2007-11-21 18:22:29 +00:00
|
|
|
.\" Copyright (C) 2006, Janak Desai <janak@us.ibm.com>
|
2013-01-10 20:20:05 +00:00
|
|
|
.\" and Copyright (C) 2006, 2012 Michael Kerrisk <mtk.manpages@gmail.com>
|
ldd.1, capget.2, clone.2, create_module.2, fallocate.2, futex.2, get_kernel_syms.2, get_thread_area.2, getcpu.2, getitimer.2, getpid.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_list.2, mkdir.2, mknod.2, pciconfig_read.2, pivot_root.2, posix_fadvise.2, query_module.2, sendfile.2, set_thread_area.2, setns.2, unshare.2, __setfpucw.3, a64l.3, addseverity.3, argz_add.3, bindresvport.3, cabs.3, cacos.3, cacosh.3, canonicalize_file_name.3, carg.3, casin.3, casinh.3, catan.3, catanh.3, ccos.3, ccosh.3, cerf.3, cexp.3, cexp2.3, cimag.3, clog.3, clog10.3, clog2.3, cmsg.3, conj.3, cpow.3, cproj.3, creal.3, csin.3, csinh.3, csqrt.3, ctan.3, ctanh.3, des_crypt.3, envz_add.3, fdim.3, fma.3, fmax.3, fmemopen.3, fmin.3, fmtmsg.3, fpclassify.3, gamma.3, getpt.3, getrpcent.3, getrpcport.3, getttyent.3, isgreater.3, key_setsecret.3, lgamma.3, malloc_hook.3, mempcpy.3, nan.3, netlink.3, nextafter.3, putgrent.3, remove.3, remquo.3, rpc.3, rtime.3, rtnetlink.3, setaliasent.3, setnetgrent.3, signbit.3, significand.3, sincos.3, stdin.3, tgamma.3, xcrypt.3, xdr.3, cciss.4, hpsa.4, mouse.4, pts.4, sk98lin.4, tty_ioctl.4, wavelan.4, hosts.equiv.5, rpc.5, tzfile.5, boot.7, complex.7, ddp.7, fifo.7, futex.7, icmp.7, ip.7, ipv6.7, netdevice.7, netlink.7, packet.7, raw.7, rtnetlink.7, socket.7, tcp.7, udp.7, unix.7, x25.7, sync.8: Global fix: Put copyright info at top of page, followed by blank line and LICENSE
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-03-10 09:29:51 +00:00
|
|
|
.\"
|
2013-03-10 09:28:50 +00:00
|
|
|
.\" %%%LICENSE_START(GPL_NOVERSION_ONELINE)
|
2006-03-20 21:29:29 +00:00
|
|
|
.\" Licensed under the GPL
|
2013-03-10 09:28:50 +00:00
|
|
|
.\" %%%LICENSE_END
|
2006-03-20 21:29:29 +00:00
|
|
|
.\"
|
2006-07-04 13:26:13 +00:00
|
|
|
.\" Patch Justification:
|
2007-04-12 22:42:49 +00:00
|
|
|
.\" unshare system call is needed to implement, using PAM,
|
|
|
|
.\" per-security_context and/or per-user namespace to provide
|
|
|
|
.\" polyinstantiated directories. Using unshare and bind mounts, a
|
|
|
|
.\" PAM module can create private namespace with appropriate
|
|
|
|
.\" directories(based on user's security context) bind mounted on
|
|
|
|
.\" public directories such as /tmp, thus providing an instance of
|
|
|
|
.\" /tmp that is based on user's security context. Without the
|
|
|
|
.\" unshare system call, namespace separation can only be achieved
|
|
|
|
.\" by clone, which would require porting and maintaining all commands
|
|
|
|
.\" such as login, and su, that establish a user session.
|
2006-07-04 13:26:13 +00:00
|
|
|
.\"
|
_exit.2, alarm.2, chmod.2, clone.2, epoll_ctl.2, fcntl.2, fork.2, fsync.2, getdents.2, getpid.2, ioctl.2, ioctl_console.2, ioctl_list.2, ioctl_ns.2, ioctl_tty.2, ioctl_userfaultfd.2, kexec_load.2, lseek.2, mincore.2, mkdir.2, mknod.2, mmap.2, open.2, poll.2, posix_fadvise.2, prctl.2, rename.2, sched_setaffinity.2, select.2, select_tut.2, sigaction.2, signalfd.2, sigprocmask.2, sigwaitinfo.2, socketcall.2, stat.2, statx.2, syscalls.2, truncate.2, umask.2, unshare.2, userfaultfd.2, utime.2, utimensat.2, wait.2, bzero.3, cfree.3, exit.3, getentropy.3, grantpt.3, insque.3, shm_open.3, syslog.3, termios.3, ttyname.3, wcsdup.3, console_codes.4, tty.4, vcs.4, elf.5, nsswitch.conf.5, proc.5, slabinfo.5, tmpfs.5, bootparam.7, environ.7, hostname.7, inotify.7, mailaddr.7, man-pages.7, namespaces.7, pid_namespaces.7, pthreads.7, pty.7, sem_overview.7, signal.7, socket.7, tcp.7, termio.7, user_namespaces.7, xattr.7, ld.so.8, zdump.8: tstamp
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-05-03 17:27:48 +00:00
|
|
|
.TH UNSHARE 2 2017-05-03 "Linux" "Linux Programmer's Manual"
|
2006-03-20 21:29:29 +00:00
|
|
|
.SH NAME
|
|
|
|
unshare \- disassociate parts of the process execution context
|
|
|
|
.SH SYNOPSIS
|
|
|
|
.nf
|
2016-02-12 12:57:24 +00:00
|
|
|
.B #define _GNU_SOURCE
|
2006-03-20 21:29:29 +00:00
|
|
|
.B #include <sched.h>
|
_exit.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chroot.2, clock_getres.2, clock_nanosleep.2, close.2, connect.2, create_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, exit_group.2, fanotify_mark.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpid.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, getxattr.2, idle.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, ioctl.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_getfsmap.2, ioctl_tty.2, ioperm.2, iopl.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, mount.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, pause.2, pciconfig_read.2, perf_event_open.2, perfmonctl.2, personality.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, read.2, readahead.2, readdir.2, readv.2, reboot.2, recv.2, remap_file_pages.2, removexattr.2, rename.2, request_key.2, rmdir.2, rt_sigqueueinfo.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, set_mempolicy.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, setup.2, setxattr.2, sgetmask.2, shmctl.2, shmget.2, shutdown.2, sigaction.2, sigaltstack.2, sigpending.2, sigprocmask.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, stat.2, statfs.2, stime.2, swapon.2, symlink.2, sync.2, sysctl.2, sysinfo.2, syslog.2, time.2, timer_create.2, timer_delete.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, uname.