[thirdparty/man-pages.git] / man2 / setns.2

.\" Copyright (C) 2011, Eric Biederman <ebiederm@xmission.com>
.\" and Copyright (C) 2011, 2012, Michael Kerrisk <mtk.manpages@gmail.com>
.\"
.\" %%%LICENSE_START(GPLv2_ONELINE)
.\" Licensed under the GPLv2
.\" %%%LICENSE_END
.\"
.TH SETNS 2 2017-09-15 "Linux" "Linux Programmer's Manual"
.SH NAME
setns \- reassociate thread with a namespace
.SH SYNOPSIS
.nf
.BR "#define _GNU_SOURCE" "             /* See feature_test_macros(7) */"
.B #include <sched.h>
.PP
.BI "int setns(int " fd ", int " nstype );
.fi
.SH DESCRIPTION
Given a file descriptor referring to a namespace,
reassociate the calling thread with that namespace.
.PP
The
.I fd
argument is a file descriptor referring to one of the namespace entries in a
.I /proc/[pid]/ns/
directory; see
.BR namespaces (7)
for further information on
.IR /proc/[pid]/ns/ .
The calling thread will be reassociated with the corresponding namespace,
subject to any constraints imposed by the
.I nstype
argument.
.PP
The
.I nstype
argument specifies which type of namespace
the calling thread may be reassociated with.
This argument can have one of the following values:
.TP
.BR 0
Allow any type of namespace to be joined.
.TP
.BR CLONE_NEWCGROUP " (since Linux 4.6)"
.I fd
must refer to a cgroup namespace.
.TP
.BR CLONE_NEWIPC " (since Linux 3.0)"
.I fd
must refer to an IPC namespace.
.TP
.BR CLONE_NEWNET " (since Linux 3.0)"
.I fd
must refer to a network namespace.
.TP
.BR CLONE_NEWNS " (since Linux 3.8)"
.I fd
must refer to a mount namespace.
.TP
.BR CLONE_NEWPID " (since Linux 3.8)"
.I fd
must refer to a descendant PID namespace.
.TP
.BR CLONE_NEWUSER " (since Linux 3.8)"
.I fd
must refer to a user namespace.
.TP
.BR CLONE_NEWUTS " (since Linux 3.0)"
.I fd
must refer to a UTS namespace.
.PP
Specifying
.I nstype
as 0 suffices if the caller knows (or does not care)
what type of namespace is referred to by
.IR fd .
Specifying a nonzero value for
.I nstype
is useful if the caller does not know what type of namespace is referred to by
.IR fd
and wants to ensure that the namespace is of a particular type.
(The caller might not know the type of the namespace referred to by
.IR fd
if the file descriptor was opened by another process and, for example,
passed to the caller via a UNIX domain socket.)
.PP
If
.I fd
refers to a PID namespaces, the semantics are somewhat different
from other namespace types:
reassociating the calling thread with a PID namespace changes only
the PID namespace that subsequently created child processes of
the caller will be placed in;
it does not change the PID namespace of the caller itself.
Reassociating with a PID namespace is allowed only if the
PID namespace specified by
.IR fd
is a descendant (child, grandchild, etc.)
of the PID namespace of the caller.
For further details on PID namespaces, see
.BR pid_namespaces (7).
.PP
A process reassociating itself with a user namespace must have the
.B CAP_SYS_ADMIN
.\" See kernel/user_namespace.c:userns_install() [3.8 source]
capability in the target user namespace.
Upon successfully joining a user namespace,
a process is granted all capabilities in that namespace,
regardless of its user and group IDs.
A multithreaded process may not change user namespace with
.BR setns ().
It is not permitted to use
.BR setns ()
to reenter the caller's current user namespace.
This prevents a caller that has dropped capabilities from regaining
those capabilities via a call to
.BR setns ().
For security reasons,
.\" commit e66eded8309ebf679d3d3c1f5820d1f2ca332c71
.\" https://lwn.net/Articles/543273/
a process can't join a new user namespace if it is sharing
filesystem-related attributes
(the attributes whose sharing is controlled by the
.BR clone (2)
.B CLONE_FS
flag) with another process.
For further details on user namespaces, see
.BR user_namespaces (7).
.PP
A process may not be reassociated with a new mount namespace if it is
multithreaded.
.\" Above check is in fs/namespace.c:mntns_install() [3.8 source]
Changing the mount namespace requires that the caller possess both
.B CAP_SYS_CHROOT
and
.BR CAP_SYS_ADMIN
capabilities in its own user namespace and
.BR CAP_SYS_ADMIN
in the target mount namespace.
See
.BR user_namespaces (7)
for details on the interaction of user namespaces and mount namespaces.
