]>
Commit | Line | Data |
---|---|---|
87ec43b6 | 1 | .TH NSENTER 1 "June 2013" "util-linux" "User Commands" |
f8aa8e94 EB |
2 | .SH NAME |
3 | nsenter \- run program with namespaces of other processes | |
4 | .SH SYNOPSIS | |
5 | .B nsenter | |
cf8e0bae | 6 | [options] |
dde08a87 BS |
7 | .RI [ program |
8 | .RI [ arguments ]] | |
f8aa8e94 | 9 | .SH DESCRIPTION |
1e3832bf | 10 | Enters the namespaces of one or more other processes and then executes the specified |
08e86f4c | 11 | program. Enterable namespaces are: |
f8aa8e94 | 12 | .TP |
08e86f4c | 13 | .B mount namespace |
894efece MK |
14 | Mounting and unmounting filesystems will not affect the rest of the system, |
15 | except for filesystems which are explicitly marked as shared (with | |
dde08a87 BS |
16 | \fBmount --make-\:shared\fP; see \fI/proc\:/self\:/mountinfo\fP for the |
17 | \fBshared\fP flag). | |
894efece MK |
18 | For further details, see |
19 | .BR mount_namespaces (7) | |
20 | and the discussion of the | |
21 | .BR CLONE_NEWNS | |
22 | flag in | |
23 | .BR clone (2). | |
f8aa8e94 | 24 | .TP |
08e86f4c | 25 | .B UTS namespace |
dde08a87 | 26 | Setting hostname or domainname will not affect the rest of the system. |
894efece MK |
27 | For further details, see |
28 | .BR namespaces (7) | |
29 | and the discussion of the | |
30 | .BR CLONE_NEWUTS | |
31 | flag in | |
32 | .BR clone (2). | |
f8aa8e94 | 33 | .TP |
08e86f4c | 34 | .B IPC namespace |
170a8e4a MK |
35 | The process will have an independent namespace for POSIX message queues |
36 | as well as System V message queues, | |
dde08a87 | 37 | semaphore sets and shared memory segments. |
894efece MK |
38 | For further details, see |
39 | .BR namespaces (7) | |
40 | and the discussion of the | |
41 | .BR CLONE_NEWIPC | |
42 | flag in | |
43 | .BR clone (2). | |
f8aa8e94 | 44 | .TP |
08e86f4c | 45 | .B network namespace |
dde08a87 BS |
46 | The process will have independent IPv4 and IPv6 stacks, IP routing tables, |
47 | firewall rules, the | |
08e86f4c SK |
48 | .I /proc\:/net |
49 | and | |
50 | .I /sys\:/class\:/net | |
dde08a87 | 51 | directory trees, sockets, etc. |
894efece MK |
52 | For further details, see |
53 | .BR namespaces (7) | |
54 | and the discussion of the | |
55 | .BR CLONE_NEWNET | |
56 | flag in | |
57 | .BR clone (2). | |
08e86f4c | 58 | .TP |
1e3832bf | 59 | .B PID namespace |
dde08a87 | 60 | Children will have a set of PID to process mappings separate from the |
1e3832bf ZJS |
61 | .B nsenter |
62 | process | |
894efece MK |
63 | For further details, see |
64 | .BR pid_namespaces (7) | |
65 | and | |
66 | the discussion of the | |
67 | .BR CLONE_NEWPID | |
68 | flag in | |
1e3832bf ZJS |
69 | .B nsenter |
70 | will fork by default if changing the PID namespace, so that the new program | |
71 | and its children share the same PID namespace and are visible to each other. | |
dde08a87 | 72 | If \fB\-\-no\-fork\fP is used, the new program will be exec'ed without forking. |
f8aa8e94 | 73 | .TP |
08e86f4c | 74 | .B user namespace |
dde08a87 | 75 | The process will have a distinct set of UIDs, GIDs and capabilities. |
894efece MK |
76 | For further details, see |
77 | .BR user_namespaces (7) | |
78 | and the discussion of the | |
79 | .BR CLONE_NEWUSER | |
80 | flag in | |
81 | .BR clone (2). | |
f8aa8e94 | 82 | .TP |
f9e7b66d SH |
83 | .B cgroup namespace |
84 | The process will have a virtualized view of \fI/proc\:/self\:/cgroup\fP, and new | |
