pid_t spawn(const char *path, int path_len, char *const argv[], int argv_len, char *const envp[], int envp_len, uint64_t *caps);
This syscall spawns a child process in a way similar to what a
clone+exec could be used for, but more efficiently, given it
doesn’t need to copy the address space just to overwrite it, and only forking
the first 3 standard file descriptors instead all of them.
The argument caps, if not NULL, points to a capability set in
the same format as mac_capabilities. This can be useful for deescalating
capabilities in the same convenient way as a call to mac_capabilities in
between clone and exec could.
The syscall returns the created PID on success and 0 on failure, with
the errno codes being:
EAGAIN: The system could not create the process right now.
EFAULT: One or more of the passed arguments point to invalid memory.
EACCES: MAC disallowed this.