.PP
Using
.BR setns ()
to change the caller's cgroup namespace does not change
the caller's cgroup memberships.
.SH RETURN VALUE
On success,
.BR setns ()
returns 0.
On failure, \-1 is returned and
.I errno
is set to indicate the error.
.SH ERRORS
.TP
.B EBADF
.I fd
is not a valid file descriptor.
.TP
.B EINVAL
.I fd
refers to a namespace whose type does not match that specified in
.IR nstype .
.TP
.B EINVAL
There is problem with reassociating
the thread with the specified namespace.
.TP
.\" See kernel/pid_namespace.c::pidns_install() [kernel 3.18 sources]
.B EINVAL
The caller tried to join an ancestor (parent, grandparent, and so on)
PID namespace.
.TP
.B EINVAL
The caller attempted to join the user namespace
in which it is already a member.
.TP
.B EINVAL
.\" commit e66eded8309ebf679d3d3c1f5820d1f2ca332c71
The caller shares filesystem
.RB ( CLONE_FS )
state (in particular, the root directory)
with other processes and tried to join a new user namespace.
.TP
.B EINVAL
.\" See kernel/user_namespace.c::userns_install() [kernel 3.15 sources]
The caller is multithreaded and tried to join a new user namespace.
.TP
.B ENOMEM
Cannot allocate sufficient memory to change the specified namespace.
.TP
.B EPERM
The calling thread did not have the required capability
for this operation.
.SH VERSIONS
The
.BR setns ()
system call first appeared in Linux in kernel 3.0;
library support was added to glibc in version 2.14.
.SH CONFORMING TO
The
.BR setns ()
system call is Linux-specific.
.SH NOTES
Not all of the attributes that can be shared when
a new thread is created using
.BR clone (2)
can be changed using
.BR setns ().
.SH EXAMPLE
The program below takes two or more arguments.
The first argument specifies the pathname of a namespace file in an existing
.I /proc/[pid]/ns/
directory.
The remaining arguments specify a command and its arguments.
The program opens the namespace file, joins that namespace using
.BR setns (),
and executes the specified command inside that namespace.
.PP
The following shell session demonstrates the use of this program
(compiled as a binary named
.IR ns_exec )
in conjunction with the
.BR CLONE_NEWUTS
example program in the
.BR clone (2)
man page (complied as a binary named
.IR newuts ).
.PP
We begin by executing the example program in
.BR clone (2)
in the background.
That program creates a child in a separate UTS namespace.
The child changes the hostname in its namespace,
and then both processes display the hostnames in their UTS namespaces,
so that we can see that they are different.
.PP
.in +4n
.EX
$ \fBsu\fP                   # Need privilege for namespace operations
Password:
# \fB./newuts bizarro &\fP
[1] 3549
clone() returned 3550
uts.nodename in child:  bizarro
uts.nodename in parent: antero
# \fBuname \-n\fP             # Verify hostname in the shell
antero
.EE
.in
.PP
We then run the program shown below,
using it to execute a shell.
Inside that shell, we verify that the hostname is the one
set by the child created by the first program:
.PP
.in +4n
.EX
# \fB./ns_exec /proc/3550/ns/uts /bin/bash\fP
# \fBuname \-n\fP             # Executed in shell started by ns_exec
bizarro
.EE
.in
.SS Program source
.EX
#define _GNU_SOURCE
#include <fcntl.h>
#include <sched.h>
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>

#define errExit(msg)    do { perror(msg); exit(EXIT_FAILURE); \\
                        } while (0)

int
main(int argc, char *argv[])
{
    int fd;

    if (argc < 3) {
        fprintf(stderr, "%s /proc/PID/ns/FILE cmd args...\\n", argv[0]);
        exit(EXIT_FAILURE);
    }

    fd = open(argv[1], O_RDONLY);  /* Get file descriptor for namespace */
    if (fd == \-1)
        errExit("open");

    if (setns(fd, 0) == \-1)        /* Join that namespace */
        errExit("setns");

    execvp(argv[2], &argv[2]);     /* Execute a command in namespace */
    errExit("execvp");
}
.EE
.SH SEE ALSO
.BR nsenter (1),
.BR clone (2),
.BR fork (2),
.BR unshare (2),
.BR vfork (2),
.BR namespaces (7),
.BR unix (7)
Commit	Line	Data
dfa22c8b	1	.\" Copyright (C) 2011, Eric Biederman <ebiederm@xmission.com>
83825f79	2	.\" and Copyright (C) 2011, 2012, Michael Kerrisk <mtk.manpages@gmail.com>
2297bf0e	3	.\"
c4a99c30	4	.\" %%%LICENSE_START(GPLv2_ONELINE)
dfa22c8b	5	.\" Licensed under the GPLv2
8ff7380d	6	.\" %%%LICENSE_END
dfa22c8b	7	.\"
4b8c67d9	8	.TH SETNS 2 2017-09-15 "Linux" "Linux Programmer's Manual"
dfa22c8b	9	.SH NAME
7aa166c5	10	setns \- reassociate thread with a namespace
dfa22c8b EB	11	.SH SYNOPSIS
	12	.nf
	13	.BR "#define _GNU_SOURCE" " /* See feature_test_macros(7) */"
	14	.B #include <sched.h>
68e4db0a	15	.PP
dfa22c8b EB	16	.BI "int setns(int " fd ", int " nstype );
	17	.fi
	18	.SH DESCRIPTION
c07ad242	19	Given a file descriptor referring to a namespace,
7aa166c5	20	reassociate the calling thread with that namespace.
