2011-09-09 00:17:45 +00:00
|
|
|
.\" Copyright (C) 2011, Eric Biederman <ebiederm@xmission.com>
|
2016-06-17 21:07:09 +00:00
|
|
|
.\" and Copyright (C) 2011, 2012, Michael Kerrisk <mtk.manpages@gmail.com>
|
ldd.1, capget.2, clone.2, create_module.2, fallocate.2, futex.2, get_kernel_syms.2, get_thread_area.2, getcpu.2, getitimer.2, getpid.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_list.2, mkdir.2, mknod.2, pciconfig_read.2, pivot_root.2, posix_fadvise.2, query_module.2, sendfile.2, set_thread_area.2, setns.2, unshare.2, __setfpucw.3, a64l.3, addseverity.3, argz_add.3, bindresvport.3, cabs.3, cacos.3, cacosh.3, canonicalize_file_name.3, carg.3, casin.3, casinh.3, catan.3, catanh.3, ccos.3, ccosh.3, cerf.3, cexp.3, cexp2.3, cimag.3, clog.3, clog10.3, clog2.3, cmsg.3, conj.3, cpow.3, cproj.3, creal.3, csin.3, csinh.3, csqrt.3, ctan.3, ctanh.3, des_crypt.3, envz_add.3, fdim.3, fma.3, fmax.3, fmemopen.3, fmin.3, fmtmsg.3, fpclassify.3, gamma.3, getpt.3, getrpcent.3, getrpcport.3, getttyent.3, isgreater.3, key_setsecret.3, lgamma.3, malloc_hook.3, mempcpy.3, nan.3, netlink.3, nextafter.3, putgrent.3, remove.3, remquo.3, rpc.3, rtime.3, rtnetlink.3, setaliasent.3, setnetgrent.3, signbit.3, significand.3, sincos.3, stdin.3, tgamma.3, xcrypt.3, xdr.3, cciss.4, hpsa.4, mouse.4, pts.4, sk98lin.4, tty_ioctl.4, wavelan.4, hosts.equiv.5, rpc.5, tzfile.5, boot.7, complex.7, ddp.7, fifo.7, futex.7, icmp.7, ip.7, ipv6.7, netdevice.7, netlink.7, packet.7, raw.7, rtnetlink.7, socket.7, tcp.7, udp.7, unix.7, x25.7, sync.8: Global fix: Put copyright info at top of page, followed by blank line and LICENSE
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-03-10 09:29:51 +00:00
|
|
|
.\"
|
2013-03-10 09:29:10 +00:00
|
|
|
.\" %%%LICENSE_START(GPLv2_ONELINE)
|
2011-09-09 00:17:45 +00:00
|
|
|
.\" Licensed under the GPLv2
|
epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, fallocate.2, futex.2, getcpu.2, getitimer.2, ioctl_list.2, ioprio_set.2, migrate_pages.2, move_pages.2, pciconfig_read.2, sendfile.2, setns.2, signalfd.2, spu_create.2, spu_run.2, sysinfo.2, timerfd_create.2, backtrace.3, cmsg.3, error.3, getpt.3, getrpcent.3, getrpcport.3, getsubopt.3, offsetof.3, program_invocation_name.3, rpc.3, rpmatch.3, rtnetlink.3, xdr.3, cciss.4, hpsa.4, pts.4, charmap.5, dir_colors.5, elf.5, gai.conf.5, locale.5, nscd.conf.5, nss.5, resolv.conf.5, rpc.5, arp.7, cpuset.7, ddp.7, epoll.7, fifo.7, futex.7, icmp.7, ip.7, ipv6.7, mailaddr.7, netdevice.7, packet.7, raw.7, regex.7, rtnetlink.7, socket.7, spufs.7, tcp.7, udp.7, unix.7, x25.7, ldconfig.8, nscd.8: Global fix: s/END_LICENSE/LICENSE_END/
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-03-12 09:26:07 +00:00
|
|
|
.\" %%%LICENSE_END
|
2011-09-09 00:17:45 +00:00
|
|
|
.\"
|