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, ustat.2, utime.2, utimensat.2, vfork.2, vhangup.2, vm86.2, wait.2, wait4.2, write.2, CPU_SET.3, INFINITY.3, __ppc_get_timebase.3, __ppc_set_ppr_med.3, __ppc_yield.3, __setfpucw.3, a64l.3, abort.3, abs.3, acos.3, acosh.3, addseverity.3, adjtime.3, aio_cancel.3, aio_error.3, aio_fsync.3, aio_init.3, aio_read.3, aio_return.3, aio_suspend.3, aio_write.3, alloca.3, argz_add.3, asin.3, asinh.3, asprintf.3, assert.3, assert_perror.3, atan.3, atan2.3, atanh.3, atexit.3, atof.3, atoi.3, basename.3, bcmp.3, bcopy.3, bsd_signal.3, bsearch.3, bstring.3, btowc.3, byteorder.3, cabs.3, cacos.3, cacosh.3, canonicalize_file_name.3, carg.3, casin.3, casinh.3, catan.3, catanh.3, catopen.3, cbrt.3, ccos.3, ccosh.3, ceil.3, cexp.3, cexp2.3, cfree.3, cimag.3, clearenv.3, clock.3, clock_getcpuclockid.3, clog.3, clog10.3, clog2.3, closedir.3, cmsg.3, confstr.3, conj.3, copysign.3, cos.3, cosh.3, cpow.3, cproj.3, creal.3, crypt.3, csin.3, csinh.3, csqrt.3, ctan.3, ctanh.3, ctermid.3, ctime.3, daemon.3, difftime.3, dirfd.3, div.3, dlerror.3, dlopen.3, dlsym.3, drand48.3, drand48_r.3, duplocale.3, dysize.3, ecvt.3, ecvt_r.3, encrypt.3, endian.3, erf.3, erfc.3, err.3, errno.3, ether_aton.3, euidaccess.3, exec.3, exit.3, exp.3, exp10.3, exp2.3, expm1.3, fabs.3, fclose.3, fcloseall.3, fdim.3, fenv.3, ferror.3, fexecve.3, fflush.3, ffs.3, fgetc.3, fgetgrent.3, fgetpwent.3, fgetwc.3, fgetws.3, finite.3, flockfile.3, floor.3, fma.3, fmax.3, fmemopen.3, fmin.3, fmod.3, fmtmsg.3, fnmatch.3, fopen.3, fpathconf.3, fpclassify.3, fpurge.3, fputwc.3, fputws.3, fread.3, frexp.3, fseek.3, fseeko.3, ftime.3, ftok.3, fts.3, ftw.3, futimes.3, fwide.3, gamma.3, gcvt.3, get_nprocs_conf.3, get_phys_pages.3, getaddrinfo.3, getaddrinfo_a.3, getauxval.3, getcontext.3, getcwd.3, getdate.3, getdirentries.3, getdtablesize.3, getentropy.3, getenv.3, getfsent.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, gethostid.3, getifaddrs.3, getipnodebyname.3, getline.3, getloadavg.3, getlogin.3, getmntent.3, getnameinfo.3, getnetent.3, getnetent_r.3, getopt.3, getpass.3, getprotoent.3, getprotoent_r.3, getpt.3, getpw.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent_r.3, getrpcport.3, gets.3, getservent.3, getservent_r.3, getspnam.3, getsubopt.3, getttyent.3, getumask.3, getusershell.3, getutent.3, getw.3, getwchar.3, glob.3, grantpt.3, group_member.3, gsignal.3, hsearch.3, hypot.3, iconv.3, iconv_close.3, iconv_open.3, if_nameindex.3, if_nametoindex.3, ilogb.3, index.3, inet.3, inet_net_pton.3, inet_ntop.3, infnan.3, initgroups.3, insque.3, isalpha.3, isatty.3, isfdtype.3, isgreater.3, iswalnum.3, iswalpha.3, iswblank.3, iswcntrl.3, iswctype.3, iswdigit.3, iswgraph.3, iswlower.3, iswprint.3, iswpunct.3, iswspace.3, iswupper.3, iswxdigit.3, j0.3, key_setsecret.3, killpg.3, ldexp.3, lgamma.3, localeconv.3, lockf.3, log.3, log10.3, log1p.3, log2.3, logb.3, login.3, lrint.3, lround.3, lsearch.3, lseek64.3, makecontext.3, malloc.3, malloc_get_state.3, malloc_hook.3, malloc_info.3, matherr.3, mblen.3, mbrlen.3, mbrtowc.3, mbsinit.3, mbsnrtowcs.3, mbsrtowcs.3, mbstowcs.3, mbtowc.3, mcheck.3, memccpy.3, memchr.3, memcmp.3, memcpy.3, memfrob.3, memmem.3, memmove.3, mempcpy.3, memset.3, mkdtemp.3, mkfifo.3, mkstemp.3, mktemp.3, modf.3, mpool.3, mq_close.3, mq_getattr.3, mq_notify.3, mq_open.3, mq_receive.3, mq_send.3, mq_unlink.3, mtrace.3, nan.3, netlink.3, newlocale.3, nextafter.3, nl_langinfo.3, offsetof.3, on_exit.3, open_memstream.3, opendir.3, openpty.3, perror.3, popen.3, posix_fallocate.3, posix_madvise.3, posix_memalign.3, posix_openpt.3, pow.3, pow10.3, printf.3, profil.3, psignal.3, pthread_atfork.3, pthread_attr_init.3, pthread_attr_setaffinity_np.3, pthread_attr_setdetachstate.3, pthread_attr_setguardsize.3, pthread_attr_setinheritsched.3, pthread_attr_setschedparam.3, pthread_attr_setschedpolicy.3, pthread_attr_setscope.3, pthread_attr_setstack.3, pthread_attr_setstackaddr.3, pthread_attr_setstacksize.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_cleanup_push_defer_np.3, pthread_create.3, pthread_detach.3, pthread_equal.3, pthread_exit.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_join.3, pthread_kill.3, pthread_rwlockattr_setkind_np.3, pthread_self.3, pthread_setaffinity_np.3, pthread_setcancelstate.3, pthread_setconcurrency.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_setschedprio.3, pthread_sigmask.3, pthread_sigqueue.3, pthread_testcancel.3, pthread_tryjoin_np.3, pthread_yield.3, ptsname.3, putenv.3, putgrent.3, putpwent.3, puts.3, putwchar.3, qecvt.3, qsort.3, raise.3, rand.3, random.3, random_r.3, rcmd.3, re_comp.3, readdir.3, realpath.3, remainder.3, remove.3, remquo.3, resolver.3, rewinddir.3, rexec.3, rint.3, round.3, rpmatch.3, rtime.3, rtnetlink.3, scalb.3, scalbln.3, scandir.3, scanf.3, sched_getcpu.3, seekdir.3, sem_close.3, sem_destroy.3, sem_getvalue.3, sem_init.3, sem_open.3, sem_post.3, sem_unlink.3, sem_wait.3, setaliasent.3, setbuf.3, setenv.3, setlocale.3, setlogmask.3, setnetgrent.3, shm_open.3, siginterrupt.3, signbit.3, significand.3, sigpause.3, sigqueue.3, sigset.3, sigvec.3, sigwait.3, sin.3, sincos.3, sinh.3, sleep.3, sockatmark.3, sqrt.3, statvfs.3, stdarg.3, stdio.3, stdio_ext.3, stpcpy.3, stpncpy.3, strcasecmp.3, strcat.3, strchr.3, strcmp.3, strcoll.3, strcpy.3, strdup.3, strerror.3, strfmon.3, strfromd.3, strfry.3, strftime.3, strlen.3, strnlen.3, strpbrk.3, strptime.3, strsep.3, strsignal.3, strspn.3, strstr.3, strtod.3, strtoimax.3, strtok.3, strtol.3, strtoul.3, strverscmp.3, strxfrm.3, swab.3, sysconf.3, syslog.3, system.3, sysv_signal.3, tan.3, tanh.3, tcgetpgrp.3, tcgetsid.3, telldir.3, tempnam.3, termios.3, tgamma.3, timegm.3, timeradd.3, tmpfile.3, tmpnam.3, toascii.3, toupper.3, towctrans.3, towlower.3, towupper.3, trunc.3, tsearch.3, ttyname.3, ttyslot.3, tzset.3, ualarm.3, ulimit.3, ungetwc.3, unlocked_stdio.3, unlockpt.3, updwtmp.3, uselocale.3, usleep.3, wcpcpy.3, wcpncpy.3, wcrtomb.3, wcscasecmp.3, wcscat.3, wcschr.3, wcscmp.3, wcscpy.3, wcscspn.3, wcsdup.3, wcslen.3, wcsncasecmp.3, wcsncat.3, wcsncmp.3, wcsncpy.3, wcsnlen.3, wcsnrtombs.3, wcspbrk.3, wcsrchr.3, wcsrtombs.3, wcsspn.3, wcsstr.3, wcstoimax.3, wcstok.3, wcstombs.3, wcswidth.3, wctob.3, wctomb.3, wctrans.3, wctype.3, wcwidth.3, wmemchr.3, wmemcmp.3, wmemcpy.3, wmemmove.3, wmemset.3, wordexp.3, wprintf.3, xcrypt.3, y0.3, dsp56k.4, random.4, rtc.4, st.4, ddp.7, ip.7, ipv6.7, packet.7, rtnetlink.7, socket.7, tcp.7, udp.7, udplite.7, x25.7: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-15 15:16:29 +00:00
|
|
|
.PP
|
2006-03-20 21:29:29 +00:00
|
|
|
.BI "int unshare(int " flags );
|
|
|
|
.fi
|
|
|
|
.SH DESCRIPTION
|
2007-04-12 22:42:49 +00:00
|
|
|
.BR unshare ()
|
2015-05-05 07:35:20 +00:00
|
|
|
allows a process (or thread) to disassociate parts of its execution
|
2015-08-08 08:04:37 +00:00
|
|
|
context that are currently being shared with other processes (or threads).