efeece04	21	.PP
92dcb220 MK	22	The
	23	.I fd
	24	argument is a file descriptor referring to one of the namespace entries in a
	25	.I /proc/[pid]/ns/
	26	directory; see
6edfe909	27	.BR namespaces (7)
c409c4ff	28	for further information on
92dcb220	29	.IR /proc/[pid]/ns/ .
7aa166c5	30	The calling thread will be reassociated with the corresponding namespace,
92dcb220 MK	31	subject to any constraints imposed by the
	32	.I nstype
	33	argument.
efeece04	34	.PP
dfa22c8b EB	35	The
dfa22c8b EB	36	.I nstype
c07ad242	37	argument specifies which type of namespace
7aa166c5	38	the calling thread may be reassociated with.
4e1e208d	39	This argument can have one of the following values:
dfa22c8b EB	40	.TP
dfa22c8b EB	41	.BR 0
92dcb220	42	Allow any type of namespace to be joined.
dfa22c8b	43	.TP
46dd3176 MK	44	.BR CLONE_NEWCGROUP " (since Linux 4.6)"
	45	.I fd
	46	must refer to a cgroup namespace.
	47	.TP
268a93cb	48	.BR CLONE_NEWIPC " (since Linux 3.0)"
92dcb220 MK	49	.I fd
92dcb220 MK	50	must refer to an IPC namespace.
dfa22c8b	51	.TP
268a93cb	52	.BR CLONE_NEWNET " (since Linux 3.0)"
92dcb220 MK	53	.I fd
92dcb220 MK	54	must refer to a network namespace.
dfa22c8b	55	.TP
268a93cb	56	.BR CLONE_NEWNS " (since Linux 3.8)"
99fd2fe3 EB	57	.I fd
	58	must refer to a mount namespace.
	59	.TP
268a93cb	60	.BR CLONE_NEWPID " (since Linux 3.8)"
99fd2fe3	61	.I fd
ba7d7ed9	62	must refer to a descendant PID namespace.
99fd2fe3	63	.TP
268a93cb	64	.BR CLONE_NEWUSER " (since Linux 3.8)"
99fd2fe3 EB	65	.I fd
	66	must refer to a user namespace.
	67	.TP
268a93cb	68	.BR CLONE_NEWUTS " (since Linux 3.0)"
92dcb220 MK	69	.I fd
92dcb220 MK	70	must refer to a UTS namespace.
dfa22c8b	71	.PP
92dcb220 MK	72	Specifying
	73	.I nstype
	74	as 0 suffices if the caller knows (or does not care)
	75	what type of namespace is referred to by
	76	.IR fd .
	77	Specifying a nonzero value for
	78	.I nstype
	79	is useful if the caller does not know what type of namespace is referred to by
	80	.IR fd
	81	and wants to ensure that the namespace is of a particular type.
	82	(The caller might not know the type of the namespace referred to by
	83	.IR fd
	84	if the file descriptor was opened by another process and, for example,
	85	passed to the caller via a UNIX domain socket.)
efeece04	86	.PP
16ee7285 MK	87	If
	88	.I fd
	89	refers to a PID namespaces, the semantics are somewhat different
	90	from other namespace types:
59363bb4	91	reassociating the calling thread with a PID namespace changes only
16ee7285 MK	92	the PID namespace that subsequently created child processes of
16ee7285 MK	93	the caller will be placed in;
f16c7698	94	it does not change the PID namespace of the caller itself.
59363bb4	95	Reassociating with a PID namespace is allowed only if the
cd7e05aa	96	PID namespace specified by
99fd2fe3	97	.IR fd
f16c7698	98	is a descendant (child, grandchild, etc.)