locale.1, localedef.1, _exit.2, accept.2, access.2, acct.2, adjtimex.2, bdflush.2, bind.2, bpf.2, brk.2, chdir.2, chmod.2, chown.2, chroot.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_ctl.2, eventfd.2, execve.2, fallocate.2, fanotify_init.2, fcntl.2, flock.2, fork.2, fsync.2, futex.2, get_kernel_syms.2, getdomainname.2, getgroups.2, gethostname.2, getpagesize.2, getpeername.2, getsid.2, getsockname.2, getsockopt.2, gettimeofday.2, init_module.2, ioctl.2, ioctl_list.2, ioperm.2, iopl.2, kexec_load.2, kill.2, killpg.2, link.2, listen.2, llseek.2, lseek.2, madvise.2, memfd_create.2, mincore.2, mkdir.2, mknod.2, mmap.2, mount.2, nanosleep.2, nice.2, open.2, personality.2, pipe.2, poll.2, posix_fadvise.2, read.2, readahead.2, readlink.2, readv.2, recv.2, recvmmsg.2, rename.2, request_key.2, sched_setaffinity.2, sched_setattr.2, select.2, select_tut.2, semctl.2, semop.2, send.2, sendfile.2, sendmmsg.2, seteuid.2, setns.2, setpgid.2, setreuid.2, shutdown.2, sigaction.2, sigaltstack.2, signal.2, signalfd.2, sigpending.2, sigprocmask.2, sigsuspend.2, socketpair.2, splice.2, stat.2, statfs.2, stime.2, symlink.2, sync.2, syscall.2, syscalls.2, times.2, truncate.2, unlink.2, unshare.2, uselib.2, utimensat.2, vfork.2, vhangup.2, wait.2, wait4.2, write.2, a64l.3, abs.3, acos.3, acosh.3, addseverity.3, adjtime.3, aio_read.3, aio_write.3, asin.3, asinh.3, atan.3, atan2.3, atanh.3, atoi.3, backtrace.3, cbrt.3, ceil.3, cfree.3, clearenv.3, clock_getcpuclockid.3, clog10.3, cmsg.3, copysign.3, cos.3, cosh.3, ctermid.3, ctime.3, daemon.3, dirfd.3, div.3, dl_iterate_phdr.3, drand48.3, drand48_r.3, dysize.3, ecvt.3, ecvt_r.3, endian.3, erf.3, erfc.3, errno.3, exec.3, exp.3, exp2.3, expm1.3, fabs.3, fdim.3, ferror.3, fexecve.3, ffs.3, fgetgrent.3, fgetpwent.3, finite.3, flockfile.3, floor.3, fma.3, fmax.3, fmin.3, fmod.3, fopen.3, fpclassify.3, frexp.3, fseeko.3, fts.3, futimes.3, fwide.3, gamma.3, gcvt.3, getaddrinfo.3, getcwd.3, getdate.3, getdirentries.3, getdtablesize.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, gethostid.3, getline.3, getloadavg.3, getmntent.3, getnameinfo.3, getnetent_r.3, getpass.3, getprotoent_r.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent_r.3, getservent_r.3, getspnam.3, getsubopt.3, getusershell.3, getutent.3, getw.3, gsignal.3, hypot.3, ilogb.3, inet.3, initgroups.3, insque.3, isalpha.3, isgreater.3, iswblank.3, j0.3, ldexp.3, lgamma.3, lio_listio.3, lockf.3, log.3, log10.3, log1p.3, log2.3, logb.3, lrint.3, lround.3, makedev.3, matherr.3, mbsnrtowcs.3, mkdtemp.3, mkfifo.3, mkstemp.3, mktemp.3, modf.3, mq_close.3, mq_getattr.3, mq_notify.3, mq_receive.3, mq_send.3, nan.3, nextafter.3, on_exit.3, open_memstream.3, opendir.3, perror.3, popen.3, posix_fallocate.3, posix_madvise.3, posix_memalign.3, posix_openpt.3, posix_spawn.3, pow.3, printf.3, profil.3, psignal.3, pthread_attr_setstack.3, pthread_setaffinity_np.3, putenv.3, putpwent.3, qecvt.3, rand.3, random.3, random_r.3, rcmd.3, readdir.3, realpath.3, remainder.3, remquo.3, rexec.3, rint.3, round.3, rpc.3, rpmatch.3, scalb.3, scalbln.3, scandir.3, scanf.3, seekdir.3, sem_wait.3, setbuf.3, setenv.3, setjmp.3, setnetgrent.3, siginterrupt.3, signbit.3, significand.3, sigset.3, sigsetops.3, sigvec.3, sigwait.3, sin.3, sinh.3, sleep.3, sockatmark.3, sqrt.3, statvfs.3, stpcpy.3, stpncpy.3, strdup.3, strerror.3, strftime.3, strlen.3, strnlen.3, strsep.3, strsignal.3, strtod.3, strtok.3, strtol.3, strtoul.3, syslog.3, system.3, tan.3, tanh.3, telldir.3, tempnam.3, termios.3, tgamma.3, timegm.3, timeradd.3, tmpfile.3, tmpnam.3, toascii.3, trunc.3, ttyslot.3, tzset.3, ualarm.3, unlocked_stdio.3, usleep.3, wcpcpy.3, wcpncpy.3, wcscasecmp.3, wcsdup.3, wcsncasecmp.3, wcsnlen.3, wcsnrtombs.3, wprintf.3, y0.3, pts.4, st.4, tty_ioctl.4, elf.5, gai.conf.5, group.5, locale.5, nsswitch.conf.5, proc.5, utmp.5, aio.7, capabilities.7, credentials.7, environ.7, epoll.7, fanotify.7, feature_test_macros.7, inotify.7, ip.7, mq_overview.7, namespaces.7, pipe.7, signal.7, socket.7, standards.7, svipc.7, symlink.7, time.7, unicode.7, unix.7: tstamp
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-03-15 03:46:01 +00:00
|
|
|
.TH SETNS 2 2016-03-15 "Linux" "Linux Programmer's Manual"
|
2011-09-09 00:17:45 +00:00
|
|
|
.SH NAME
|
2011-10-03 06:33:39 +00:00
|
|
|
setns \- reassociate thread with a namespace
|
2011-09-09 00:17:45 +00:00
|
|
|
.SH SYNOPSIS
|
|
|
|
.nf
|
|
|
|
.BR "#define _GNU_SOURCE" " /* See feature_test_macros(7) */"
|
|
|
|
.B #include <sched.h>
|
|
|
|
.sp
|
|
|
|
.BI "int setns(int " fd ", int " nstype );
|
|
|
|
.fi
|
|
|
|
.SH DESCRIPTION
|
2011-09-09 00:28:35 +00:00
|
|
|
Given a file descriptor referring to a namespace,
|
2011-10-03 06:33:39 +00:00
|
|
|
reassociate the calling thread with that namespace.
|
2011-09-09 00:17:45 +00:00
|
|
|
|
2011-09-09 05:36:29 +00:00
|
|
|
The
|
|
|
|
.I fd
|
|
|
|
argument is a file descriptor referring to one of the namespace entries in a
|
|
|
|
.I /proc/[pid]/ns/
|
|
|
|
directory; see
|
2014-09-15 08:52:17 +00:00
|
|
|
.BR namespaces (7)
|
2011-10-04 06:34:28 +00:00
|
|
|
for further information on
|
2011-09-09 05:36:29 +00:00
|
|
|
.IR /proc/[pid]/ns/ .
|
2011-10-03 06:33:39 +00:00
|
|
|
The calling thread will be reassociated with the corresponding namespace,
|
2011-09-09 05:36:29 +00:00
|
|
|
subject to any constraints imposed by the
|
|
|
|
.I nstype
|
|
|
|
argument.
|
|
|
|
|
2011-09-09 00:17:45 +00:00
|
|
|
The
|
|
|
|
.I nstype
|
2011-09-09 00:28:35 +00:00
|
|
|
argument specifies which type of namespace
|
2011-10-03 06:33:39 +00:00
|
|
|
the calling thread may be reassociated with.
|
2011-09-09 00:43:49 +00:00
|
|
|
This argument can have one of the following values:
|
2011-09-09 00:17:45 +00:00
|
|
|
.TP
|
|
|
|
.BR 0
|
2011-09-09 05:36:29 +00:00
|
|
|
Allow any type of namespace to be joined.
|
2011-09-09 00:17:45 +00:00
|
|
|
.TP
|
2016-04-28 12:26:25 +00:00
|
|
|
.BR CLONE_NEWCGROUP " (since Linux 4.6)"
|
|
|
|
.I fd
|
|
|
|
must refer to a cgroup namespace.
