2007-11-21 18:22:29 +00:00
|
|
|
.\" Copyright (C) 2006, Janak Desai <janak@us.ibm.com>
|
|
|
|
.\" and Copyright (C) 2006, Michael Kerrisk <mtk.manpages@gmail.com>
|
ldd.1, capget.2, clone.2, create_module.2, fallocate.2, futex.2, get_kernel_syms.2, get_thread_area.2, getcpu.2, getitimer.2, getpid.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_list.2, mkdir.2, mknod.2, pciconfig_read.2, pivot_root.2, posix_fadvise.2, query_module.2, sendfile.2, set_thread_area.2, setns.2, unshare.2, __setfpucw.3, a64l.3, addseverity.3, argz_add.3, bindresvport.3, cabs.3, cacos.3, cacosh.3, canonicalize_file_name.3, carg.3, casin.3, casinh.3, catan.3, catanh.3, ccos.3, ccosh.3, cerf.3, cexp.3, cexp2.3, cimag.3, clog.3, clog10.3, clog2.3, cmsg.3, conj.3, cpow.3, cproj.3, creal.3, csin.3, csinh.3, csqrt.3, ctan.3, ctanh.3, des_crypt.3, envz_add.3, fdim.3, fma.3, fmax.3, fmemopen.3, fmin.3, fmtmsg.3, fpclassify.3, gamma.3, getpt.3, getrpcent.3, getrpcport.3, getttyent.3, isgreater.3, key_setsecret.3, lgamma.3, malloc_hook.3, mempcpy.3, nan.3, netlink.3, nextafter.3, putgrent.3, remove.3, remquo.3, rpc.3, rtime.3, rtnetlink.3, setaliasent.3, setnetgrent.3, signbit.3, significand.3, sincos.3, stdin.3, tgamma.3, xcrypt.3, xdr.3, cciss.4, hpsa.4, mouse.4, pts.4, sk98lin.4, tty_ioctl.4, wavelan.4, hosts.equiv.5, rpc.5, tzfile.5, boot.7, complex.7, ddp.7, fifo.7, futex.7, icmp.7, ip.7, ipv6.7, netdevice.7, netlink.7, packet.7, raw.7, rtnetlink.7, socket.7, tcp.7, udp.7, unix.7, x25.7, sync.8: Global fix: Put copyright info at top of page, followed by blank line and LICENSE
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-03-10 09:29:51 +00:00
|
|
|
.\"
|
2013-03-10 09:28:50 +00:00
|
|
|
.\" %%%LICENSE_START(GPL_NOVERSION_ONELINE)
|
2006-03-20 21:29:29 +00:00
|
|
|
.\" Licensed under the GPL
|
2013-03-10 09:28:50 +00:00
|
|
|
.\" %%%LICENSE_END
|
2006-03-20 21:29:29 +00:00
|
|
|
.\"
|
2006-07-04 13:26:13 +00:00
|
|
|
.\" Patch Justification:
|
2007-04-12 22:42:49 +00:00
|
|
|
.\" unshare system call is needed to implement, using PAM,
|
|
|
|
.\" per-security_context and/or per-user namespace to provide
|
|
|
|
.\" polyinstantiated directories. Using unshare and bind mounts, a
|
|
|
|
.\" PAM module can create private namespace with appropriate
|
|
|
|
.\" directories(based on user's security context) bind mounted on
|
|
|
|
.\" public directories such as /tmp, thus providing an instance of
|
|
|
|
.\" /tmp that is based on user's security context. Without the
|
|
|
|
.\" unshare system call, namespace separation can only be achieved
|
|
|
|
.\" by clone, which would require porting and maintaining all commands
|
|
|
|
.\" such as login, and su, that establish a user session.
