[thirdparty/man-pages.git] / man2 / setns.2

.\" Copyright (C) 2011, Eric Biederman <ebiederm@xmission.com>
.\" and Copyright (C) 2011, 2012, Michael Kerrisk <mtk.manpages@gmail.com>
.\"
.\" %%%LICENSE_START(GPLv2_ONELINE)
.\" Licensed under the GPLv2
.\" %%%LICENSE_END
.\"
.TH SETNS 2 2017-09-15 "Linux" "Linux Programmer's Manual"
.SH NAME
setns \- reassociate thread with a namespace
.SH SYNOPSIS
.nf
.BR "#define _GNU_SOURCE" "             /* See feature_test_macros(7) */"
.B #include <sched.h>
.PP
.BI "int setns(int " fd ", int " nstype );
.fi
.SH DESCRIPTION
Given a file descriptor referring to a namespace,
reassociate the calling thread with that namespace.
.PP
The
.I fd
argument is a file descriptor referring to one of the namespace entries in a
.I /proc/[pid]/ns/
directory; see
.BR namespaces (7)
for further information on
.IR /proc/[pid]/ns/ .
The calling thread will be reassociated with the corresponding namespace,
subject to any constraints imposed by the
.I nstype
argument.
.PP
The
.I nstype
argument specifies which type of namespace
the calling thread may be reassociated with.
This argument can have one of the following values:
.TP
.BR 0
Allow any type of namespace to be joined.
.TP
.BR CLONE_NEWCGROUP " (since Linux 4.6)"
.I fd
must refer to a cgroup namespace.
.TP
.BR CLONE_NEWIPC " (since Linux 3.0)"
.I fd
must refer to an IPC namespace.
.TP
.BR CLONE_NEWNET " (since Linux 3.0)"
.I fd
must refer to a network namespace.
.TP
.BR CLONE_NEWNS " (since Linux 3.8)"
.I fd
must refer to a mount namespace.
.TP
.BR CLONE_NEWPID " (since Linux 3.8)"
.I fd
must refer to a descendant PID namespace.
.TP
.BR CLONE_NEWUSER " (since Linux 3.8)"
.I fd
must refer to a user namespace.
.TP
.BR CLONE_NEWUTS " (since Linux 3.0)"
.I fd
must refer to a UTS namespace.
.PP
Specifying
.I nstype
as 0 suffices if the caller knows (or does not care)
what type of namespace is referred to by
.IR fd .
Specifying a nonzero value for
.I nstype
is useful if the caller does not know what type of namespace is referred to by
.IR fd
and wants to ensure that the namespace is of a particular type.
(The caller might not know the type of the namespace referred to by
.IR fd
if the file descriptor was opened by another process and, for example,
passed to the caller via a UNIX domain socket.)
.\"
.SS Details for specific namespace types
Note the following details and restrictions when reassociating with
specific namespace types:
.TP
User namespaces
A process reassociating itself with a user namespace must have the
.B CAP_SYS_ADMIN
.\" See kernel/user_namespace.c:userns_install() [3.8 source]
capability in the target user namespace.
Upon successfully joining a user namespace,
a process is granted all capabilities in that namespace,
regardless of its user and group IDs.
.IP
A multithreaded process may not change user namespace with
.BR setns ().
.IP
It is not permitted to use
.BR setns ()
to reenter the caller's current user namespace.
This prevents a caller that has dropped capabilities from regaining
those capabilities via a call to
.BR setns ().
.IP
For security reasons,
.\" commit e66eded8309ebf679d3d3c1f5820d1f2ca332c71
.\" https://lwn.net/Articles/543273/
a process can't join a new user namespace if it is sharing
filesystem-related attributes
(the attributes whose sharing is controlled by the
.BR clone (2)
.B CLONE_FS
flag) with another process.
.IP
For further details on user namespaces, see
.BR user_namespaces (7).
.TP
Mount namespaces
Changing the mount namespace requires that the caller possess both
.B CAP_SYS_CHROOT
and
.BR CAP_SYS_ADMIN
capabilities in its own user namespace and
.BR CAP_SYS_ADMIN
in the the user namespace that owns the target mount namespace.