|
2008-11-20 16:04:07 +00:00
|
|
|
Part of the execution context, such as the mount namespace, is shared
|
2007-04-12 22:42:49 +00:00
|
|
|
implicitly when a new process is created using
|
2006-03-20 21:29:29 +00:00
|
|
|
.BR fork (2)
|
|
|
|
or
|
2007-04-12 22:42:49 +00:00
|
|
|
.BR vfork (2),
|
2006-03-20 21:29:29 +00:00
|
|
|
while other parts, such as virtual memory, may be
|
2015-05-05 07:35:20 +00:00
|
|
|
shared by explicit request when creating a process or thread using
|
2006-03-20 21:29:29 +00:00
|
|
|
.BR clone (2).
|
_syscall.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscalls.2, sysctl.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2: Formatting fix: replace blank lines with .PP/.IP
Blank lines shouldn't generally appear in *roff source (other
than in code examples), since they create large vertical
spaces between text blocks.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 07:30:51 +00:00
|
|
|
.PP
|
2007-04-12 22:42:49 +00:00
|
|
|
The main use of
|
2006-03-20 21:29:29 +00:00
|
|
|
.BR unshare ()
|
|
|
|
is to allow a process to control its
|
|
|
|
shared execution context without creating a new process.
|
_syscall.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscalls.2, sysctl.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2: Formatting fix: replace blank lines with .PP/.IP
Blank lines shouldn't generally appear in *roff source (other
than in code examples), since they create large vertical
spaces between text blocks.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 07:30:51 +00:00
|
|
|
.PP
|
2007-04-12 22:42:49 +00:00
|
|
|
The
|
|
|
|
.I flags
|
|
|
|
argument is a bit mask that specifies which parts of
|
|
|
|
the execution context should be unshared.
|
2006-03-20 21:29:29 +00:00
|
|
|
This argument is specified by ORing together zero or more
|
|
|
|
of the following constants:
|
|
|
|
.TP
|
|
|
|
.B CLONE_FILES
|
|
|
|
Reverse the effect of the
|
|
|
|
.BR clone (2)
|
|
|
|
.B CLONE_FILES
|
|
|
|
flag.
|
2007-04-12 22:42:49 +00:00
|
|
|
Unshare the file descriptor table, so that the calling process
|
2006-03-20 21:29:29 +00:00
|
|
|
no longer shares its file descriptors with any other process.
|
|
|
|
.TP
|
|
|
|
.B CLONE_FS
|
|
|
|
Reverse the effect of the
|
|
|
|
.BR clone (2)
|
2007-04-12 22:42:49 +00:00
|
|
|
.B CLONE_FS
|
2006-03-20 21:29:29 +00:00
|
|
|
flag.
|
intro.1, time.1, access.2, acct.2, alloc_hugepages.2, bind.2, chdir.2, chmod.2, chown.2, chroot.2, clone.2, close.2, execve.2, fallocate.2, fcntl.2, getdents.2, getrusage.2, getxattr.2, init_module.2, inotify_add_watch.2, ioprio_set.2, kcmp.2, link.2, listxattr.2, lseek.2, madvise.2, mkdir.2, mknod.2, mmap.2, mount.2, move_pages.2, msgctl.2, nfsservctl.2, open.2, pivot_root.2, quotactl.2, read.2, readlink.2, removexattr.2, rename.2, rmdir.2, semctl.2, setfsgid.2, setfsuid.2, setresuid.2, setuid.2, setup.2, setxattr.2, shmctl.2, splice.2, spu_create.2, stat.2, statfs.2, swapon.2, symlink.2, sync.2, sync_file_range.2, sysfs.2, truncate.2, umount.2, unlink.2, unshare.2, ustat.2, utime.2, utimensat.2, write.2, btree.3, errno.3, fexecve.3, ftw.3, futimes.3, get_nprocs_conf.3, getcwd.3, getdirentries.3, getmntent.3, glob.3, mkfifo.3, mq_open.3, readdir.3, realpath.3, recno.3, remove.3, sem_open.3, shm_open.3, statvfs.3, sysconf.3, telldir.3, tmpfile.3, cciss.4, initrd.4, pts.4, sk98lin.4, vcs.4, core.5, filesystems.5, proc.5, boot.7, bootparam.7, capabilities.7, cpuset.7, credentials.7, feature_test_macros.7, fifo.7, hier.7, inotify.7, intro.7, mq_overview.7, path_resolution.7, pipe.7, sem_overview.7, shm_overview.7, spufs.7, symlink.7, unix.7, uri.7, sync.8: Global fix: s/file system/filesystem/
Notwithstanding 24d01c530c5a3f75217543d02bf6712395e5f90c,
"filesystem" is the form used by the great majority of man pages
outside the man-pages project and in a number of other sources,
so let's go with that.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-08-08 08:07:57 +00:00
|
|
|
Unshare filesystem attributes, so that the calling process
|
2013-01-01 00:28:28 +00:00
|
|
|
no longer shares its root directory
|
|
|
|
.RB ( chroot (2)),
|
|
|
|
current directory
|
|
|
|
.RB ( chdir (2)),
|
|
|
|
or umask
|
|
|
|
.RB ( umask (2))
|
|
|
|
attributes with any other process.
|
2006-03-20 21:29:29 +00:00
|
|
|
.TP
|
2016-04-28 12:38:25 +00:00
|
|
|
.BR CLONE_NEWCGROUP " (since Linux 4.6)"
|
|
|
|
This flag has the same effect as the
|
|
|
|
.BR clone (2)
|
|
|
|
.B CLONE_NEWCGROUP
|
|
|
|
flag.
|
|
|
|
Unshare the cgroup namespace.
|
|
|
|
Use of
|
|
|
|
.BR CLONE_NEWCGROUP
|
|
|
|
requires the
|
|
|
|
.BR CAP_SYS_ADMIN
|
|
|
|
capability.
|
|
|
|
.TP
|
2016-04-28 12:36:59 +00:00
|
|
|
.BR CLONE_NEWIPC " (since Linux 2.6.19)"
|
2010-10-24 14:14:09 +00:00
|
|
|
This flag has the same effect as the
|
|
|
|
.BR clone (2)
|
|
|
|
.B CLONE_NEWIPC
|
|
|
|
flag.
|
2015-03-31 19:45:44 +00:00
|
|
|
Unshare the IPC namespace,
|
2010-10-24 14:14:09 +00:00
|
|
|
so that the calling process has a private copy of the
|
2015-03-31 19:45:44 +00:00
|
|
|
IPC namespace which is not shared with any other process.
|
2010-10-24 14:14:09 +00:00
|
|
|
Specifying this flag automatically implies
|
|
|
|
.BR CLONE_SYSVSEM
|
|
|
|
as well.