|
2006-07-04 13:26:13 +00:00
|
|
|
.\"
|
2013-01-01 00:25:22 +00:00
|
|
|
.TH UNSHARE 2 2012-12-31 "Linux" "Linux Programmer's Manual"
|
2006-03-20 21:29:29 +00:00
|
|
|
.SH NAME
|
|
|
|
unshare \- disassociate parts of the process execution context
|
|
|
|
.SH SYNOPSIS
|
|
|
|
.nf
|
2010-10-03 15:44:31 +00:00
|
|
|
.BR "#define _GNU_SOURCE" " /* See feature_test_macros(7) */"
|
2007-07-08 12:11:40 +00:00
|
|
|
.\" Actually _BSD_SOURCE || _SVID_SOURCE
|
2012-03-28 23:41:02 +00:00
|
|
|
.\" FIXME See http://sources.redhat.com/bugzilla/show_bug.cgi?id=4749
|
2006-03-20 21:29:29 +00:00
|
|
|
.B #include <sched.h>
|
|
|
|
.sp
|
|
|
|
.BI "int unshare(int " flags );
|
|
|
|
.fi
|
|
|
|
.SH DESCRIPTION
|
2007-04-12 22:42:49 +00:00
|
|
|
.BR unshare ()
|
2006-03-20 21:29:29 +00:00
|
|
|
allows a process to disassociate parts of its execution
|
2007-04-12 22:42:49 +00:00
|
|
|
context that are currently being shared with other processes.
|
2008-11-20 16:04:07 +00:00
|
|
|
Part of the execution context, such as the mount namespace, is shared
|
2007-04-12 22:42:49 +00:00
|
|
|
implicitly when a new process is created using
|
2006-03-20 21:29:29 +00:00
|
|
|
.BR fork (2)
|
|
|
|
or
|
2007-04-12 22:42:49 +00:00
|
|
|
.BR vfork (2),
|
2006-03-20 21:29:29 +00:00
|
|
|
while other parts, such as virtual memory, may be
|
2007-04-12 22:42:49 +00:00
|
|
|
shared by explicit request when creating a process using
|
2006-03-20 21:29:29 +00:00
|
|
|
.BR clone (2).
|
|
|
|
|
2007-04-12 22:42:49 +00:00
|
|
|
The main use of
|
2006-03-20 21:29:29 +00:00
|
|
|
.BR unshare ()
|
|
|
|
is to allow a process to control its
|
|
|
|
shared execution context without creating a new process.
|
|
|
|
|
2007-04-12 22:42:49 +00:00
|
|
|
The
|
|
|
|
.I flags
|
|
|
|
argument is a bit mask that specifies which parts of
|
|
|
|
the execution context should be unshared.
|
2006-03-20 21:29:29 +00:00
|
|
|
This argument is specified by ORing together zero or more
|
|
|
|
of the following constants:
|
|
|
|
.TP
|
|
|
|
.B CLONE_FILES
|
|
|
|
Reverse the effect of the
|
|
|
|
.BR clone (2)
|
|
|
|
.B CLONE_FILES
|
|
|
|
flag.
|
2007-04-12 22:42:49 +00:00
|
|
|
Unshare the file descriptor table, so that the calling process
|
2006-03-20 21:29:29 +00:00
|
|
|
no longer shares its file descriptors with any other process.
|
|
|
|
.TP
|
|
|
|
.B CLONE_FS
|
|
|
|
Reverse the effect of the
|
|
|
|
.BR clone (2)
|
2007-04-12 22:42:49 +00:00
|
|
|
.B CLONE_FS
|
2006-03-20 21:29:29 +00:00
|
|
|
flag.
|
2007-04-12 22:42:49 +00:00
|
|
|
Unshare file system attributes, so that the calling process
|
2013-01-01 00:28:28 +00:00
|
|
|
no longer shares its root directory
|
|
|
|
.RB ( chroot (2)),
|
|
|
|
current directory
|
|
|
|
.RB ( chdir (2)),
|
|
|
|
or umask
|
|
|
|
.RB ( umask (2))
|
|
|
|
attributes with any other process.
|
2006-03-20 21:29:29 +00:00
|
|
|
.TP
|
2010-10-24 14:14:09 +00:00
|
|
|
.BR CLONE_NEWIPC " (since Linux 2.6.19)
|
|
|
|
This flag has the same effect as the
|
|
|
|
.BR clone (2)
|
|
|
|
.B CLONE_NEWIPC
|
|
|
|
flag.