|
|
|
|
.TP
|
2013-01-16 01:11:01 +00:00
|
|
|
.BR CLONE_NEWIPC " (since Linux 3.0)"
|
2011-09-09 05:36:29 +00:00
|
|
|
.I fd
|
|
|
|
must refer to an IPC namespace.
|
2011-09-09 00:17:45 +00:00
|
|
|
.TP
|
2013-01-16 01:11:01 +00:00
|
|
|
.BR CLONE_NEWNET " (since Linux 3.0)"
|
2011-09-09 05:36:29 +00:00
|
|
|
.I fd
|
|
|
|
must refer to a network namespace.
|
2011-09-09 00:17:45 +00:00
|
|
|
.TP
|
2013-01-16 01:11:01 +00:00
|
|
|
.BR CLONE_NEWNS " (since Linux 3.8)"
|
2012-12-27 10:32:14 +00:00
|
|
|
.I fd
|
|
|
|
must refer to a mount namespace.
|
|
|
|
.TP
|
2013-01-16 01:11:01 +00:00
|
|
|
.BR CLONE_NEWPID " (since Linux 3.8)"
|
2012-12-27 10:32:14 +00:00
|
|
|
.I fd
|
2015-01-02 18:04:42 +00:00
|
|
|
must refer to a descendant PID namespace.
|
2012-12-27 10:32:14 +00:00
|
|
|
.TP
|
2013-01-16 01:11:01 +00:00
|
|
|
.BR CLONE_NEWUSER " (since Linux 3.8)"
|
2012-12-27 10:32:14 +00:00
|
|
|
.I fd
|
|
|
|
must refer to a user namespace.
|
|
|
|
.TP
|
2013-01-16 01:11:01 +00:00
|
|
|
.BR CLONE_NEWUTS " (since Linux 3.0)"
|
2011-09-09 05:36:29 +00:00
|
|
|
.I fd
|
|
|
|
must refer to a UTS namespace.
|
2011-09-09 00:17:45 +00:00
|
|
|
.PP
|
2011-09-09 05:36:29 +00:00
|
|
|
Specifying
|
|
|
|
.I nstype
|
|
|
|
as 0 suffices if the caller knows (or does not care)
|
|
|
|
what type of namespace is referred to by
|
|
|
|
.IR fd .
|
|
|
|
Specifying a nonzero value for
|
|
|
|
.I nstype
|
|
|
|
is useful if the caller does not know what type of namespace is referred to by
|
|
|
|
.IR fd
|
|
|
|
and wants to ensure that the namespace is of a particular type.
|
|
|
|
(The caller might not know the type of the namespace referred to by
|
|
|
|
.IR fd
|
|
|
|
if the file descriptor was opened by another process and, for example,
|
|
|
|
passed to the caller via a UNIX domain socket.)
|
2012-12-27 10:32:14 +00:00
|
|
|
|
2013-01-01 03:11:15 +00:00
|
|
|
.B CLONE_NEWPID
|
|
|
|
behaves somewhat differently from the other
|
|
|
|
.I nstype
|
|
|
|
values:
|
2015-01-28 09:23:14 +00:00
|
|
|
reassociating the calling thread with a PID namespace changes only
|
2013-01-01 03:11:15 +00:00
|
|
|
the PID namespace that child processes of the caller will be created in;
|
|
|
|
it does not change the PID namespace of the caller itself.
|
2015-01-28 09:23:14 +00:00
|
|
|
Reassociating with a PID namespace is allowed only if the
|
2012-12-27 11:09:19 +00:00
|
|
|
PID namespace specified by
|
2012-12-27 10:32:14 +00:00
|
|
|
.IR fd
|
2013-01-01 03:11:15 +00:00
|
|
|
is a descendant (child, grandchild, etc.)
|
2013-01-16 00:51:08 +00:00
|
|
|
of the PID namespace of the caller.
|
2013-03-22 07:18:07 +00:00
|
|
|
For further details on PID namespaces, see
|
2014-09-15 08:53:18 +00:00
|
|
|
.BR pid_namespaces (7).