|
|
|
|
Use of
|
|
|
|
.BR CLONE_NEWIPC
|
|
|
|
requires the
|
|
|
|
.BR CAP_SYS_ADMIN
|
|
|
|
capability.
|
|
|
|
.TP
|
2016-04-28 12:36:59 +00:00
|
|
|
.BR CLONE_NEWNET " (since Linux 2.6.24)"
|
2010-10-24 14:32:50 +00:00
|
|
|
This flag has the same effect as the
|
|
|
|
.BR clone (2)
|
|
|
|
.B CLONE_NEWNET
|
|
|
|
flag.
|
|
|
|
Unshare the network namespace,
|
2010-10-30 05:52:36 +00:00
|
|
|
so that the calling process is moved into a
|
|
|
|
new network namespace which is not shared
|
|
|
|
with any previously existing process.
|
2013-01-01 00:29:12 +00:00
|
|
|
Use of
|
2010-10-24 14:32:50 +00:00
|
|
|
.BR CLONE_NEWNET
|
|
|
|
requires the
|
|
|
|
.BR CAP_SYS_ADMIN
|
|
|
|
capability.
|
|
|
|
.TP
|
2006-03-20 21:29:29 +00:00
|
|
|
.B CLONE_NEWNS
|
|
|
|
.\" These flag name are inconsistent:
|
2007-04-12 22:42:49 +00:00
|
|
|
.\" CLONE_NEWNS does the same thing in clone(), but CLONE_VM,
|
2006-03-20 21:29:29 +00:00
|
|
|
.\" CLONE_FS, and CLONE_FILES reverse the action of the clone()
|
|
|
|
.\" flags of the same name.
|
2010-10-24 13:59:48 +00:00
|
|
|
This flag has the same effect as the
|
2006-03-20 21:29:29 +00:00
|
|
|
.BR clone (2)
|
|
|
|
.B CLONE_NEWNS
|
|
|
|
flag.
|
2008-11-20 16:04:07 +00:00
|
|
|
Unshare the mount namespace,
|
2008-11-19 19:23:47 +00:00
|
|
|
so that the calling process has a private copy of
|
2006-03-20 21:29:29 +00:00
|
|
|
its namespace which is not shared with any other process.
|
|
|
|
Specifying this flag automatically implies
|
|
|
|
.B CLONE_FS
|
|
|
|
as well.
|
2010-10-24 14:02:24 +00:00
|
|
|
Use of
|
|
|
|
.BR CLONE_NEWNS
|
|
|
|
requires the
|
|
|
|
.BR CAP_SYS_ADMIN
|
|
|
|
capability.
|
2016-06-30 03:59:44 +00:00
|
|
|
For further information, see
|
|
|
|
.BR mount_namespaces (7).
|
2010-10-24 14:18:12 +00:00
|
|
|
.TP
|
2013-01-01 11:06:09 +00:00
|
|
|
.BR CLONE_NEWPID " (since Linux 3.8)"
|
|
|
|
This flag has the same effect as the
|
|
|
|
.BR clone (2)
|
|
|
|
.B CLONE_NEWPID
|
|
|
|
flag.
|
|
|
|
Unshare the PID namespace,
|
2013-01-07 05:25:07 +00:00
|
|
|
so that the calling process has a new PID namespace for its children
|
2013-01-01 11:06:09 +00:00
|
|
|
which is not shared with any previously existing process.
|
2013-01-07 08:19:19 +00:00
|
|
|
The calling process is
|
|
|
|
.I not
|
|
|
|
moved into the new namespace.
|
|
|
|
The first child created by the calling process will have
|
|
|
|
the process ID 1 and will assume the role of
|
|
|
|
.BR init (1)
|
|
|
|
in the new namespace.
|
2013-03-22 07:58:50 +00:00
|
|
|
.BR CLONE_NEWPID
|
|
|
|
automatically implies
|
|
|
|
.BR CLONE_THREAD
|
|
|
|
as well.
|
2013-01-01 11:06:09 +00:00
|
|
|
Use of
|
|
|
|
.BR CLONE_NEWPID
|
|
|
|
requires the
|
|
|
|
.BR CAP_SYS_ADMIN
|
|
|
|
capability.
|
2013-03-22 07:18:07 +00:00
|
|
|
For further information, see
|
|
|
|
.BR pid_namespaces (7).
|
2013-01-01 11:06:09 +00:00
|
|
|
.TP
|
2013-01-01 10:26:49 +00:00
|
|
|
.BR CLONE_NEWUSER " (since Linux 3.8)"
|
|
|
|
This flag has the same effect as the
|
|
|
|
.BR clone (2)
|
|
|
|
.B CLONE_NEWUSER
|
|
|
|
flag.
|
|
|
|
Unshare the user namespace,
|
|
|
|
so that the calling process is moved into a new user namespace
|
|
|
|
which is not shared with any previously existing process.
|
2013-03-22 07:50:13 +00:00
|
|
|
As with the child process created by
|
2013-03-04 16:39:46 +00:00
|
|
|
.BR clone (2)
|
|
|
|
with the
|
|
|
|
.B CLONE_NEWUSER
|
|
|
|
flag, the caller obtains a full set of capabilities in the new namespace.
|
2013-03-22 07:54:12 +00:00
|
|
|
.IP
|
|
|
|
.BR CLONE_NEWUSER
|
|
|
|
requires that the calling process is not threaded; specifying
|
|
|
|
.BR CLONE_NEWUSER
|
|
|
|
automatically implies
|
2013-03-22 12:06:53 +00:00
|
|
|
.BR CLONE_THREAD .
|
2014-06-02 11:33:20 +00:00
|
|
|
Since Linux 3.9,
|
2013-03-22 12:06:53 +00:00
|
|
|
.\" commit e66eded8309ebf679d3d3c1f5820d1f2ca332c71
|
|
|
|
.\" https://lwn.net/Articles/543273/
|
2014-06-02 11:33:20 +00:00
|
|
|
.BR CLONE_NEWUSER
|
|
|
|
also automatically implies
|
|
|
|
.BR CLONE_FS .
|
2013-01-07 05:25:07 +00:00
|
|
|
.BR CLONE_NEWUSER
|
2013-03-22 07:54:12 +00:00
|
|
|
requires that the user ID and group ID
|
2013-03-22 12:09:16 +00:00
|
|
|
of the calling process are mapped to user IDs and group IDs in the
|
2013-01-07 05:25:07 +00:00
|
|
|
user namespace of the calling process at the time of the call.
|
_syscall.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscalls.2, sysctl.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2: Formatting fix: replace blank lines with .PP/.IP
Blank lines shouldn't generally appear in *roff source (other
than in code examples), since they create large vertical
spaces between text blocks.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 07:30:51 +00:00
|
|
|
.IP
|
2013-03-22 12:05:30 +00:00
|
|
|
For further information on user namespaces, see
|
2013-03-22 07:14:13 +00:00
|
|
|
.BR user_namespaces (7).
|
2013-01-01 10:26:49 +00:00
|
|
|
.TP
|
2013-01-01 10:23:47 +00:00
|
|
|
.BR CLONE_NEWUTS " (since Linux 2.6.19)"
|
2013-01-01 10:06:23 +00:00
|
|
|
This flag has the same effect as the
|
|
|
|
.BR clone (2)
|
|
|
|
.B CLONE_NEWUTS
|
|
|
|
flag.
|
|
|
|
Unshare the UTS IPC namespace,
|
|
|
|
so that the calling process has a private copy of the
|
|
|
|
UTS namespace which is not shared with any other process.
|
|
|
|
Use of
|
|
|
|
.BR CLONE_NEWUTS
|
|
|
|
requires the
|
|
|
|
.BR CAP_SYS_ADMIN
|
|
|
|
capability.