|
|
|
|
Unshare the System V IPC namespace,
|
|
|
|
so that the calling process has a private copy of the
|
|
|
|
System V IPC namespace which is not shared with any other process.
|
|
|
|
Specifying this flag automatically implies
|
|
|
|
.BR CLONE_SYSVSEM
|
|
|
|
as well.
|
|
|
|
Use of
|
|
|
|
.BR CLONE_NEWIPC
|
|
|
|
requires the
|
|
|
|
.BR CAP_SYS_ADMIN
|
|
|
|
capability.
|
|
|
|
.TP
|
2010-10-24 14:32:50 +00:00
|
|
|
.BR CLONE_NEWNET " (since Linux 2.6.24)
|
|
|
|
This flag has the same effect as the
|
|
|
|
.BR clone (2)
|
|
|
|
.B CLONE_NEWNET
|
|
|
|
flag.
|
|
|
|
Unshare the network namespace,
|
2010-10-30 05:52:36 +00:00
|
|
|
so that the calling process is moved into a
|
|
|
|
new network namespace which is not shared
|
|
|
|
with any previously existing process.
|
2013-01-01 00:29:12 +00:00
|
|
|
Use of
|
2010-10-24 14:32:50 +00:00
|
|
|
.BR CLONE_NEWNET
|
|
|
|
requires the
|
|
|
|
.BR CAP_SYS_ADMIN
|
|
|
|
capability.
|
|
|
|
.TP
|
2006-03-20 21:29:29 +00:00
|
|
|
.B CLONE_NEWNS
|
|
|
|
.\" These flag name are inconsistent:
|
2007-04-12 22:42:49 +00:00
|
|
|
.\" CLONE_NEWNS does the same thing in clone(), but CLONE_VM,
|
2006-03-20 21:29:29 +00:00
|
|
|
.\" CLONE_FS, and CLONE_FILES reverse the action of the clone()
|
|
|
|
.\" flags of the same name.
|
2010-10-24 13:59:48 +00:00
|
|
|
This flag has the same effect as the
|
2006-03-20 21:29:29 +00:00
|
|
|
.BR clone (2)
|
|
|
|
.B CLONE_NEWNS
|
|
|
|
flag.
|
2008-11-20 16:04:07 +00:00
|
|
|
Unshare the mount namespace,
|
2008-11-19 19:23:47 +00:00
|
|
|
so that the calling process has a private copy of
|
2006-03-20 21:29:29 +00:00
|
|
|
its namespace which is not shared with any other process.
|
|
|
|
Specifying this flag automatically implies
|
|
|
|
.B CLONE_FS
|
|
|
|
as well.
|
2010-10-24 14:02:24 +00:00
|
|
|
Use of
|
|
|
|
.BR CLONE_NEWNS
|
|
|
|
requires the
|
|
|
|
.BR CAP_SYS_ADMIN
|
|
|
|
capability.
|
2010-10-24 14:18:12 +00:00
|
|
|
.TP
|
2013-01-01 10:06:23 +00:00
|
|
|
.BR CLONE_NEWUTS " (since Linux 2.6.19)
|
|
|
|
This flag has the same effect as the
|
|
|
|
.BR clone (2)
|
|
|
|
.B CLONE_NEWUTS
|
|
|
|
flag.
|
|
|
|
Unshare the UTS IPC namespace,
|
|
|
|
so that the calling process has a private copy of the
|
|
|
|
UTS namespace which is not shared with any other process.
|
|
|
|
Use of
|
|
|
|
.BR CLONE_NEWUTS
|
|
|
|
requires the
|
|
|
|
.BR CAP_SYS_ADMIN
|
|
|
|
capability.
|
|
|
|
.TP
|
2010-10-24 14:18:12 +00:00
|
|
|
.BR CLONE_SYSVSEM " (since Linux 2.6.26)
|
2013-01-01 00:21:12 +00:00
|
|
|
.\" commit 9edff4ab1f8d82675277a04e359d0ed8bf14a7b7
|
2010-10-24 14:18:12 +00:00
|
|
|
This flag reverses the effect of the
|
|
|
|
.BR clone (2)
|
|
|
|
.B CLONE_SYSVSEM
|
|
|
|
flag.