.IP
A process may not be reassociated with a new mount namespace if it is
multithreaded.
.\" Above check is in fs/namespace.c:mntns_install() [3.8 source]
.IP
See
.BR user_namespaces (7)
for details on the interaction of user namespaces and mount namespaces.
.TP
PID namespaces
In order to reassociate itself with a new PID namespace,
the calling process must have the
.B CAP_SYS_ADMIN
capability both in its own user namespace and in the user namespace
that owns the target PID namespace.
.IP
If
.I fd
refers to a PID namespace, the semantics are somewhat different
from other namespace types:
reassociating the calling thread with a PID namespace changes only
the PID namespace that subsequently created child processes of
the caller will be placed in;
it does not change the PID namespace of the caller itself.
.IP
Reassociating with a PID namespace is allowed only if the
PID namespace specified by
.IR fd
is a descendant (child, grandchild, etc.)
of the PID namespace of the caller.
.IP
For further details on PID namespaces, see
.BR pid_namespaces (7).
.TP
Cgroup namespaces
Using
.BR setns ()
to change the caller's cgroup namespace does not change
the caller's cgroup memberships.
.SH RETURN VALUE
On success,
.BR setns ()
returns 0.
On failure, \-1 is returned and
.I errno
is set to indicate the error.
.SH ERRORS
.TP
.B EBADF
.I fd
is not a valid file descriptor.
.TP
.B EINVAL
.I fd
refers to a namespace whose type does not match that specified in
.IR nstype .
.TP
.B EINVAL
There is problem with reassociating
the thread with the specified namespace.
.TP
.\" See kernel/pid_namespace.c::pidns_install() [kernel 3.18 sources]
.B EINVAL
The caller tried to join an ancestor (parent, grandparent, and so on)
PID namespace.
.TP
.B EINVAL
The caller attempted to join the user namespace
in which it is already a member.
.TP
.B EINVAL
.\" commit e66eded8309ebf679d3d3c1f5820d1f2ca332c71
The caller shares filesystem
.RB ( CLONE_FS )
state (in particular, the root directory)
with other processes and tried to join a new user namespace.
.TP
.B EINVAL
.\" See kernel/user_namespace.c::userns_install() [kernel 3.15 sources]
The caller is multithreaded and tried to join a new user namespace.
.TP
.B ENOMEM
Cannot allocate sufficient memory to change the specified namespace.
.TP
.B EPERM
The calling thread did not have the required capability
for this operation.
.SH VERSIONS
The
.BR setns ()
system call first appeared in Linux in kernel 3.0;
library support was added to glibc in version 2.14.
.SH CONFORMING TO
The
.BR setns ()
system call is Linux-specific.
.SH NOTES
Not all of the attributes that can be shared when
a new thread is created using
.BR clone (2)
can be changed using
.BR setns ().
.SH EXAMPLE
The program below takes two or more arguments.
The first argument specifies the pathname of a namespace file in an existing
.I /proc/[pid]/ns/
directory.
The remaining arguments specify a command and its arguments.
The program opens the namespace file, joins that namespace using
.BR setns (),
and executes the specified command inside that namespace.
.PP
The following shell session demonstrates the use of this program
(compiled as a binary named
.IR ns_exec )
in conjunction with the
.BR CLONE_NEWUTS
example program in the
.BR clone (2)
man page (complied as a binary named
.IR newuts ).
.PP
We begin by executing the example program in
.BR clone (2)
in the background.
That program creates a child in a separate UTS namespace.
The child changes the hostname in its namespace,
and then both processes display the hostnames in their UTS namespaces,
so that we can see that they are different.
.PP
.in +4n
.EX
$ \fBsu\fP                   # Need privilege for namespace operations
Password:
# \fB./newuts bizarro &\fP
[1] 3549
clone() returned 3550
uts.nodename in child:  bizarro
uts.nodename in parent: antero
# \fBuname \-n\fP             # Verify hostname in the shell
antero
.EE
.in
.PP
We then run the program shown below,
using it to execute a shell.
