[thirdparty/man-pages.git] / man2 / setns.2

.\" Copyright (C) 2011, Eric Biederman <ebiederm@xmission.com>
.\" and Copyright (C) 2011, 2012, Michael Kerrisk <mtk.manpages@gamil.com>
.\"
.\" %%%LICENSE_START(GPLv2_ONELINE)
.\" Licensed under the GPLv2
.\" %%%LICENSE_END
.\"
.TH SETNS 2 2013-01-01 "Linux" "Linux Programmer's Manual"
.SH NAME
setns \- reassociate thread with a namespace
.SH SYNOPSIS
.nf
.BR "#define _GNU_SOURCE" "             /* See feature_test_macros(7) */"
.B #include <sched.h>
.sp
.BI "int setns(int " fd ", int " nstype );
.fi
.SH DESCRIPTION
Given a file descriptor referring to a namespace,
reassociate the calling thread with that namespace.

The
.I fd
argument is a file descriptor referring to one of the namespace entries in a
.I /proc/[pid]/ns/
directory; see
.BR namespaces (5)
for further information on
.IR /proc/[pid]/ns/ .
The calling thread will be reassociated with the corresponding namespace,
subject to any constraints imposed by the
.I nstype
argument.

The
.I nstype
argument specifies which type of namespace
the calling thread may be reassociated with.
This argument can have one of the following values:
.TP
.BR 0
Allow any type of namespace to be joined.
.TP
.BR CLONE_NEWIPC " (since Linux 3.0)"
.I fd
must refer to an IPC namespace.
.TP
.BR CLONE_NEWNET " (since Linux 3.0)"
.I fd
must refer to a network namespace.
.TP
.BR CLONE_NEWNS " (since Linux 3.8)"
.I fd
must refer to a mount namespace.
.TP
.BR CLONE_NEWPID " (since Linux 3.8)"
.I fd
must refer to a PID namespace.
.TP
.BR CLONE_NEWUSER " (since Linux 3.8)"
.I fd
must refer to a user namespace.
.TP
.BR CLONE_NEWUTS " (since Linux 3.0)"
.I fd
must refer to a UTS namespace.
.PP
Specifying
.I nstype
as 0 suffices if the caller knows (or does not care)
what type of namespace is referred to by
.IR fd .
Specifying a nonzero value for
.I nstype
is useful if the caller does not know what type of namespace is referred to by
.IR fd
and wants to ensure that the namespace is of a particular type.
(The caller might not know the type of the namespace referred to by
.IR fd
if the file descriptor was opened by another process and, for example,
passed to the caller via a UNIX domain socket.)

.B CLONE_NEWPID
behaves somewhat differently from the other
.I nstype
values:
reassociating the calling thread with a PID namespace only changes
the PID namespace that child processes of the caller will be created in;
it does not change the PID namespace of the caller itself.
Reassociating with a PID namespace is only allowed if the
PID namespace specified by
.IR fd
is a descendant (child, grandchild, etc.)
of the PID namespace of the caller.
For further details on PID namespaces, see
.BR user_namespaces (7).

A multithreaded process may not change user namespace with
.BR setns ().
It is not permitted to use
.BR setns ()
to reenter the caller's current user namespace.
This prevents a caller that has dropped capabilities from regaining
those capabilities via a call to
.BR setns ().

A process reassociating itself with a user namespace must have the
.B CAP_SYS_ADMIN
.\" See kernel/user_namespace.c:userns_install() [3.8 source]
capability in the target user namespace.
Upon successfully joining a user namespace,
a process is granted all capabilities in that namespace,
regardless of its user and group IDs.

A process may not be reassociated with a new mount namespace if it is
multithreaded.
.\" Above check is in fs/namespace.c:mntns_install() [3.8 source]
Changing the mount namespace requires that the caller possess both
.B CAP_SYS_CHROOT
and
.BR CAP_SYS_ADMIN 
capabilities in its own user namespace and
.BR CAP_SYS_ADMIN 
in the target mount namespace.
.SH RETURN VALUE
On success,
.IR setns ()
returns 0.
On failure, \-1 is returned and
.I errno
is set to indicate the error.
.SH ERRORS
.TP
.B EBADF
.I fd
is not a valid file descriptor.
.TP
.B EINVAL
.I fd
refers to a namespace whose type does not match that specified in
.IR nstype ,
or there is problem with reassociating
the thread with the specified namespace.
.TP
.B EINVAL
The caller attempted to join the user namespace
in which it is already a member.
.TP
.B ENOMEM
Cannot allocate sufficient memory to change the specified namespace.
.TP
.B EPERM
The calling thread did not have the required capability
for this operation.
.SH VERSIONS
The
.BR setns ()
system call first appeared in Linux in kernel 3.0;
library support was added to glibc in version 2.14.
.SH CONFORMING TO
The
.BR setns ()
system call is Linux-specific.
.SH NOTES
Not all of the attributes that can be shared when
a new thread is created using
.BR clone (2)
can be changed using
.BR setns ().
.SH EXAMPLE
The program below takes two or more arguments.
The first argument specifies the pathname of a namespace file in an existing
.I /proc/[pid]/ns/
directory.
The remaining arguments specify a command and its arguments.
The program opens the namespace file, joins that namespace using
.BR setns (),
and executes the specified command inside that namespace.