|
2012-12-27 10:32:14 +00:00
|
|
|
|
2013-03-22 07:12:15 +00:00
|
|
|
A process reassociating itself with a user namespace must have the
|
|
|
|
.B CAP_SYS_ADMIN
|
|
|
|
.\" See kernel/user_namespace.c:userns_install() [3.8 source]
|
|
|
|
capability in the target user namespace.
|
|
|
|
Upon successfully joining a user namespace,
|
|
|
|
a process is granted all capabilities in that namespace,
|
|
|
|
regardless of its user and group IDs.
|
2013-03-07 08:44:32 +00:00
|
|
|
A multithreaded process may not change user namespace with
|
2012-12-27 11:09:19 +00:00
|
|
|
.BR setns ().
|
2013-01-07 09:49:43 +00:00
|
|
|
It is not permitted to use
|
|
|
|
.BR setns ()
|
|
|
|
to reenter the caller's current user namespace.
|
|
|
|
This prevents a caller that has dropped capabilities from regaining
|
|
|
|
those capabilities via a call to
|
|
|
|
.BR setns ().
|
2013-03-22 12:18:52 +00:00
|
|
|
For security reasons,
|
|
|
|
.\" commit e66eded8309ebf679d3d3c1f5820d1f2ca332c71
|
|
|
|
.\" https://lwn.net/Articles/543273/
|
|
|
|
a process can't join a new user namespace if it is sharing
|
2014-03-16 06:42:35 +00:00
|
|
|
filesystem-related attributes
|
2013-03-22 12:18:52 +00:00
|
|
|
(the attributes whose sharing is controlled by the
|
|
|
|
.BR clone (2)
|
|
|
|
.B CLONE_FS
|
|
|
|
flag) with another process.
|
2013-03-22 12:12:49 +00:00
|
|
|
For further details on user namespaces, see
|
2013-03-22 07:12:15 +00:00
|
|
|
.BR user_namespaces (7).
|
2012-12-27 10:32:14 +00:00
|
|
|
|
|
|
|
A process may not be reassociated with a new mount namespace if it is
|
2013-03-07 08:44:32 +00:00
|
|
|
multithreaded.
|
2012-12-31 22:41:31 +00:00
|
|
|
.\" Above check is in fs/namespace.c:mntns_install() [3.8 source]
|
|
|
|
Changing the mount namespace requires that the caller possess both
|
2012-12-27 11:09:19 +00:00
|
|
|
.B CAP_SYS_CHROOT
|
|
|
|
and
|
2014-09-21 09:24:24 +00:00
|
|
|
.BR CAP_SYS_ADMIN
|
2013-01-07 09:06:27 +00:00
|
|
|
capabilities in its own user namespace and
|
2014-09-21 09:24:24 +00:00
|
|
|
.BR CAP_SYS_ADMIN
|
2013-01-07 09:06:27 +00:00
|
|
|
in the target mount namespace.
|
2014-09-15 08:59:30 +00:00
|
|
|
See
|
|
|
|
.BR user_namespaces (7)
|
|
|
|
for details on the interaction of user namespaces and mount namespaces.
|
2016-04-28 12:26:25 +00:00
|
|
|
|
|
|
|
Using
|
|
|
|
.BR setns ()
|
|
|
|
to change the caller's cgroup namespace does not change
|
|
|
|
the caller's cgroup memberships.
|
2011-09-09 00:17:45 +00:00
|
|
|
.SH RETURN VALUE
|
2011-09-09 05:36:29 +00:00
|
|
|
On success,
|
2015-01-16 07:01:01 +00:00
|
|
|
.BR setns ()
|
2011-09-09 05:36:29 +00:00
|
|
|
returns 0.
|
2011-09-09 00:17:45 +00:00
|
|
|
On failure, \-1 is returned and
|
|
|
|
.I errno
|
|
|
|
is set to indicate the error.
|
|
|
|
.SH ERRORS
|
|
|
|
.TP
|
|
|
|
.B EBADF
|
2011-09-09 00:28:35 +00:00
|
|
|
.I fd
|
|
|
|
is not a valid file descriptor.
|
2011-09-09 00:17:45 +00:00
|
|
|
.TP
|
|
|
|
.B EINVAL
|
2011-09-09 05:36:29 +00:00
|
|
|
.I fd
|
|
|
|
refers to a namespace whose type does not match that specified in
|
2013-03-22 12:14:22 +00:00
|
|
|
.IR nstype .