Inside that shell, we verify that the hostname is the one
set by the child created by the first program:
.PP
.in +4n
.EX
# \fB./ns_exec /proc/3550/ns/uts /bin/bash\fP
# \fBuname \-n\fP             # Executed in shell started by ns_exec
bizarro
.EE
.in
.SS Program source
.EX
#define _GNU_SOURCE
#include <fcntl.h>
#include <sched.h>
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>

#define errExit(msg)    do { perror(msg); exit(EXIT_FAILURE); \\
                        } while (0)

int
main(int argc, char *argv[])
{
    int fd;

    if (argc < 3) {
        fprintf(stderr, "%s /proc/PID/ns/FILE cmd args...\\n", argv[0]);
        exit(EXIT_FAILURE);
    }

    fd = open(argv[1], O_RDONLY); /* Get file descriptor for namespace */
    if (fd == \-1)
        errExit("open");

    if (setns(fd, 0) == \-1)       /* Join that namespace */
        errExit("setns");

    execvp(argv[2], &argv[2]);    /* Execute a command in namespace */
    errExit("execvp");
}
.EE
.SH SEE ALSO
.BR nsenter (1),
.BR clone (2),
.BR fork (2),
.BR unshare (2),
.BR vfork (2),
.BR namespaces (7),
.BR unix (7)
Commit	Line	Data
dfa22c8b	1	.\" Copyright (C) 2011, Eric Biederman <ebiederm@xmission.com>
83825f79	2	.\" and Copyright (C) 2011, 2012, Michael Kerrisk <mtk.manpages@gmail.com>
2297bf0e	3	.\"
c4a99c30	4	.\" %%%LICENSE_START(GPLv2_ONELINE)
dfa22c8b	5	.\" Licensed under the GPLv2
8ff7380d	6	.\" %%%LICENSE_END
dfa22c8b	7	.\"
4b8c67d9	8	.TH SETNS 2 2017-09-15 "Linux" "Linux Programmer's Manual"
dfa22c8b	9	.SH NAME
7aa166c5	10	setns \- reassociate thread with a namespace
dfa22c8b EB	11	.SH SYNOPSIS
	12	.nf
	13	.BR "#define _GNU_SOURCE" " /* See feature_test_macros(7) */"
	14	.B #include <sched.h>
68e4db0a	15	.PP
dfa22c8b EB	16	.BI "int setns(int " fd ", int " nstype );
	17	.fi
	18	.SH DESCRIPTION
c07ad242	19	Given a file descriptor referring to a namespace,
7aa166c5	20	reassociate the calling thread with that namespace.
efeece04	21	.PP
92dcb220 MK	22	The
	23	.I fd
	24	argument is a file descriptor referring to one of the namespace entries in a
	25	.I /proc/[pid]/ns/
	26	directory; see
6edfe909	27	.BR namespaces (7)
c409c4ff	28	for further information on
92dcb220	29	.IR /proc/[pid]/ns/ .
7aa166c5	30	The calling thread will be reassociated with the corresponding namespace,
92dcb220 MK	31	subject to any constraints imposed by the
	32	.I nstype
	33	argument.
efeece04	34	.PP
dfa22c8b EB	35	The
dfa22c8b EB	36	.I nstype
c07ad242	37	argument specifies which type of namespace
7aa166c5	38	the calling thread may be reassociated with.
4e1e208d	39	This argument can have one of the following values:
dfa22c8b EB	40	.TP
dfa22c8b EB	41	.BR 0
92dcb220	42	Allow any type of namespace to be joined.
dfa22c8b	43	.TP
46dd3176 MK	44	.BR CLONE_NEWCGROUP " (since Linux 4.6)"
	45	.I fd
	46	must refer to a cgroup namespace.