|
|
|
|
.TP
|
2010-10-24 14:18:12 +00:00
|
|
|
.BR CLONE_SYSVSEM " (since Linux 2.6.26)
|
2013-01-01 00:21:12 +00:00
|
|
|
.\" commit 9edff4ab1f8d82675277a04e359d0ed8bf14a7b7
|
2010-10-24 14:18:12 +00:00
|
|
|
This flag reverses the effect of the
|
|
|
|
.BR clone (2)
|
|
|
|
.B CLONE_SYSVSEM
|
|
|
|
flag.
|
2013-03-22 10:38:55 +00:00
|
|
|
Unshare System\ V semaphore adjustment
|
|
|
|
.RI ( semadj )
|
|
|
|
values,
|
|
|
|
so that the calling process has a new empty
|
|
|
|
.I semadj
|
|
|
|
list that is not shared with any other process.
|
|
|
|
If this is the last process that has a reference to the process's current
|
|
|
|
.I semadj
|
|
|
|
list, then the adjustments in that list are applied
|
|
|
|
to the corresponding semaphores, as described in
|
|
|
|
.BR semop (2).
|
2013-01-01 10:28:02 +00:00
|
|
|
.\" CLONE_NEWNS If CLONE_SIGHAND is set and signals are also being shared
|
2006-03-20 21:29:29 +00:00
|
|
|
.\" (i.e., current->signal->count > 1), force CLONE_THREAD.
|
2006-03-21 05:42:30 +00:00
|
|
|
.PP
|
2013-03-06 09:10:44 +00:00
|
|
|
In addition,
|
|
|
|
.BR CLONE_THREAD ,
|
|
|
|
.BR CLONE_SIGHAND ,
|
|
|
|
and
|
|
|
|
.BR CLONE_VM
|
|
|
|
can be specified in
|
|
|
|
.I flags
|
|
|
|
if the caller is single threaded (i.e., it is not sharing
|
|
|
|
its address space with another process or thread).
|
|
|
|
In this case, these flags have no effect.
|
2014-09-14 03:07:12 +00:00
|
|
|
(Note also that specifying
|
|
|
|
.BR CLONE_THREAD
|
|
|
|
automatically implies
|
|
|
|
.BR CLONE_VM ,
|
|
|
|
and specifying
|
|
|
|
.BR CLONE_VM
|
|
|
|
automatically implies
|
|
|
|
.BR CLONE_SIGHAND .)
|
2013-03-22 07:41:41 +00:00
|
|
|
.\" As at 3.9, the following forced implications also apply,
|
|
|
|
.\" although the relevant flags are not yet implemented.
|
|
|
|
.\" If CLONE_THREAD is set force CLONE_VM.
|
|
|
|
.\" If CLONE_VM is set, force CLONE_SIGHAND.
|
|
|
|
.\"
|
2013-03-06 09:10:44 +00:00
|
|
|
If the process is multithreaded, then
|
|
|
|
the use of these flags results in an error.
|
|
|
|
.\" See kernel/fork.c::check_unshare_flags()
|
|
|
|
.PP
|
2007-04-12 22:42:49 +00:00
|
|
|
If
|
2006-03-20 21:29:29 +00:00
|
|
|
.I flags
|
|
|
|
is specified as zero, then
|
|
|
|
.BR unshare ()
|
|
|
|
is a no-op;
|
|
|
|
no changes are made to the calling process's execution context.
|
|
|
|
.SH RETURN VALUE
|
2007-04-12 22:42:49 +00:00
|
|
|
On success, zero returned.
|
|
|
|
On failure, \-1 is returned and
|
|
|
|
.I errno
|
2006-03-20 21:29:29 +00:00
|
|
|
is set to indicate the error.
|
|
|
|
.SH ERRORS
|
|
|
|
.TP
|
2007-08-27 07:56:52 +00:00
|
|
|
.B EINVAL
|
|
|
|
An invalid bit was specified in
|
|
|
|
.IR flags .
|
|
|
|
.TP
|
2013-03-06 09:10:44 +00:00
|
|
|
.B EINVAL
|
|
|
|
.BR CLONE_THREAD ,
|
|
|
|
.BR CLONE_SIGHAND ,
|
|
|
|
or
|
|
|
|
.BR CLONE_VM
|
|
|
|
was specified in
|
|
|
|
.IR flags ,
|
|
|
|
and the caller is multithreaded.
|
|
|
|
.TP
|
2007-08-27 07:56:52 +00:00
|
|
|
.B ENOMEM
|
|
|
|
Cannot allocate sufficient memory to copy parts of caller's
|
|
|
|
context that need to be unshared.
|
|
|
|
.TP
|
2017-04-17 07:42:41 +00:00
|
|
|
.BR ENOSPC " (since Linux 3.7)"
|
|
|
|
.\" commit f2302505775fd13ba93f034206f1e2a587017929
|
|
|
|
.B CLONE_NEWPID
|
|
|
|
was specified in flags,
|
|
|
|
but the limit on the nesting depth of PID namespaces
|
|
|
|
would have been exceeded; see
|
|
|
|
.BR pid_namespaces (7).
|
|
|
|
.TP
|
2017-04-17 11:46:02 +00:00
|
|
|
.BR ENOSPC " (since Linux 4.9; beforehand " EUSERS )
|
|
|
|
.B CLONE_NEWUSER
|
|
|
|
was specified in
|
|
|
|
.IR flags ,
|
|
|
|
and the call would cause the limit on the number of
|
|
|
|
nested user namespaces to be exceeded.
|
|
|
|
See
|
|
|
|
.BR user_namespaces (7).
|
_syscall.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscalls.2, sysctl.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2: Formatting fix: replace blank lines with .PP/.IP
Blank lines shouldn't generally appear in *roff source (other
than in code examples), since they create large vertical
spaces between text blocks.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 07:30:51 +00:00
|
|
|
.IP
|
2017-04-17 11:46:02 +00:00
|
|
|
From Linux 3.11 to Linux 4.8, the error diagnosed in this case was
|
|
|
|
.BR EUSERS .
|
|
|
|
.TP
|
2017-04-17 19:32:34 +00:00
|
|
|
.BR ENOSPC " (since Linux 4.9)"
|
|
|
|
One of the values in
|
|
|
|
.I flags
|
|
|
|
specified the creation of a new user namespace,
|
|
|
|
but doing so would have caused the limit defined by the corresponding file in
|
|
|
|
.IR /proc/sys/user
|
|
|
|
to be exceeded.
|
|
|
|
For further details, see
|
|
|
|
.BR namespaces (7).
|
|
|
|
.TP
|
2006-03-20 21:29:29 +00:00
|
|
|
.B EPERM
|
2010-10-24 14:02:24 +00:00
|
|
|
The calling process did not have the required privileges for this operation.
|
2013-02-26 13:02:06 +00:00
|
|
|
.TP
|
|
|
|
.B EPERM
|
|
|
|
.BR CLONE_NEWUSER
|
|
|
|
was specified in
|
|
|
|
.IR flags ,
|
|
|
|
but either the effective user ID or the effective group ID of the caller
|
|
|
|
does not have a mapping in the parent namespace (see
|
2013-02-27 06:40:40 +00:00
|
|
|
.BR user_namespaces (7)).
|
2014-06-02 09:33:52 +00:00
|
|
|
.TP
|
2014-06-02 10:17:46 +00:00
|
|
|
.BR EPERM " (since Linux 3.9)"
|
|
|
|
.\" commit 3151527ee007b73a0ebd296010f1c0454a919c7d
|
2015-01-15 17:21:28 +00:00
|
|
|
.B CLONE_NEWUSER
|
|
|
|
was specified in
|
2014-06-02 10:17:46 +00:00
|
|
|
.I flags
|
|
|
|
and the caller is in a chroot environment
|
|
|
|
.\" FIXME What is the rationale for this restriction?