773f59eb	99	of the PID namespace of the caller.
5c8d010b	100	For further details on PID namespaces, see
9f4bb2a6	101	.BR pid_namespaces (7).
efeece04	102	.PP
ec66fbff MK	103	A process reassociating itself with a user namespace must have the
	104	.B CAP_SYS_ADMIN
	105	.\" See kernel/user_namespace.c:userns_install() [3.8 source]
	106	capability in the target user namespace.
	107	Upon successfully joining a user namespace,
	108	a process is granted all capabilities in that namespace,
	109	regardless of its user and group IDs.
5c67baab	110	A multithreaded process may not change user namespace with
cd7e05aa	111	.BR setns ().
81714b4f MK	112	It is not permitted to use
	113	.BR setns ()
	114	to reenter the caller's current user namespace.
	115	This prevents a caller that has dropped capabilities from regaining
	116	those capabilities via a call to
	117	.BR setns ().
85e34225 MK	118	For security reasons,
	119	.\" commit e66eded8309ebf679d3d3c1f5820d1f2ca332c71
	120	.\" https://lwn.net/Articles/543273/
	121	a process can't join a new user namespace if it is sharing
8db37760	122	filesystem-related attributes
85e34225 MK	123	(the attributes whose sharing is controlled by the
	124	.BR clone (2)
	125	.B CLONE_FS
	126	flag) with another process.
e57c3979	127	For further details on user namespaces, see
ec66fbff	128	.BR user_namespaces (7).
efeece04	129	.PP
99fd2fe3	130	A process may not be reassociated with a new mount namespace if it is
5c67baab	131	multithreaded.
49af76fe MK	132	.\" Above check is in fs/namespace.c:mntns_install() [3.8 source]
49af76fe MK	133	Changing the mount namespace requires that the caller possess both
cd7e05aa MK	134	.B CAP_SYS_CHROOT
cd7e05aa MK	135	and
f5d401dd	136	.BR CAP_SYS_ADMIN
21bfe3e9	137	capabilities in its own user namespace and
f5d401dd	138	.BR CAP_SYS_ADMIN
21bfe3e9	139	in the target mount namespace.
53d084e8 MK	140	See
	141	.BR user_namespaces (7)
	142	for details on the interaction of user namespaces and mount namespaces.
efeece04	143	.PP
46dd3176 MK	144	Using
	145	.BR setns ()
	146	to change the caller's cgroup namespace does not change
	147	the caller's cgroup memberships.
dfa22c8b	148	.SH RETURN VALUE
92dcb220	149	On success,
577b1ed5	150	.BR setns ()
92dcb220	151	returns 0.
dfa22c8b EB	152	On failure, \-1 is returned and
	153	.I errno
	154	is set to indicate the error.
	155	.SH ERRORS
	156	.TP
dfa22c8b	157	.B EBADF
c07ad242 MK	158	.I fd
c07ad242 MK	159	is not a valid file descriptor.
dfa22c8b EB	160	.TP
dfa22c8b EB	161	.B EINVAL
92dcb220 MK	162	.I fd
92dcb220 MK	163	refers to a namespace whose type does not match that specified in
16fe718f MK	164	.IR nstype .
	165	.TP
	166	.B EINVAL
	167	There is problem with reassociating
7aa166c5	168	the thread with the specified namespace.
dfa22c8b	169	.TP
ba7d7ed9 MF	170	.\" See kernel/pid_namespace.c::pidns_install() [kernel 3.18 sources]
ba7d7ed9 MF	171	.B EINVAL
c9b0afde MK	172	The caller tried to join an ancestor (parent, grandparent, and so on)
c9b0afde MK	173	PID namespace.
ba7d7ed9	174	.TP
edc3c3b4 MK	175	.B EINVAL
	176	The caller attempted to join the user namespace
	177	in which it is already a member.
	178	.TP
e63259f2 MK	179	.B EINVAL
	180	.\" commit e66eded8309ebf679d3d3c1f5820d1f2ca332c71
	181	The caller shares filesystem
	182	.RB ( CLONE_FS )
	183	state (in particular, the root directory)
	184	with other processes and tried to join a new user namespace.
	185	.TP
	186	.B EINVAL
	187	.\" See kernel/user_namespace.c::userns_install() [kernel 3.15 sources]
	188	The caller is multithreaded and tried to join a new user namespace.
	189	.TP
dfa22c8b EB	190	.B ENOMEM
dfa22c8b EB	191	Cannot allocate sufficient memory to change the specified namespace.
dfa22c8b EB	192	.TP
dfa22c8b EB	193	.B EPERM
7fc8e5ec	194	The calling thread did not have the required capability
63b6ef41	195	for this operation.
dfa22c8b EB	196	.SH VERSIONS
	197	The
	198	.BR setns ()
c95b6ae1	199	system call first appeared in Linux in kernel 3.0;
268a93cb	200	library support was added to glibc in version 2.14.
dfa22c8b EB	201	.SH CONFORMING TO
	202	The
	203	.BR setns ()
	204	system call is Linux-specific.