	47	.TP
268a93cb	48	.BR CLONE_NEWIPC " (since Linux 3.0)"
92dcb220 MK	49	.I fd
92dcb220 MK	50	must refer to an IPC namespace.
dfa22c8b	51	.TP
268a93cb	52	.BR CLONE_NEWNET " (since Linux 3.0)"
92dcb220 MK	53	.I fd
92dcb220 MK	54	must refer to a network namespace.
dfa22c8b	55	.TP
268a93cb	56	.BR CLONE_NEWNS " (since Linux 3.8)"
99fd2fe3 EB	57	.I fd
	58	must refer to a mount namespace.
	59	.TP
268a93cb	60	.BR CLONE_NEWPID " (since Linux 3.8)"
99fd2fe3	61	.I fd
ba7d7ed9	62	must refer to a descendant PID namespace.
99fd2fe3	63	.TP
268a93cb	64	.BR CLONE_NEWUSER " (since Linux 3.8)"
99fd2fe3 EB	65	.I fd
	66	must refer to a user namespace.
	67	.TP
268a93cb	68	.BR CLONE_NEWUTS " (since Linux 3.0)"
92dcb220 MK	69	.I fd
92dcb220 MK	70	must refer to a UTS namespace.
dfa22c8b	71	.PP
92dcb220 MK	72	Specifying
	73	.I nstype
	74	as 0 suffices if the caller knows (or does not care)
	75	what type of namespace is referred to by
	76	.IR fd .
	77	Specifying a nonzero value for
	78	.I nstype
	79	is useful if the caller does not know what type of namespace is referred to by
	80	.IR fd
	81	and wants to ensure that the namespace is of a particular type.
	82	(The caller might not know the type of the namespace referred to by
	83	.IR fd
	84	if the file descriptor was opened by another process and, for example,
	85	passed to the caller via a UNIX domain socket.)
8e23f12b MK	86	.\"
	87	.SS Details for specific namespace types
	88	Note the following details and restrictions when reassociating with
	89	specific namespace types:
	90	.TP
	91	User namespaces
ec66fbff MK	92	A process reassociating itself with a user namespace must have the
	93	.B CAP_SYS_ADMIN
	94	.\" See kernel/user_namespace.c:userns_install() [3.8 source]
	95	capability in the target user namespace.
	96	Upon successfully joining a user namespace,
	97	a process is granted all capabilities in that namespace,
	98	regardless of its user and group IDs.
2e4a22de	99	.IP
5c67baab	100	A multithreaded process may not change user namespace with
cd7e05aa	101	.BR setns ().
2e4a22de	102	.IP
81714b4f MK	103	It is not permitted to use
	104	.BR setns ()
	105	to reenter the caller's current user namespace.
	106	This prevents a caller that has dropped capabilities from regaining
	107	those capabilities via a call to
	108	.BR setns ().
2e4a22de	109	.IP
85e34225 MK	110	For security reasons,
	111	.\" commit e66eded8309ebf679d3d3c1f5820d1f2ca332c71
	112	.\" https://lwn.net/Articles/543273/
	113	a process can't join a new user namespace if it is sharing
8db37760	114	filesystem-related attributes
85e34225 MK	115	(the attributes whose sharing is controlled by the
	116	.BR clone (2)
	117	.B CLONE_FS
	118	flag) with another process.
2e4a22de	119	.IP
e57c3979	120	For further details on user namespaces, see
ec66fbff	121	.BR user_namespaces (7).
8e23f12b MK	122	.TP
8e23f12b MK	123	Mount namespaces
49af76fe	124	Changing the mount namespace requires that the caller possess both
cd7e05aa MK	125	.B CAP_SYS_CHROOT
cd7e05aa MK	126	and
f5d401dd	127	.BR CAP_SYS_ADMIN
21bfe3e9	128	capabilities in its own user namespace and
f5d401dd	129	.BR CAP_SYS_ADMIN
6f91075e	130	in the the user namespace that owns the target mount namespace.
2e4a22de	131	.IP
c6b1b95b MK	132	A process may not be reassociated with a new mount namespace if it is
	133	multithreaded.
	134	.\" Above check is in fs/namespace.c:mntns_install() [3.8 source]
	135	.IP
53d084e8 MK	136	See
	137	.BR user_namespaces (7)
	138	for details on the interaction of user namespaces and mount namespaces.
