanism enforces the limit set for processes.
177
178 2. The effective set, E, and the permitted set, P, are made equal to
179 the new inheritable set.
180
181 The system attempts to set the privilege-aware state to non-PA both before
182 performing any modifications to the process IDs and privilege sets as
183 well as after completing the transition to new UIDs and privilege sets,
184 following the rules outlined in privileges(5).
185
186 If the {PRIV_PROC_OWNER} privilege is asserted in the effective set, the
187 set-user-ID and set-group-ID bits will be honored when the process is being
188 controlled by ptrace(3C). Additional restrictions can apply when the
189 traced process has an effective UID of 0. See privileges(5).
190
191 Any shared memory segments attached to the calling process image will not
192 be attached to the new process image (see shmop(2)). Any mappings
193 established through mmap(2) are not preserved across an exec. Memory
194 mappings created in the process are unmapped before the address space is
195 rebuilt for the new process image. See mmap(2).
196
197 Memory locks established by the calling process via calls to mlockall(3C)
198 or mlock(3C) are removed. If locked pages in the address space of the
199 calling process are also mapped into the address spaces the locks
200 established by the other processes will be unaffected by the call by this
201 process to the exec function. If the exec function fails, the effect on
202 memory locks is unspecified.
203
204 If _XOPEN_REALTIME is defined and has a value other than 1, any named
205 semaphores open in the calling process are closed as if by appropriate
206 calls to sem_close(3C).
207
208 Profiling is disabled for the new process; see profil(2).
209
210 Timers created by the calling process with timer_create(3C) are deleted
211 before replacing the current process image with the new process image.
212
213 For the SCHED_FIFO and SCHED_RR scheduling policies, the policy and
214 priority settings are not changed by a call to an exec function.
215
216 All open message queue descriptors in the calling process are closed, as
217 described in mq_close(3C).
218
219 Any outstanding asynchronous I/O operations may be cancelled. Those
220 asynchronous I/O operations that are not canceled will complete as if the
221 exec function had not yet occurred, but any associated signal
222 notifications are suppressed. It is unspecified whether the exec
223 function itself blocks awaiting such I/O completion. In no event,
224 however, will the new process image created by the exec function be
225 affected by the presence of outstanding asynchronous I/O operations at
226 the time the exec function is called.
227
228 All active contract templates are cleared (see contract(4)).
229
230 The new process also inherits the following attributes from the calling
231 process:
232
233 controlling terminal
234
235 current working directory
236
237 file-locks (see fcntl(2) and lockf(3C))
238
239 file mode creation mask (see umask(2))
240
241 file size limit (see ulimit(2))
242
243 limit privilege set
244
245 nice value (see nice(2))
246
247 parent process ID
248
249 pending signals (see sigpending(2))
250
251 privilege debugging flag (see privileges(5) and getpflags(2))
252
253 process ID
254
255 process contract (see contract(4) and process(4))
256
257 process group ID
258
259 process signal mask (see sigprocmask(2))
260
261 processor bindings (see processor_bind(2))
262
263 processor set bindings (see pset_bind(2))
264
265 project ID
266
267 real group ID
268
269 real user ID
270
271 resource limits (see getrlimit(2))
272
273 root directory
274
275 scheduler class and priority (see priocntl(2))
276
277 semadj values (see semop(2))
278
279 session membership (see exit(2) and signal(3C))
280
281 supplementary group IDs
282
283 task ID
284
285 time left until an alarm clock signal (see alarm(2))
286
287 tms_utime, tms_stime, tms_cutime, and tms_cstime (see times(2))
288
289 trace flag (see ptrace(3C) request 0)
290
291 A call to any exec function from a process with more than one thread
292 results in all threads being terminated and the new executable image
293 being loaded and executed. No destructor functions will be called.
294
295 Upon successful completion, each of the functions in the exec family
296 marks for update the st_atime field of the file. If an exec function
297 failed but was able to locate the process image file, whether the
298 st_atime field is marked for update is unspecified. Should the function
299 succeed, the process image file is considered to have been opened with
300 open(2). The corresponding close(2) is considered to occur at a time
301 after this open, but before process termination or successful completion
302 of a subsequent call to one of the exec functions. The argv and envp
303 arrays of pointers and the strings to which those arrays point will not
304 be modified by a call to one of the exec functions, except as a
305 consequence of replacing the process image.
306
307 The saved resource limits in the new process image are set to be a copy
308 of the process's corresponding hard and soft limits.
309
310 RETURN VALUES
311 If a function in the exec family returns to the calling process image, an
312 error has occurred; the return value is1 and errno is set to indicate
313 the error.