|
|
|
|
.TP
|
|
|
|
.B EINVAL
|
|
|
|
There is problem with reassociating
|
2011-10-03 06:33:39 +00:00
|
|
|
the thread with the specified namespace.
|
2011-09-09 00:17:45 +00:00
|
|
|
.TP
|
2015-01-02 18:04:42 +00:00
|
|
|
.\" See kernel/pid_namespace.c::pidns_install() [kernel 3.18 sources]
|
|
|
|
.B EINVAL
|
2015-03-03 08:50:24 +00:00
|
|
|
The caller tried to join an ancestor (parent, grandparent, and so on)
|
|
|
|
PID namespace.
|
2015-01-02 18:04:42 +00:00
|
|
|
.TP
|
2013-02-26 13:08:25 +00:00
|
|
|
.B EINVAL
|
|
|
|
The caller attempted to join the user namespace
|
|
|
|
in which it is already a member.
|
|
|
|
.TP
|
2014-06-02 12:07:50 +00:00
|
|
|
.B EINVAL
|
|
|
|
.\" commit e66eded8309ebf679d3d3c1f5820d1f2ca332c71
|
|
|
|
The caller shares filesystem
|
|
|
|
.RB ( CLONE_FS )
|
|
|
|
state (in particular, the root directory)
|
|
|
|
with other processes and tried to join a new user namespace.
|
|
|
|
.TP
|
|
|
|
.B EINVAL
|
|
|
|
.\" See kernel/user_namespace.c::userns_install() [kernel 3.15 sources]
|
|
|
|
The caller is multithreaded and tried to join a new user namespace.
|
|
|
|
.TP
|
2011-09-09 00:17:45 +00:00
|
|
|
.B ENOMEM
|
|
|
|
Cannot allocate sufficient memory to change the specified namespace.
|
|
|
|
.TP
|
|
|
|
.B EPERM
|
2013-02-26 13:10:40 +00:00
|
|
|
The calling thread did not have the required capability
|
2011-09-09 00:30:51 +00:00
|
|
|
for this operation.
|
2011-09-09 00:17:45 +00:00
|
|
|
.SH VERSIONS
|
|
|
|
The
|
|
|
|
.BR setns ()
|
faccessat.2, fchmodat.2, fchownat.2, fstatat.2, futimesat.2, inotify_init.2, linkat.2, mkdirat.2, mknodat.2, openat.2, readlinkat.2, renameat.2, setns.2, splice.2, symlinkat.2, sync.2, tee.2, unlinkat.2, vmsplice.2: Global fix: note glibc version that added library support
Reported-by: Lauri Kasanen <curaga@operamail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2012-05-04 04:09:11 +00:00
|
|
|
system call first appeared in Linux in kernel 3.0;
|
2013-01-16 01:11:01 +00:00
|
|
|
library support was added to glibc in version 2.14.
|
2011-09-09 00:17:45 +00:00
|
|
|
.SH CONFORMING TO
|
|
|
|
The
|
|
|
|
.BR setns ()
|
|
|
|
system call is Linux-specific.
|
|
|
|
.SH NOTES
|
2011-10-03 06:33:39 +00:00
|
|
|
Not all of the attributes that can be shared when
|
|
|
|
a new thread is created using
|
2011-09-09 00:17:45 +00:00
|
|
|
.BR clone (2)
|
|
|
|
can be changed using
|
|
|
|
.BR setns ().
|
2012-12-31 22:49:57 +00:00
|
|
|
.SH EXAMPLE
|
|
|
|
The program below takes two or more arguments.
|
|
|
|
The first argument specifies the pathname of a namespace file in an existing
|
|
|
|
.I /proc/[pid]/ns/
|
|
|
|
directory.
|
|
|
|
The remaining arguments specify a command and its arguments.
|
|
|
|
The program opens the namespace file, joins that namespace using
|
|
|
|
.BR setns (),
|
|
|
|
and executes the specified command inside that namespace.