8e23f12b	139	.TP
0ecd5804	140	PID namespaces
a5633e6b MK	141	In order to reassociate itself with a new PID namespace,
	142	the calling process must have the
	143	.B CAP_SYS_ADMIN
	144	capability both in its own user namespace and in the user namespace
	145	that owns the target PID namespace.
	146	.IP
0ecd5804 MK	147	If
0ecd5804 MK	148	.I fd
98929c31	149	refers to a PID namespace, the semantics are somewhat different
0ecd5804 MK	150	from other namespace types:
	151	reassociating the calling thread with a PID namespace changes only
	152	the PID namespace that subsequently created child processes of
	153	the caller will be placed in;
	154	it does not change the PID namespace of the caller itself.
	155	.IP
	156	Reassociating with a PID namespace is allowed only if the
	157	PID namespace specified by
	158	.IR fd
	159	is a descendant (child, grandchild, etc.)
	160	of the PID namespace of the caller.
	161	.IP
	162	For further details on PID namespaces, see
	163	.BR pid_namespaces (7).
	164	.TP
8e23f12b	165	Cgroup namespaces
46dd3176 MK	166	Using
	167	.BR setns ()
	168	to change the caller's cgroup namespace does not change
	169	the caller's cgroup memberships.
dfa22c8b	170	.SH RETURN VALUE
92dcb220	171	On success,
577b1ed5	172	.BR setns ()
92dcb220	173	returns 0.
dfa22c8b EB	174	On failure, \-1 is returned and
	175	.I errno
	176	is set to indicate the error.
	177	.SH ERRORS
	178	.TP
dfa22c8b	179	.B EBADF
c07ad242 MK	180	.I fd
c07ad242 MK	181	is not a valid file descriptor.
dfa22c8b EB	182	.TP
dfa22c8b EB	183	.B EINVAL
92dcb220 MK	184	.I fd
92dcb220 MK	185	refers to a namespace whose type does not match that specified in
16fe718f MK	186	.IR nstype .
	187	.TP
	188	.B EINVAL
	189	There is problem with reassociating
7aa166c5	190	the thread with the specified namespace.
dfa22c8b	191	.TP
ba7d7ed9 MF	192	.\" See kernel/pid_namespace.c::pidns_install() [kernel 3.18 sources]
ba7d7ed9 MF	193	.B EINVAL
c9b0afde MK	194	The caller tried to join an ancestor (parent, grandparent, and so on)
c9b0afde MK	195	PID namespace.
ba7d7ed9	196	.TP
edc3c3b4 MK	197	.B EINVAL
	198	The caller attempted to join the user namespace
	199	in which it is already a member.
	200	.TP
e63259f2 MK	201	.B EINVAL
	202	.\" commit e66eded8309ebf679d3d3c1f5820d1f2ca332c71
	203	The caller shares filesystem
	204	.RB ( CLONE_FS )
	205	state (in particular, the root directory)
	206	with other processes and tried to join a new user namespace.
	207	.TP
	208	.B EINVAL
	209	.\" See kernel/user_namespace.c::userns_install() [kernel 3.15 sources]
	210	The caller is multithreaded and tried to join a new user namespace.
	211	.TP
dfa22c8b EB	212	.B ENOMEM
dfa22c8b EB	213	Cannot allocate sufficient memory to change the specified namespace.
dfa22c8b EB	214	.TP
dfa22c8b EB	215	.B EPERM
7fc8e5ec	216	The calling thread did not have the required capability
63b6ef41	217	for this operation.
dfa22c8b EB	218	.SH VERSIONS
	219	The
	220	.BR setns ()
c95b6ae1	221	system call first appeared in Linux in kernel 3.0;
268a93cb	222	library support was added to glibc in version 2.14.
dfa22c8b EB	223	.SH CONFORMING TO
	224	The
	225	.BR setns ()
	226	system call is Linux-specific.
	227	.SH NOTES
7aa166c5 MK	228	Not all of the attributes that can be shared when
7aa166c5 MK	229	a new thread is created using
dfa22c8b EB	230	.BR clone (2)
	231	can be changed using
	232	.BR setns ().