|
|
|
|
(i.e., the caller's root directory does not match the root directory
|
|
|
|
of the mount namespace in which it resides).
|
|
|
|
.TP
|
|
|
|
.BR EUSERS " (since Linux 3.11)"
|
2014-06-02 09:33:52 +00:00
|
|
|
.B CLONE_NEWUSER
|
|
|
|
was specified in
|
|
|
|
.IR flags ,
|
2017-04-17 11:46:02 +00:00
|
|
|
and the limit on the number of nested user namespaces would be exceeded.
|
|
|
|
See the discussion of the
|
|
|
|
.BR ENOSPC
|
|
|
|
error above.
|
2007-05-16 04:39:23 +00:00
|
|
|
.SH VERSIONS
|
2006-03-20 21:29:29 +00:00
|
|
|
The
|
|
|
|
.BR unshare ()
|
|
|
|
system call was added to Linux in kernel 2.6.16.
|
2007-05-18 16:30:46 +00:00
|
|
|
.SH CONFORMING TO
|
|
|
|
The
|
|
|
|
.BR unshare ()
|
2007-12-25 21:28:09 +00:00
|
|
|
system call is Linux-specific.
|
2007-05-16 04:39:23 +00:00
|
|
|
.SH NOTES
|
2007-04-12 22:42:49 +00:00
|
|
|
Not all of the process attributes that can be shared when
|
2006-03-20 21:29:29 +00:00
|
|
|
a new process is created using
|
|
|
|
.BR clone (2)
|
|
|
|
can be unshared using
|
|
|
|
.BR unshare ().
|
2013-01-01 00:25:22 +00:00
|
|
|
In particular, as at kernel 3.8,
|
2012-12-05 16:21:14 +00:00
|
|
|
.\" FIXME all of the following needs to be reviewed for the current kernel
|
2007-04-12 22:42:49 +00:00
|
|
|
.BR unshare ()
|
2006-03-20 21:29:29 +00:00
|
|
|
does not implement flags that reverse the effects of
|
|
|
|
.BR CLONE_SIGHAND ,
|
2006-03-21 05:42:30 +00:00
|
|
|
.\" However, we can do unshare(CLONE_SIGHAND) if CLONE_SIGHAND
|
2006-03-20 21:29:29 +00:00
|
|
|
.\" was not specified when doing clone(); i.e., unsharing
|
|
|
|
.\" signal handlers is permitted if we are not actually
|
|
|
|
.\" sharing signal handlers. mtk
|
2006-03-21 05:42:30 +00:00
|
|
|
.BR CLONE_THREAD ,
|
|
|
|
or
|
|
|
|
.BR CLONE_VM .
|
2013-01-01 00:25:22 +00:00
|
|
|
.\" However, we can do unshare(CLONE_VM) if CLONE_VM
|
2006-03-21 05:42:30 +00:00
|
|
|
.\" was not specified when doing clone(); i.e., unsharing
|
|
|
|
.\" virtual memory is permitted if we are not actually
|
|
|
|
.\" sharing virtual memory. mtk
|
2006-03-20 21:29:29 +00:00
|
|
|
Such functionality may be added in the future, if required.
|
|
|
|
.\"
|
|
|
|
.\"9) Future Work
|
|
|
|
.\"--------------
|
|
|
|
.\"The current implementation of unshare does not allow unsharing of
|
|
|
|
.\"signals and signal handlers. Signals are complex to begin with and
|
|
|
|
.\"to unshare signals and/or signal handlers of a currently running
|
|
|
|
.\"process is even more complex. If in the future there is a specific
|
|
|
|
.\"need to allow unsharing of signals and/or signal handlers, it can
|
|
|
|
.\"be incrementally added to unshare without affecting legacy
|
|
|
|
.\"applications using unshare.
|
|
|
|
.\"
|
2013-01-10 20:20:05 +00:00
|
|
|
.SH EXAMPLE
|
|
|
|
The program below provides a simple implementation of the
|
|
|
|
.BR unshare (1)
|
|
|
|
command, which unshares one or more namespaces and executes the
|
2014-06-02 09:29:05 +00:00
|
|
|
command supplied in its command-line arguments.
|
2013-01-10 20:20:05 +00:00
|
|
|
Here's an example of the use of this program,
|
|
|
|
running a shell in a new mount namespace,
|
|
|
|
and verifying that the original shell and the
|
|
|
|
new shell are in separate mount namespaces:
|
ioctl_console.2, ioctl_getfsmap.2, ioctl_iflags.2, ioctl_list.2, ioctl_ns.2, kcmp.2, kexec_load.2, keyctl.2, link.2, mmap.2, modify_ldt.2, msgctl.2, poll.2, query_module.2, quotactl.2, recv.2, recvmmsg.2, sched_setscheduler.2, seccomp.2, select.2, semctl.2, semop.2, send.2, set_thread_area.2, setns.2, shmctl.2, shmget.2, sigaction.2, sysinfo.2, timer_create.2, timerfd_create.2, uname.2, unshare.2, userfaultfd.2, ustat.2, utimensat.2, vmsplice.2, wait.2, adjtime.3, backtrace.3, bswap.3, btree.3, clock_getcpuclockid.3, confstr.3, dbopen.3, dl_iterate_phdr.3, dlinfo.3, duplocale.3, encrypt.3, end.3, endian.3, err.3, errno.3, fmemopen.3, fopencookie.3, frexp.3, fts.3, ftw.3, getaddrinfo.3, getaddrinfo_a.3, getcontext.3, getgrouplist.3, getifaddrs.3, getipnodebyname.3, getnameinfo.3, getopt.3, getprotoent_r.3, getpwent_r.3, getrpcent.3, getservent_r.3, getttyent.3, getumask.3, glob.3, gnu_get_libc_version.3, hash.3, hsearch.3, inet.3, inet_pton.3, insque.3, isalpha.3, makecontext.3, mallopt.3, mbstowcs.3, mcheck.3, memchr.3, mq_getattr.3, mq_open.3, mtrace.3, newlocale.3, ntp_gettime.3, offsetof.3, posix_openpt.3, printf.3, pthread_setname_np.3, pthread_setschedparam.3, rpc.3, scanf.3, sched_getcpu.3, sem_wait.3, setaliasent.3, sigqueue.3, sigvec.3, stdarg.3, strcat.3, strcpy.3, strftime.3, strtol.3, toupper.3, ttyslot.3, fuse.4, loop.4, st.4, elf.5, cgroup_namespaces.7, cgroups.7, feature_test_macros.7, inode.7, inotify.7, keyrings.7, man-pages.7, math_error.7, mount_namespaces.7, mq_overview.7, pthreads.7, sched.7, session-keyring.7, udplite.7, unix.7, vdso.7: Use consistent markup for code snippets
The preferred form is
.PP/.IP
.in +4n
.EX
<code>
.EE
.in
.PP/.IP
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-18 19:37:55 +00:00
|
|
|
.PP
|
2013-01-10 20:20:05 +00:00
|
|
|
.in +4n
|
ioctl_console.2, ioctl_getfsmap.2, ioctl_iflags.2, ioctl_list.2, ioctl_ns.2, kcmp.2, kexec_load.2, keyctl.2, link.2, mmap.2, modify_ldt.2, msgctl.2, poll.2, query_module.2, quotactl.2, recv.2, recvmmsg.2, sched_setscheduler.2, seccomp.2, select.2, semctl.2, semop.2, send.2, set_thread_area.2, setns.2, shmctl.2, shmget.2, sigaction.2, sysinfo.2, timer_create.2, timerfd_create.2, uname.2, unshare.2, userfaultfd.2, ustat.2, utimensat.2, vmsplice.2, wait.2, adjtime.3, backtrace.3, bswap.3, btree.3, clock_getcpuclockid.3, confstr.3, dbopen.3, dl_iterate_phdr.3, dlinfo.3, duplocale.3, encrypt.3, end.3, endian.3, err.3, errno.3, fmemopen.3, fopencookie.3, frexp.3, fts.3, ftw.3, getaddrinfo.3, getaddrinfo_a.3, getcontext.3, getgrouplist.3, getifaddrs.3, getipnodebyname.3, getnameinfo.3, getopt.3, getprotoent_r.3, getpwent_r.3, getrpcent.3, getservent_r.3, getttyent.3, getumask.3, glob.3, gnu_get_libc_version.3, hash.3, hsearch.3, inet.3, inet_pton.3, insque.3, isalpha.3, makecontext.3, mallopt.3, mbstowcs.3, mcheck.3, memchr.3, mq_getattr.3, mq_open.3, mtrace.3, newlocale.3, ntp_gettime.3, offsetof.3, posix_openpt.3, printf.3, pthread_setname_np.3, pthread_setschedparam.3, rpc.3, scanf.3, sched_getcpu.3, sem_wait.3, setaliasent.3, sigqueue.3, sigvec.3, stdarg.3, strcat.3, strcpy.3, strftime.3, strtol.3, toupper.3, ttyslot.3, fuse.4, loop.4, st.4, elf.5, cgroup_namespaces.7, cgroups.7, feature_test_macros.7, inode.7, inotify.7, keyrings.7, man-pages.7, math_error.7, mount_namespaces.7, mq_overview.7, pthreads.7, sched.7, session-keyring.7, udplite.7, unix.7, vdso.7: Use consistent markup for code snippets