|
|
|
|
|
|
|
|
The following shell session demonstrates the use of this program
|
|
|
|
(compiled as a binary named
|
2013-01-03 02:43:38 +00:00
|
|
|
.IR ns_exec )
|
2012-12-31 22:49:57 +00:00
|
|
|
in conjunction with the
|
|
|
|
.BR CLONE_NEWUTS
|
|
|
|
example program in the
|
|
|
|
.BR clone (2)
|
|
|
|
man page (complied as a binary named
|
|
|
|
.IR newuts ).
|
|
|
|
|
|
|
|
We begin by executing the example program in
|
|
|
|
.BR clone (2)
|
|
|
|
in the background.
|
|
|
|
That program creates a child in a separate UTS namespace.
|
2013-02-24 14:25:01 +00:00
|
|
|
The child changes the hostname in its namespace,
|
2012-12-31 22:49:57 +00:00
|
|
|
and then both processes display the hostnames in their UTS namespaces,
|
|
|
|
so that we can see that they are different.
|
|
|
|
|
|
|
|
.nf
|
|
|
|
.in +4n
|
|
|
|
$ \fBsu\fP # Need privilege for namespace operations
|
2013-01-27 20:28:25 +00:00
|
|
|
Password:
|
2012-12-31 22:49:57 +00:00
|
|
|
# \fB./newuts bizarro &\fP
|
|
|
|
[1] 3549
|
|
|
|
clone() returned 3550
|
|
|
|
uts.nodename in child: bizarro
|
|
|
|
uts.nodename in parent: antero
|
2013-09-05 11:08:35 +00:00
|
|
|
# \fBuname \-n\fP # Verify hostname in the shell
|
2012-12-31 22:49:57 +00:00
|
|
|
antero
|
|
|
|
.in
|
|
|
|
.fi
|
|
|
|
|
|
|
|
We then run the program shown below,
|
|
|
|
using it to execute a shell.
|
|
|
|
Inside that shell, we verify that the hostname is the one
|
|
|
|
set by the child created by the first program:
|
|
|
|
|
|
|
|
.nf
|
|
|
|
.in +4n
|
2013-01-03 02:43:38 +00:00
|
|
|
# \fB./ns_exec /proc/3550/ns/uts /bin/bash\fP
|
2013-09-05 11:08:35 +00:00
|
|
|
# \fBuname \-n\fP # Executed in shell started by ns_exec
|
2012-12-31 22:49:57 +00:00
|
|
|
bizarro
|
|
|
|
.in
|
|
|
|
.fi
|
|
|
|
.SS Program source
|
|
|
|
.nf
|
|
|
|
#define _GNU_SOURCE
|
|
|
|
#include <fcntl.h>
|
|
|
|
#include <sched.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
|
|
|
|
#define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \\
|
|
|
|
} while (0)
|
|
|
|
|
|
|
|
int
|
|
|
|
main(int argc, char *argv[])
|
|
|
|
{
|
|
|
|
int fd;
|
|
|
|
|
|
|
|
if (argc < 3) {
|
|
|
|
fprintf(stderr, "%s /proc/PID/ns/FILE cmd args...\\n", argv[0]);
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
|
2016-01-01 10:45:50 +00:00
|
|
|
fd = open(argv[1], O_RDONLY); /* Get file descriptor for namespace */
|
2012-12-31 22:49:57 +00:00
|
|
|
if (fd == \-1)
|
|
|
|
errExit("open");
|
|
|
|
|
2014-09-15 08:56:31 +00:00
|
|
|
if (setns(fd, 0) == \-1) /* Join that namespace */
|
2012-12-31 22:49:57 +00:00
|
|
|
errExit("setns");
|
|
|
|
|
2014-09-15 08:56:31 +00:00
|
|
|
execvp(argv[2], &argv[2]); /* Execute a command in namespace */
|
2012-12-31 22:49:57 +00:00
|
|
|
errExit("execvp");
|
|
|
|
}
|
|
|
|
.fi
|
2011-09-09 00:17:45 +00:00
|
|
|
.SH SEE ALSO
|
|
|
|
.BR clone (2),
|
|
|
|
.BR fork (2),
|
2013-01-01 00:10:45 +00:00
|
|
|
.BR unshare (2),
|
2011-09-09 02:04:42 +00:00
|
|
|
.BR vfork (2),
|
2013-01-13 23:18:46 +00:00
|
|
|
.BR namespaces (7),
|
2011-09-09 05:36:29 +00:00
|
|
|
.BR unix (7)
|