8d41e607 MK	233	.SH EXAMPLE
	234	The program below takes two or more arguments.
	235	The first argument specifies the pathname of a namespace file in an existing
	236	.I /proc/[pid]/ns/
	237	directory.
	238	The remaining arguments specify a command and its arguments.
	239	The program opens the namespace file, joins that namespace using
	240	.BR setns (),
	241	and executes the specified command inside that namespace.
efeece04	242	.PP
8d41e607 MK	243	The following shell session demonstrates the use of this program
8d41e607 MK	244	(compiled as a binary named
a1ce9159	245	.IR ns_exec )
8d41e607 MK	246	in conjunction with the
	247	.BR CLONE_NEWUTS
	248	example program in the
	249	.BR clone (2)
	250	man page (complied as a binary named
	251	.IR newuts ).
efeece04	252	.PP
8d41e607 MK	253	We begin by executing the example program in
	254	.BR clone (2)
	255	in the background.
	256	That program creates a child in a separate UTS namespace.
51ebe080	257	The child changes the hostname in its namespace,
8d41e607 MK	258	and then both processes display the hostnames in their UTS namespaces,
8d41e607 MK	259	so that we can see that they are different.
efeece04	260	.PP
8d41e607	261	.in +4n
b8302363	262	.EX
8d41e607	263	$ \fBsu\fP # Need privilege for namespace operations
9f1b9726	264	Password:
8d41e607 MK	265	# \fB./newuts bizarro &\fP
	266	[1] 3549
	267	clone() returned 3550
	268	uts.nodename in child: bizarro
	269	uts.nodename in parent: antero
5c977011	270	# \fBuname \-n\fP # Verify hostname in the shell
8d41e607	271	antero
b8302363	272	.EE
e646a1ba	273	.in
efeece04	274	.PP
8d41e607 MK	275	We then run the program shown below,
	276	using it to execute a shell.
	277	Inside that shell, we verify that the hostname is the one
	278	set by the child created by the first program:
efeece04	279	.PP
8d41e607	280	.in +4n
b8302363	281	.EX
a1ce9159	282	# \fB./ns_exec /proc/3550/ns/uts /bin/bash\fP
5c977011	283	# \fBuname \-n\fP # Executed in shell started by ns_exec
8d41e607	284	bizarro
b8302363	285	.EE
e646a1ba	286	.in
8d41e607	287	.SS Program source
e7d0bb47	288	.EX
8d41e607 MK	289	#define _GNU_SOURCE
	290	#include <fcntl.h>
	291	#include <sched.h>
	292	#include <unistd.h>
	293	#include <stdlib.h>
	294	#include <stdio.h>
	295
	296	#define errExit(msg) do { perror(msg); exit(EXIT_FAILURE); \\
	297	} while (0)
	298
	299	int
	300	main(int argc, char *argv[])
	301	{
	302	int fd;
	303
	304	if (argc < 3) {
	305	fprintf(stderr, "%s /proc/PID/ns/FILE cmd args...\\n", argv[0]);
	306	exit(EXIT_FAILURE);
	307	}
	308
e2b63503	309	fd = open(argv[1], O_RDONLY); /* Get file descriptor for namespace */
8d41e607 MK	310	if (fd == \-1)
	311	errExit("open");
	312
e2b63503	313	if (setns(fd, 0) == \-1) /* Join that namespace */
8d41e607 MK	314	errExit("setns");
8d41e607 MK	315
e2b63503	316	execvp(argv[2], &argv[2]); /* Execute a command in namespace */
8d41e607 MK	317	errExit("execvp");
8d41e607 MK	318	}
e7d0bb47	319	.EE
dfa22c8b	320	.SH SEE ALSO
7680cb3e	321	.BR nsenter (1),
dfa22c8b EB	322	.BR clone (2),
dfa22c8b EB	323	.BR fork (2),
2a9f74a9	324	.BR unshare (2),
b93a34b5	325	.BR vfork (2),
41096af1	326	.BR namespaces (7),
92dcb220	327	.BR unix (7)