The preferred form is
.PP/.IP
.in +4n
.EX
<code>
.EE
.in
.PP/.IP
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-18 19:37:55 +00:00
|
|
|
.EX
|
2013-01-10 20:20:05 +00:00
|
|
|
$ \fBreadlink /proc/$$/ns/mnt\fP
|
|
|
|
mnt:[4026531840]
|
|
|
|
$ \fBsudo ./unshare -m /bin/bash\fP
|
|
|
|
[sudo] password for cecilia:
|
|
|
|
# \fBreadlink /proc/$$/ns/mnt\fP
|
|
|
|
mnt:[4026532325]
|
execve.2, ioctl_console.2, ioctl_iflags.2, ioctl_ns.2, ioctl_userfaultfd.2, kcmp.2, kexec_load.2, keyctl.2, link.2, listxattr.2, membarrier.2, memfd_create.2, mmap.2, modify_ldt.2, mprotect.2, msgctl.2, nanosleep.2, open_by_handle_at.2, perf_event_open.2, poll.2, posix_fadvise.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, readdir.2, readv.2, recv.2, recvmmsg.2, request_key.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setscheduler.2, seccomp.2, select.2, select_tut.2, semctl.2, semop.2, send.2, sendmmsg.2, set_thread_area.2, setns.2, shmctl.2, shmget.2, sigaction.2, sigaltstack.2, signal.2, sigwaitinfo.2, stat.2, statfs.2, statx.2, sync_file_range.2, syscall.2, sysctl.2, sysinfo.2, tee.2, timer_create.2, timer_settime.2, timerfd_create.2, unshare.2, userfaultfd.2, ustat.2, utime.2, utimensat.2, vmsplice.2, wait.2, adjtime.3, aio_init.3, backtrace.3, basename.3, bswap.3, btree.3, clock_getcpuclockid.3, cmsg.3, confstr.3, dbopen.3, dl_iterate_phdr.3, dladdr.3, dlinfo.3, dlopen.3, duplocale.3, encrypt.3, end.3, endian.3, err.3, errno.3, ether_aton.3, fgetgrent.3, fgetpwent.3, fmemopen.3, frexp.3, ftime.3, fts.3, getaddrinfo.3, getaddrinfo_a.3, getdate.3, getfsent.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, getifaddrs.3, getipnodebyname.3, getmntent.3, getnameinfo.3, getnetent.3, getopt.3, getprotoent.3, getprotoent_r.3, getpw.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent.3, getservent.3, getservent_r.3, getspnam.3, getttyent.3, glob.3, gnu_get_libc_version.3, hash.3, hsearch.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, isalpha.3, makecontext.3, mallinfo.3, malloc_info.3, mallopt.3, matherr.3, mbstowcs.3, mcheck.3, memchr.3, mq_getattr.3, mq_open.3, mq_receive.3, mq_send.3, mtrace.3, newlocale.3, ntp_gettime.3, posix_openpt.3, printf.3, pthread_attr_init.3, pthread_attr_setschedparam.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_cleanup_push_defer_np.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, pthread_tryjoin_np.3, readdir.3, realpath.3, recno.3, regex.3, rpc.3, scanf.3, sched_getcpu.3, sem_wait.3, setaliasent.3, sigqueue.3, statvfs.3, strcat.3, strcpy.3, strftime.3, strtok.3, strtol.3, strverscmp.3, toupper.3, ttyslot.3, xdr.3, fuse.4, loop.4, rtc.4, st.4, acct.5, core.5, elf.5, slabinfo.5, aio.7, arp.7, capabilities.7, cgroup_namespaces.7, cgroups.7, ddp.7, fanotify.7, feature_test_macros.7, inode.7, inotify.7, ip.7, keyrings.7, locale.7, mount_namespaces.7, namespaces.7, netdevice.7, netlink.7, packet.7, pkeys.7, pthreads.7, sched.7, session-keyring.7, sock_diag.7, socket.7, spufs.7, udplite.7, unix.7, user_namespaces.7, vdso.7, x25.7, ld.so.8: Use consistent markup for code snippets
Change .nf/.fi to .EX/.EE
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-18 19:52:46 +00:00
|
|
|
.EE
|
2013-01-10 20:20:05 +00:00
|
|
|
.in
|
_syscall.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscalls.2, sysctl.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2: Formatting fix: replace blank lines with .PP/.IP
Blank lines shouldn't generally appear in *roff source (other
than in code examples), since they create large vertical
spaces between text blocks.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 07:30:51 +00:00
|
|
|
.PP
|
2013-01-10 20:20:05 +00:00
|
|
|
The differing output of the two
|
|
|
|
.BR readlink (1)
|
|
|
|
commands shows that the two shells are in different mount namespaces.
|
|
|
|
.SS Program source
|
|
|
|
\&
|
memusage.1, clone.2, eventfd.2, futex.2, getdents.2, ioctl_fat.2, ioctl_ns.2, kcmp.2, keyctl.2, mmap.2, mprotect.2, msgop.2, recvmmsg.2, request_key.2, sched_setaffinity.2, seccomp.2, setns.2, tee.2, timer_create.2, timerfd_create.2, unshare.2, userfaultfd.2, wait.2, __ppc_get_timebase.3, backtrace.3, bswap.3, clock_getcpuclockid.3, dl_iterate_phdr.3, dlinfo.3, dlopen.3, duplocale.3, end.3, endian.3, fmemopen.3, fopencookie.3, frexp.3, ftw.3, getdate.3, getgrouplist.3, getifaddrs.3, getprotoent_r.3, getservent_r.3, gnu_get_libc_version.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, makecontext.3, mallinfo.3, malloc_info.3, mallopt.3, matherr.3, mbstowcs.3, mcheck.3, mq_getattr.3, mq_notify.3, newlocale.3, offsetof.3, posix_spawn.3, pthread_attr_init.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, scandir.3, sem_wait.3, strcat.3, strftime.3, strtok.3, strtol.3, strverscmp.3, loop.4, core.5, aio.7, fanotify.7, feature_test_macros.7, inotify.7, pkeys.7, unix.7, user_namespaces.7: Use .EX/.EE for EXAMPLE programs
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 08:44:33 +00:00
|
|
|
.EX
|
2014-09-21 09:24:24 +00:00
|
|
|
/* unshare.c
|
2013-01-10 20:20:05 +00:00
|
|
|
|
|
|
|
A simple implementation of the unshare(1) command: unshare
|
|
|
|
namespaces and execute a command.