314
315 ERRORS
316 The exec functions will fail if:
317
318 [E2BIG] The number of bytes in the new process's argument list
319 is greater than the system-imposed limit of {ARG_MAX}
320 bytes. The argument list limit is sum of the size of
321 the argument list plus the size of the environment's
322 exported shell variables.
323
324 [EACCES] Search permission is denied for a directory listed in
325 the new process file's path prefix.
326
327 The new process file is not an ordinary file.
328
329 The new process file mode denies execute permission.
330
331 The {FILE_DAC_SEARCH} privilege overrides the
332 restriction on directory searches.
333
334 The {FILE_DAC_EXECUTE} privilege overrides the lack of
335 execute permission.
336
337 [EAGAIN] Total amount of system memory available when reading
338 using raw I/O is temporarily insufficient.
339
340 [EFAULT] An argument points to an illegal address.
341
342 [EINVAL] The new process image file has the appropriate
343 permission and has a recognized executable binary
344 format, but the system does not support execution of a
345 file with this format.
346
347 [EINTR] A signal was caught during the execution of one of the
348 functions in the exec family.
349
350 The exec functions except fexecve() will fail if:
351
352 [ELOOP] Too many symbolic links were encountered in
353 translating path or file.
354
355 [ENAMETOOLONG] The length of the file or path argument exceeds
356 {PATH_MAX}, or the length of a file or path component
357 exceeds {NAME_MAX} while {_POSIX_NO_TRUNC} is in
358 effect.
359
360 [ENOENT] One or more components of the new process path name of
361 the file do not exist or is a null pathname.
362
363 [ENOLINK] The path argument points to a remote machine and the
364 link to that machine is no longer active.
365
366 [ENOTDIR] A component of the new process path of the file prefix
367 is not a directory.
368
369 The exec functions, except for execlp() and execvp(), will fail if:
370
371 [ENOEXEC] The new process image file has the appropriate access
372 permission but is not in the proper format.
373
374 The fexecve() function will fail if:
375
376 [EBADF] The fd argument is not a valid file descriptor opened
377 for execute.
378
379
380 The exec functions except for fexecve() may fail if:
381
382 [ENAMETOOLONG] Pathname resolution of a symbolic link produced an
383 intermediate result whose length exceeds {PATH_MAX}.
384
385 [ENOMEM] The new process image requires more memory than is
386 allowed by the hardware or system-imposed by memory
387 management constraints. See brk(2).
388
389 [ETXTBSY] The new process image file is a pure procedure (shared
390 text) file that is currently open for writing by some
391 process.
392
393 USAGE
394 As the state of conversion descriptors and message catalogue descriptors
395 in the new process image is undefined, portable applications should not
396 rely on their use and should close them prior to calling one of the exec
397 functions.
398
399 Applications that require other than the default POSIX locale should call
400 setlocale(3C) with the appropriate parameters to establish the locale of
401 the new process.
402
403 The environ array should not be accessed directly by the application.
404 Instead, getenv(3C) should be used.
405
406 SEE ALSO
407 ps(1), sh(1), alarm(2), brk(2), chmod(2), exit(2), fcntl(2), fork(2),
408 getpflags(2), getrlimit(2), memcntl(2), mmap(2), nice(2), open(2),
409 priocntl(2), profil(2), semop(2), shmop(2), sigpending(2),
410 sigprocmask(2), times(2), umask(2), lockf(3C), ptrace(3C), setlocale(3C),
411 signal(3C), system(3C), timer_create(3C), fcntl.h(3HEAD),
412 signal.h(3HEAD), unistd.h(3HEAD), a.out(4), contract(4), process(4),
413 environ(5), privileges(5), standards(5)
414
415 INTERFACE STABILITY
416 Standard.
417
418 MT-LEVEL
419 The execle(), execve(), fexecve() functions are Async-Signal-Safe.
420
421 STANDARDS
422 These functions are available in the following compilation environments.
423 See standards(5).
424
425 execl(), execle(), execlp(), execv(), execve(), execvp()
426 IEEE Std 1003.1-1990 (POSIX.1)
427 X/Open Portability Guide Issue3 (XPG3)
428 X/Open Portability Guide Issue4 (XPG4)
429 X/Open Portability Guide Issue4, Version2 (XPG4.2)
430 Version2 of the Single UNIX Specification (SUSv2)
431 Version3 of the Single UNIX Specification (SUSv3)
432 IEEE Std 1003.1-2008 (POSIX.1)
433
434 fexecve()
435 IEEE Std 1003.1-2008 (POSIX.1)
436
437 WARNINGS
438 If a program is setuid to a user ID other than the superuser, and the
439 program is executed when the real user ID is super-user, then the program
440 has some of the powers of a super-user as well.
441
442 illumos September 19, 2014 illumos