The following shell session demonstrates the use of this program
(compiled as a binary named
.IR ns_exec )
in conjunction with the
.BR CLONE_NEWUTS
example program in the
.BR clone (2)
man page (complied as a binary named
.IR newuts ).

We begin by executing the example program in
.BR clone (2)
in the background.
That program creates a child in a separate UTS namespace.
The child changes the hostname in its namespace,
and then both processes display the hostnames in their UTS namespaces,
so that we can see that they are different.

.nf
.in +4n
$ \fBsu\fP                   # Need privilege for namespace operations
Password:
# \fB./newuts bizarro &\fP
[1] 3549
clone() returned 3550
uts.nodename in child:  bizarro
uts.nodename in parent: antero
# \fBuname \-n\fP             # Verify hostname in the shell
antero
.in
.fi

We then run the program shown below,
using it to execute a shell.
Inside that shell, we verify that the hostname is the one
set by the child created by the first program:

.nf
.in +4n
# \fB./ns_exec /proc/3550/ns/uts /bin/bash\fP
# \fBuname \-n\fP             # Executed in shell started by ns_exec
bizarro
.in
.fi
.SS Program source
.nf
#define _GNU_SOURCE
#include <fcntl.h>
#include <sched.h>
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>

#define errExit(msg)    do { perror(msg); exit(EXIT_FAILURE); \\
                        } while (0)

int
main(int argc, char *argv[])
{
    int fd;

    if (argc < 3) {
        fprintf(stderr, "%s /proc/PID/ns/FILE cmd args...\\n", argv[0]);
        exit(EXIT_FAILURE);
    }

    fd = open(argv[1], O_RDONLY);   /* Get descriptor for namespace */
    if (fd == \-1)
        errExit("open");

    if (setns(fd, 0) == \-1)         /* Join that namespace */
        errExit("setns");