|
|
|
|
*/
|
|
|
|
#define _GNU_SOURCE
|
|
|
|
#include <sched.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
|
|
|
|
/* A simple error\-handling function: print an error message based
|
|
|
|
on the value in \(aqerrno\(aq and terminate the calling process */
|
|
|
|
|
|
|
|
#define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \\
|
|
|
|
} while (0)
|
|
|
|
|
|
|
|
static void
|
|
|
|
usage(char *pname)
|
|
|
|
{
|
|
|
|
fprintf(stderr, "Usage: %s [options] program [arg...]\\n", pname);
|
|
|
|
fprintf(stderr, "Options can be:\\n");
|
|
|
|
fprintf(stderr, " \-i unshare IPC namespace\\n");
|
|
|
|
fprintf(stderr, " \-m unshare mount namespace\\n");
|
|
|
|
fprintf(stderr, " \-n unshare network namespace\\n");
|
|
|
|
fprintf(stderr, " \-p unshare PID namespace\\n");
|
|
|
|
fprintf(stderr, " \-u unshare UTS namespace\\n");
|
|
|
|
fprintf(stderr, " \-U unshare user namespace\\n");
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
main(int argc, char *argv[])
|
|
|
|
{
|
|
|
|
int flags, opt;
|
|
|
|
|
|
|
|
flags = 0;
|
|
|
|
|
|
|
|
while ((opt = getopt(argc, argv, "imnpuU")) != \-1) {
|
|
|
|
switch (opt) {
|
|
|
|
case \(aqi\(aq: flags |= CLONE_NEWIPC; break;
|
|
|
|
case \(aqm\(aq: flags |= CLONE_NEWNS; break;
|
|
|
|
case \(aqn\(aq: flags |= CLONE_NEWNET; break;
|
|
|
|
case \(aqp\(aq: flags |= CLONE_NEWPID; break;
|
|
|
|
case \(aqu\(aq: flags |= CLONE_NEWUTS; break;
|
|
|
|
case \(aqU\(aq: flags |= CLONE_NEWUSER; break;
|
|
|
|
default: usage(argv[0]);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (optind >= argc)
|
|
|
|
usage(argv[0]);
|
|
|
|
|
|
|
|
if (unshare(flags) == \-1)
|
|
|
|
errExit("unshare");
|
|
|
|
|
2014-09-21 09:24:24 +00:00
|
|
|
execvp(argv[optind], &argv[optind]);
|
2013-01-10 20:20:05 +00:00
|
|
|
errExit("execvp");
|
|
|
|
}
|
memusage.1, clone.2, eventfd.2, futex.2, getdents.2, ioctl_fat.2, ioctl_ns.2, kcmp.2, keyctl.2, mmap.2, mprotect.2, msgop.2, recvmmsg.2, request_key.2, sched_setaffinity.2, seccomp.2, setns.2, tee.2, timer_create.2, timerfd_create.2, unshare.2, userfaultfd.2, wait.2, __ppc_get_timebase.3, backtrace.3, bswap.3, clock_getcpuclockid.3, dl_iterate_phdr.3, dlinfo.3, dlopen.3, duplocale.3, end.3, endian.3, fmemopen.3, fopencookie.3, frexp.3, ftw.3, getdate.3, getgrouplist.3, getifaddrs.3, getprotoent_r.3, getservent_r.3, gnu_get_libc_version.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_pton.3, insque.3, makecontext.3, mallinfo.3, malloc_info.3, mallopt.3, matherr.3, mbstowcs.3, mcheck.3, mq_getattr.3, mq_notify.3, newlocale.3, offsetof.3, posix_spawn.3, pthread_attr_init.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_create.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, scandir.3, sem_wait.3, strcat.3, strftime.3, strtok.3, strtol.3, strverscmp.3, loop.4, core.5, aio.7, fanotify.7, feature_test_macros.7, inotify.7, pkeys.7, unix.7, user_namespaces.7: Use .EX/.EE for EXAMPLE programs
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 08:44:33 +00:00
|
|
|
.EE
|
2006-03-20 21:29:29 +00:00
|
|
|
.SH SEE ALSO
|
2013-01-10 20:08:27 +00:00
|
|
|
.BR unshare (1),
|
2007-04-12 22:42:49 +00:00
|
|
|
.BR clone (2),
|
|
|
|
.BR fork (2),
|
2012-12-18 17:24:25 +00:00
|
|
|
.BR kcmp (2),
|
2013-01-01 00:08:39 +00:00
|
|
|
.BR setns (2),
|
2013-01-10 20:20:54 +00:00
|
|
|
.BR vfork (2),
|
2013-01-13 23:18:46 +00:00
|
|
|
.BR namespaces (7)
|
_syscall.2, bpf.2, cacheflush.2, capget.2, chdir.2, chmod.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, copy_file_range.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, execveat.2, fallocate.2, flock.2, fork.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_mempolicy.2, get_robust_list.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpriority.2, getrandom.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_fat.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, ioctl_tty.2, ioctl_userfaultfd.2, ioperm.2, iopl.2, ioprio_set.2, kcmp.2, kexec_load.2, keyctl.2, kill.2, link.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, mbind.2, membarrier.2, memfd_create.2, migrate_pages.2, mincore.2, mkdir.2, mknod.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open_by_handle_at.2, outb.2, perf_event_open.2, perfmonctl.2, personality.2, pivot_root.2, pkey_alloc.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readv.2, reboot.2, recv.2, recvmmsg.2, remap_file_pages.2, rename.2, request_key.2, restart_syscall.2, rt_sigqueueinfo.2, s390_pci_mmio_write.2, s390_runtime_instr.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setattr.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, seccomp.2, select.2, select_tut.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, sendmmsg.2, set_mempolicy.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setns.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, sgetmask.2, shmctl.2, shmget.2, shmop.2, sigaction.2, sigaltstack.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, spu_create.2, spu_run.2, stat.2, statfs.2, statx.2, subpage_prot.2, swapon.2, symlink.2, sync.2, sync_file_range.2, syscalls.2, sysctl.2, sysinfo.2, syslog.2, tee.2, time.2, timer_create.2, timer_getoverrun.2, timer_settime.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, unimplemented.2, unlink.2, unshare.2, uselib.2, userfaultfd.2, utime.2, utimensat.2, vfork.2, vmsplice.2, wait.2, wait4.2, write.2: Formatting fix: replace blank lines with .PP/.IP
Blank lines shouldn't generally appear in *roff source (other
than in code examples), since they create large vertical
spaces between text blocks.
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-16 07:30:51 +00:00
|
|
|
.PP
|
arch_prctl.2, fcntl.2, flock.2, get_robust_list.2, getpriority.2, ioprio_set.2, migrate_pages.2, mmap.2, mremap.2, msync.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, select.2, socket.2, subpage_prot.2, unshare.2, btree.3, dbopen.3, dl_iterate_phdr.3, dlopen.3, getnameinfo.3, hash.3, lockf.3, netlink.3, recno.3, rpc.3, xdr.3, cciss.4, console_ioctl.4, hpsa.4, initrd.4, msr.4, rtc.4, st.4, hosts.5, services.5, tzfile.5, aio.7, arp.7, capabilities.7, cpuset.7, feature_test_macros.7, futex.7, inotify.7, ip.7, ipv6.7, iso_8859-16.7, iso_8859-2.7, koi8-r.7, math_error.7, netlink.7, packet.7, pthreads.7, raw.7, spufs.7, udplite.7, uri.7, x25.7: Global fix: Various consistency fixes for SEE ALSO
Coauthored-by: Michael Kerrisk <mtk.manpages@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2012-09-24 07:53:22 +00:00
|
|
|
.I Documentation/unshare.txt
|
|
|
|
in the Linux kernel source tree
|