|
|
|
|
Unshare System V semaphore undo values,
|
|
|
|
so that the calling process has a private copy
|
|
|
|
which is not shared with any other process.
|
|
|
|
Use of
|
|
|
|
.BR CLONE_SYSVSEM
|
|
|
|
requires the
|
|
|
|
.BR CAP_SYS_ADMIN
|
|
|
|
capability.
|
2006-03-20 21:29:29 +00:00
|
|
|
.\" As at 2.6.16, the following forced implications also apply,
|
2006-03-21 05:42:30 +00:00
|
|
|
.\" although the relevant flags are not yet implemented.
|
2006-03-20 21:29:29 +00:00
|
|
|
.\" If CLONE_THREAD is set force CLONE_VM.
|
2007-04-12 22:42:49 +00:00
|
|
|
.\" If CLONE_VM is set, force CLONE_SIGHAND.
|
2010-10-24 14:02:24 +00:00
|
|
|
.\" CLONE_NEWNSIf CLONE_SIGHAND is set and signals are also being shared
|
2006-03-20 21:29:29 +00:00
|
|
|
.\" (i.e., current->signal->count > 1), force CLONE_THREAD.
|
2006-03-21 05:42:30 +00:00
|
|
|
.\"
|
|
|
|
.\" FIXME . CLONE_VM is not (yet, as at 2.6.16) implemented.
|
|
|
|
.\" .TP
|
|
|
|
.\" .B CLONE_VM
|
|
|
|
.\" Reverse the effect of the
|
|
|
|
.\" .BR clone (2)
|
|
|
|
.\" .B CLONE_VM
|
|
|
|
.\" flag.
|
|
|
|
.\" .RB ( CLONE_VM
|
|
|
|
.\" is also implicitly set by
|
|
|
|
.\" .BR vfork (2),
|
|
|
|
.\" and can be reversed using this
|
|
|
|
.\" .BR unshare ()
|
|
|
|
.\" flag.)
|
2007-04-12 22:42:49 +00:00
|
|
|
.\" Unshare virtual memory, so that the calling process no
|
2006-03-21 05:42:30 +00:00
|
|
|
.\" longer shares its virtual address space with any other process.
|
|
|
|
.PP
|
2007-04-12 22:42:49 +00:00
|
|
|
If
|
2006-03-20 21:29:29 +00:00
|
|
|
.I flags
|
|
|
|
is specified as zero, then
|
|
|
|
.BR unshare ()
|
|
|
|
is a no-op;
|
|
|
|
no changes are made to the calling process's execution context.
|
|
|
|
.SH RETURN VALUE
|
2007-04-12 22:42:49 +00:00
|
|
|
On success, zero returned.
|
|
|
|
On failure, \-1 is returned and
|
|
|
|
.I errno
|
2006-03-20 21:29:29 +00:00
|
|
|
is set to indicate the error.
|
|
|
|
.SH ERRORS
|
|
|
|
.TP
|
2007-08-27 07:56:52 +00:00
|
|
|
.B EINVAL
|
|
|
|
An invalid bit was specified in
|
|
|
|
.IR flags .
|
|
|
|
.TP
|
|
|
|
.B ENOMEM
|
|
|
|
Cannot allocate sufficient memory to copy parts of caller's
|
|
|
|
context that need to be unshared.
|
|
|
|
.TP
|
2006-03-20 21:29:29 +00:00
|
|
|
.B EPERM
|
2010-10-24 14:02:24 +00:00
|
|
|
The calling process did not have the required privileges for this operation.
|
2007-05-16 04:39:23 +00:00
|
|
|
.SH VERSIONS
|
2006-03-20 21:29:29 +00:00
|
|
|
The
|
|
|
|
.BR unshare ()
|
|
|
|
system call was added to Linux in kernel 2.6.16.
|
2007-05-18 16:30:46 +00:00
|
|
|
.SH CONFORMING TO
|
|
|
|
The
|
|
|
|
.BR unshare ()
|
2007-12-25 21:28:09 +00:00
|
|
|
system call is Linux-specific.