	205	.SH NOTES
7aa166c5 MK	206	Not all of the attributes that can be shared when
7aa166c5 MK	207	a new thread is created using
dfa22c8b EB	208	.BR clone (2)
	209	can be changed using
	210	.BR setns ().
8d41e607 MK	211	.SH EXAMPLE
	212	The program below takes two or more arguments.
	213	The first argument specifies the pathname of a namespace file in an existing
	214	.I /proc/[pid]/ns/
	215	directory.
	216	The remaining arguments specify a command and its arguments.
	217	The program opens the namespace file, joins that namespace using
	218	.BR setns (),
	219	and executes the specified command inside that namespace.
efeece04	220	.PP
8d41e607 MK	221	The following shell session demonstrates the use of this program
8d41e607 MK	222	(compiled as a binary named
a1ce9159	223	.IR ns_exec )
8d41e607 MK	224	in conjunction with the
	225	.BR CLONE_NEWUTS
	226	example program in the
	227	.BR clone (2)
	228	man page (complied as a binary named
	229	.IR newuts ).
efeece04	230	.PP
8d41e607 MK	231	We begin by executing the example program in
	232	.BR clone (2)
	233	in the background.
	234	That program creates a child in a separate UTS namespace.
51ebe080	235	The child changes the hostname in its namespace,
8d41e607 MK	236	and then both processes display the hostnames in their UTS namespaces,
8d41e607 MK	237	so that we can see that they are different.
efeece04	238	.PP
8d41e607	239	.in +4n
b8302363	240	.EX
8d41e607	241	$ \fBsu\fP # Need privilege for namespace operations
9f1b9726	242	Password:
8d41e607 MK	243	# \fB./newuts bizarro &\fP
	244	[1] 3549
	245	clone() returned 3550
	246	uts.nodename in child: bizarro
	247	uts.nodename in parent: antero
5c977011	248	# \fBuname \-n\fP # Verify hostname in the shell
8d41e607	249	antero
b8302363	250	.EE
e646a1ba	251	.in
efeece04	252	.PP
8d41e607 MK	253	We then run the program shown below,
	254	using it to execute a shell.
	255	Inside that shell, we verify that the hostname is the one
	256	set by the child created by the first program:
efeece04	257	.PP
8d41e607	258	.in +4n
b8302363	259	.EX
a1ce9159	260	# \fB./ns_exec /proc/3550/ns/uts /bin/bash\fP
5c977011	261	# \fBuname \-n\fP # Executed in shell started by ns_exec
8d41e607	262	bizarro
b8302363	263	.EE
e646a1ba	264	.in
8d41e607	265	.SS Program source
e7d0bb47	266	.EX
8d41e607 MK	267	#define _GNU_SOURCE
	268	#include <fcntl.h>
	269	#include <sched.h>
	270	#include <unistd.h>
	271	#include <stdlib.h>
	272	#include <stdio.h>
	273
	274	#define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \\
	275	} while (0)
	276
	277	int
	278	main(int argc, char *argv[])
	279	{
	280	int fd;
	281
	282	if (argc < 3) {
	283	fprintf(stderr, "%s /proc/PID/ns/FILE cmd args...\\n", argv[0]);
	284	exit(EXIT_FAILURE);
	285	}
	286
d9cb0d7d	287	fd = open(argv[1], O_RDONLY); /* Get file descriptor for namespace */
8d41e607 MK	288	if (fd == \-1)
	289	errExit("open");
	290
d0c5d17b	291	if (setns(fd, 0) == \-1) /* Join that namespace */
8d41e607 MK	292	errExit("setns");
8d41e607 MK	293
d0c5d17b	294	execvp(argv[2], &argv[2]); /* Execute a command in namespace */
8d41e607 MK	295	errExit("execvp");
8d41e607 MK	296	}
e7d0bb47	297	.EE
dfa22c8b	298	.SH SEE ALSO
7680cb3e	299	.BR nsenter (1),
dfa22c8b EB	300	.BR clone (2),
dfa22c8b EB	301	.BR fork (2),
2a9f74a9	302	.BR unshare (2),
b93a34b5	303	.BR vfork (2),
41096af1	304	.BR namespaces (7),
92dcb220	305	.BR unix (7)