    execvp(argv[2], &argv[2]);      /* Execute a command in namespace */
    errExit("execvp");
}
.fi
.SH SEE ALSO
.BR clone (2),
.BR fork (2),
.BR unshare (2),
.BR vfork (2),
.BR namespaces (7),
.BR unix (7)
Commit	Line	Data
dfa22c8b	1	.\" Copyright (C) 2011, Eric Biederman <ebiederm@xmission.com>
8d41e607	2	.\" and Copyright (C) 2011, 2012, Michael Kerrisk <mtk.manpages@gamil.com>
2297bf0e	3	.\"
c4a99c30	4	.\" %%%LICENSE_START(GPLv2_ONELINE)
dfa22c8b	5	.\" Licensed under the GPLv2
8ff7380d	6	.\" %%%LICENSE_END
dfa22c8b	7	.\"
8d41e607	8	.TH SETNS 2 2013-01-01 "Linux" "Linux Programmer's Manual"
dfa22c8b	9	.SH NAME
7aa166c5	10	setns \- reassociate thread with a namespace
dfa22c8b EB	11	.SH SYNOPSIS
	12	.nf
	13	.BR "#define _GNU_SOURCE" " /* See feature_test_macros(7) */"
	14	.B #include <sched.h>
	15	.sp
	16	.BI "int setns(int " fd ", int " nstype );
	17	.fi
	18	.SH DESCRIPTION
c07ad242	19	Given a file descriptor referring to a namespace,
7aa166c5	20	reassociate the calling thread with that namespace.
dfa22c8b	21
92dcb220 MK	22	The
	23	.I fd
	24	argument is a file descriptor referring to one of the namespace entries in a
	25	.I /proc/[pid]/ns/
	26	directory; see
13009cfa	27	.BR namespaces (5)
c409c4ff	28	for further information on
92dcb220	29	.IR /proc/[pid]/ns/ .
7aa166c5	30	The calling thread will be reassociated with the corresponding namespace,
92dcb220 MK	31	subject to any constraints imposed by the
	32	.I nstype
	33	argument.
	34
dfa22c8b EB	35	The
dfa22c8b EB	36	.I nstype
c07ad242	37	argument specifies which type of namespace
7aa166c5	38	the calling thread may be reassociated with.
4e1e208d	39	This argument can have one of the following values:
dfa22c8b EB	40	.TP
dfa22c8b EB	41	.BR 0
92dcb220	42	Allow any type of namespace to be joined.
dfa22c8b	43	.TP
268a93cb	44	.BR CLONE_NEWIPC " (since Linux 3.0)"
92dcb220 MK	45	.I fd
92dcb220 MK	46	must refer to an IPC namespace.
dfa22c8b	47	.TP
268a93cb	48	.BR CLONE_NEWNET " (since Linux 3.0)"
92dcb220 MK	49	.I fd
92dcb220 MK	50	must refer to a network namespace.
dfa22c8b	51	.TP
268a93cb	52	.BR CLONE_NEWNS " (since Linux 3.8)"
99fd2fe3 EB	53	.I fd
	54	must refer to a mount namespace.
	55	.TP
268a93cb	56	.BR CLONE_NEWPID " (since Linux 3.8)"
99fd2fe3 EB	57	.I fd
	58	must refer to a PID namespace.
	59	.TP
268a93cb	60	.BR CLONE_NEWUSER " (since Linux 3.8)"
99fd2fe3 EB	61	.I fd
	62	must refer to a user namespace.
	63	.TP
268a93cb	64	.BR CLONE_NEWUTS " (since Linux 3.0)"
92dcb220 MK	65	.I fd
92dcb220 MK	66	must refer to a UTS namespace.
dfa22c8b	67	.PP
92dcb220 MK	68	Specifying
	69	.I nstype
	70	as 0 suffices if the caller knows (or does not care)
	71	what type of namespace is referred to by
	72	.IR fd .
	73	Specifying a nonzero value for
	74	.I nstype
	75	is useful if the caller does not know what type of namespace is referred to by
	76	.IR fd
	77	and wants to ensure that the namespace is of a particular type.
	78	(The caller might not know the type of the namespace referred to by
	79	.IR fd
	80	if the file descriptor was opened by another process and, for example,
	81	passed to the caller via a UNIX domain socket.)
99fd2fe3	82
f16c7698 MK	83	.B CLONE_NEWPID
	84	behaves somewhat differently from the other
	85	.I nstype
	86	values:
	87	reassociating the calling thread with a PID namespace only changes
	88	the PID namespace that child processes of the caller will be created in;
	89	it does not change the PID namespace of the caller itself.
	90	Reassociating with a PID namespace is only allowed if the
cd7e05aa	91	PID namespace specified by
99fd2fe3	92	.IR fd
f16c7698	93	is a descendant (child, grandchild, etc.)
773f59eb	94	of the PID namespace of the caller.
5c8d010b MK	95	For further details on PID namespaces, see
5c8d010b MK	96	.BR user_namespaces (7).
99fd2fe3	97
5c67baab	98	A multithreaded process may not change user namespace with
cd7e05aa	99	.BR setns ().
81714b4f MK	100	It is not permitted to use
	101	.BR setns ()
	102	to reenter the caller's current user namespace.
	103	This prevents a caller that has dropped capabilities from regaining
	104	those capabilities via a call to
	105	.BR setns ().
7612b8a7	106
7fc8e5ec	107	A process reassociating itself with a user namespace must have the
cd7e05aa	108	.B CAP_SYS_ADMIN
49af76fe	109	.\" See kernel/user_namespace.c:userns_install() [3.8 source]
7fc8e5ec	110	capability in the target user namespace.
7612b8a7 MK	111	Upon successfully joining a user namespace,
	112	a process is granted all capabilities in that namespace,
	113	regardless of its user and group IDs.
99fd2fe3 EB	114
99fd2fe3 EB	115	A process may not be reassociated with a new mount namespace if it is
5c67baab	116	multithreaded.