|
2007-05-16 04:39:23 +00:00
|
|
|
.SH NOTES
|
2007-04-12 22:42:49 +00:00
|
|
|
Not all of the process attributes that can be shared when
|
2006-03-20 21:29:29 +00:00
|
|
|
a new process is created using
|
|
|
|
.BR clone (2)
|
|
|
|
can be unshared using
|
|
|
|
.BR unshare ().
|
2013-01-01 00:25:22 +00:00
|
|
|
In particular, as at kernel 3.8,
|
2012-12-05 16:21:14 +00:00
|
|
|
.\" FIXME all of the following needs to be reviewed for the current kernel
|
2007-04-12 22:42:49 +00:00
|
|
|
.BR unshare ()
|
2006-03-20 21:29:29 +00:00
|
|
|
does not implement flags that reverse the effects of
|
|
|
|
.BR CLONE_SIGHAND ,
|
2006-03-21 05:42:30 +00:00
|
|
|
.\" However, we can do unshare(CLONE_SIGHAND) if CLONE_SIGHAND
|
2006-03-20 21:29:29 +00:00
|
|
|
.\" was not specified when doing clone(); i.e., unsharing
|
|
|
|
.\" signal handlers is permitted if we are not actually
|
|
|
|
.\" sharing signal handlers. mtk
|
2006-03-21 05:42:30 +00:00
|
|
|
.BR CLONE_THREAD ,
|
|
|
|
or
|
|
|
|
.BR CLONE_VM .
|
2013-01-01 00:25:22 +00:00
|
|
|
.\" However, we can do unshare(CLONE_VM) if CLONE_VM
|
2006-03-21 05:42:30 +00:00
|
|
|
.\" was not specified when doing clone(); i.e., unsharing
|
|
|
|
.\" virtual memory is permitted if we are not actually
|
|
|
|
.\" sharing virtual memory. mtk
|
2006-03-20 21:29:29 +00:00
|
|
|
Such functionality may be added in the future, if required.
|
|
|
|
.\"
|
|
|
|
.\"9) Future Work
|
|
|
|
.\"--------------
|
|
|
|
.\"The current implementation of unshare does not allow unsharing of
|
|
|
|
.\"signals and signal handlers. Signals are complex to begin with and
|
|
|
|
.\"to unshare signals and/or signal handlers of a currently running
|
|
|
|
.\"process is even more complex. If in the future there is a specific
|
|
|
|
.\"need to allow unsharing of signals and/or signal handlers, it can
|
|
|
|
.\"be incrementally added to unshare without affecting legacy
|
|
|
|
.\"applications using unshare.
|
|
|
|
.\"
|
|
|
|
.SH SEE ALSO
|
2007-04-12 22:42:49 +00:00
|
|
|
.BR clone (2),
|
|
|
|
.BR fork (2),
|
2012-12-18 17:24:25 +00:00
|
|
|
.BR kcmp (2),
|
2013-01-01 00:08:39 +00:00
|
|
|
.BR setns (2),
|
arch_prctl.2, fcntl.2, flock.2, get_robust_list.2, getpriority.2, ioprio_set.2, migrate_pages.2, mmap.2, mremap.2, msync.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, select.2, socket.2, subpage_prot.2, unshare.2, btree.3, dbopen.3, dl_iterate_phdr.3, dlopen.3, getnameinfo.3, hash.3, lockf.3, netlink.3, recno.3, rpc.3, xdr.3, cciss.4, console_ioctl.4, hpsa.4, initrd.4, msr.4, rtc.4, st.4, hosts.5, services.5, tzfile.5, aio.7, arp.7, capabilities.7, cpuset.7, feature_test_macros.7, futex.7, inotify.7, ip.7, ipv6.7, iso_8859-16.7, iso_8859-2.7, koi8-r.7, math_error.7, netlink.7, packet.7, pthreads.7, raw.7, spufs.7, udplite.7, uri.7, x25.7: Global fix: Various consistency fixes for SEE ALSO
Coauthored-by: Michael Kerrisk <mtk.manpages@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2012-09-24 07:53:22 +00:00
|
|
|
.BR vfork (2)
|
|
|
|
|
|
|
|
.I Documentation/unshare.txt
|
|
|
|
in the Linux kernel source tree
|