49af76fe MK	117	.\" Above check is in fs/namespace.c:mntns_install() [3.8 source]
49af76fe MK	118	Changing the mount namespace requires that the caller possess both
cd7e05aa MK	119	.B CAP_SYS_CHROOT
cd7e05aa MK	120	and
49af76fe	121	.BR CAP_SYS_ADMIN
21bfe3e9 MK	122	capabilities in its own user namespace and
	123	.BR CAP_SYS_ADMIN
	124	in the target mount namespace.
dfa22c8b	125	.SH RETURN VALUE
92dcb220 MK	126	On success,
	127	.IR setns ()
	128	returns 0.
dfa22c8b EB	129	On failure, \-1 is returned and
	130	.I errno
	131	is set to indicate the error.
	132	.SH ERRORS
	133	.TP
dfa22c8b	134	.B EBADF
c07ad242 MK	135	.I fd
c07ad242 MK	136	is not a valid file descriptor.
dfa22c8b EB	137	.TP
dfa22c8b EB	138	.B EINVAL
92dcb220 MK	139	.I fd
92dcb220 MK	140	refers to a namespace whose type does not match that specified in
7aa166c5	141	.IR nstype ,
49af76fe	142	or there is problem with reassociating
7aa166c5	143	the thread with the specified namespace.
dfa22c8b	144	.TP
edc3c3b4 MK	145	.B EINVAL
	146	The caller attempted to join the user namespace
	147	in which it is already a member.
	148	.TP
dfa22c8b EB	149	.B ENOMEM
dfa22c8b EB	150	Cannot allocate sufficient memory to change the specified namespace.
dfa22c8b EB	151	.TP
dfa22c8b EB	152	.B EPERM
7fc8e5ec	153	The calling thread did not have the required capability
63b6ef41	154	for this operation.
dfa22c8b EB	155	.SH VERSIONS
	156	The
	157	.BR setns ()
c95b6ae1	158	system call first appeared in Linux in kernel 3.0;
268a93cb	159	library support was added to glibc in version 2.14.
dfa22c8b EB	160	.SH CONFORMING TO
	161	The
	162	.BR setns ()
	163	system call is Linux-specific.
	164	.SH NOTES
7aa166c5 MK	165	Not all of the attributes that can be shared when
7aa166c5 MK	166	a new thread is created using
dfa22c8b EB	167	.BR clone (2)
	168	can be changed using
	169	.BR setns ().
8d41e607 MK	170	.SH EXAMPLE
	171	The program below takes two or more arguments.
	172	The first argument specifies the pathname of a namespace file in an existing
	173	.I /proc/[pid]/ns/
	174	directory.
	175	The remaining arguments specify a command and its arguments.
	176	The program opens the namespace file, joins that namespace using
	177	.BR setns (),
	178	and executes the specified command inside that namespace.
	179
	180	The following shell session demonstrates the use of this program
	181	(compiled as a binary named
a1ce9159	182	.IR ns_exec )
8d41e607 MK	183	in conjunction with the
	184	.BR CLONE_NEWUTS
	185	example program in the
	186	.BR clone (2)
	187	man page (complied as a binary named
	188	.IR newuts ).
	189
	190	We begin by executing the example program in
	191	.BR clone (2)
	192	in the background.
	193	That program creates a child in a separate UTS namespace.
51ebe080	194	The child changes the hostname in its namespace,
8d41e607 MK	195	and then both processes display the hostnames in their UTS namespaces,
	196	so that we can see that they are different.
	197
	198	.nf
	199	.in +4n
	200	$ \fBsu\fP # Need privilege for namespace operations
9f1b9726	201	Password:
8d41e607 MK	202	# \fB./newuts bizarro &\fP
	203	[1] 3549
	204	clone() returned 3550
	205	uts.nodename in child: bizarro
	206	uts.nodename in parent: antero
5c977011	207	# \fBuname \-n\fP # Verify hostname in the shell
8d41e607 MK	208	antero
	209	.in
	210	.fi
	211
	212	We then run the program shown below,
	213	using it to execute a shell.
	214	Inside that shell, we verify that the hostname is the one
	215	set by the child created by the first program:
	216
	217	.nf
	218	.in +4n
a1ce9159	219	# \fB./ns_exec /proc/3550/ns/uts /bin/bash\fP
5c977011	220	# \fBuname \-n\fP # Executed in shell started by ns_exec
8d41e607 MK	221	bizarro
	222	.in
	223	.fi
8d41e607 MK	224	.SS Program source
	225	.nf
	226	#define _GNU_SOURCE
	227	#include <fcntl.h>
	228	#include <sched.h>
	229	#include <unistd.h>
	230	#include <stdlib.h>
	231	#include <stdio.h>
	232
	233	#define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \\
	234	} while (0)
	235
	236	int
	237	main(int argc, char *argv[])
	238	{
	239	int fd;
	240
	241	if (argc < 3) {
	242	fprintf(stderr, "%s /proc/PID/ns/FILE cmd args...\\n", argv[0]);
	243	exit(EXIT_FAILURE);
	244	}
	245
	246	fd = open(argv[1], O_RDONLY); /* Get descriptor for namespace */
	247	if (fd == \-1)
	248	errExit("open");
	249
	250	if (setns(fd, 0) == \-1) /* Join that namespace */
	251	errExit("setns");
	252
	253	execvp(argv[2], &argv[2]); /* Execute a command in namespace */
	254	errExit("execvp");
	255	}
	256	.fi
dfa22c8b EB	257	.SH SEE ALSO
	258	.BR clone (2),
	259	.BR fork (2),
2a9f74a9	260	.BR unshare (2),
b93a34b5	261	.BR vfork (2),
41096af1	262	.BR namespaces (7),
92dcb220	263	.BR unix (7)