85 | cgroup mounts will be rooted at the namespace cgroup root. | |
894efece MK |
86 | For further details, see |
87 | .BR cgroup_namespaces (7) | |
88 | and the discussion of the | |
89 | .BR CLONE_NEWCGROUP | |
90 | flag in | |
91 | .BR clone (2). | |
f9e7b66d | 92 | .TP |
dde08a87 | 93 | See \fBclone\fP(2) for the exact semantics of the flags. |
57580694 | 94 | .TP |
dde08a87 | 95 | If \fIprogram\fP is not given, then ``${SHELL}'' is run (default: /bin\:/sh). |
57580694 | 96 | |
f8aa8e94 | 97 | .SH OPTIONS |
4b298f61 MK |
98 | Various of the options below that relate to namespaces take an optional |
99 | .I file | |
100 | argument. | |
101 | This should be one of the | |
102 | .IR /proc/[pid]/ns/* | |
103 | files described in | |
104 | .BR namespaces (7). | |
08e86f4c SK |
105 | .TP |
106 | \fB\-t\fR, \fB\-\-target\fR \fIpid\fP | |
107 | Specify a target process to get contexts from. The paths to the contexts | |
108 | specified by | |
109 | .I pid | |
110 | are: | |
111 | .RS | |
112 | .PD 0 | |
113 | .IP "" 20 | |
114 | .TP | |
115 | /proc/\fIpid\fR/ns/mnt | |
116 | the mount namespace | |
117 | .TP | |
118 | /proc/\fIpid\fR/ns/uts | |
1e3832bf | 119 | the UTS namespace |
08e86f4c SK |
120 | .TP |
121 | /proc/\fIpid\fR/ns/ipc | |
1e3832bf | 122 | the IPC namespace |
08e86f4c SK |
123 | .TP |
124 | /proc/\fIpid\fR/ns/net | |
1e3832bf | 125 | the network namespace |
08e86f4c SK |
126 | .TP |
127 | /proc/\fIpid\fR/ns/pid | |
1e3832bf | 128 | the PID namespace |
08e86f4c SK |
129 | .TP |
130 | /proc/\fIpid\fR/ns/user | |
131 | the user namespace | |
132 | .TP | |
f9e7b66d SH |
133 | /proc/\fIpid\fR/ns/cgroup |
134 | the cgroup namespace | |
135 | .TP | |
08e86f4c SK |
136 | /proc/\fIpid\fR/root |
137 | the root directory | |
138 | .TP | |
1e3832bf | 139 | /proc/\fIpid\fR/cwd |
08e86f4c SK |
140 | the working directory respectively |
141 | .PD | |
142 | .RE | |
143 | .TP | |
dde08a87 BS |
144 | \fB\-m\fR, \fB\-\-mount\fR[=\fIfile\fR] |
145 | Enter the mount namespace. If no file is specified, enter the mount namespace | |
ff88fc3b MK |
146 | of the target process. |
147 | If | |
148 | .I file | |
149 | is specified, enter the mount namespace | |
150 | specified by | |
151 | .IR file . | |
08e86f4c | 152 | .TP |
dde08a87 BS |
153 | \fB\-u\fR, \fB\-\-uts\fR[=\fIfile\fR] |
154 | Enter the UTS namespace. If no file is specified, enter the UTS namespace of | |
ff88fc3b MK |
155 | the target process. |
156 | If | |
157 | .I file | |
158 | is specified, enter the UTS namespace specified by | |
159 | .IR file . | |
08e86f4c | 160 | .TP |
dde08a87 BS |
161 | \fB\-i\fR, \fB\-\-ipc\fR[=\fIfile\fR] |
162 | Enter the IPC namespace. If no file is specified, enter the IPC namespace of | |
ff88fc3b MK |
163 | the target process. |
164 | If | |
165 | .I file | |
166 | is specified, enter the IPC namespace specified by | |
167 | .IR file . | |
08e86f4c | 168 | .TP |
dde08a87 BS |
169 | \fB\-n\fR, \fB\-\-net\fR[=\fIfile\fR] |
170 | Enter the network namespace. If no file is specified, enter the network | |
ff88fc3b MK |
171 | namespace of the target process. |
172 | If | |
173 | .I file | |
174 | is specified, enter the network namespace specified by | |
175 | .IR file . | |
08e86f4c | 176 | .TP |
dde08a87 BS |
177 | \fB\-p\fR, \fB\-\-pid\fR[=\fIfile\fR] |
178 | Enter the PID namespace. If no file is specified, enter the PID namespace of | |
ff88fc3b MK |
179 | the target process. |
180 | If | |
181 | .I file | |
182 | is specified, enter the PID namespace specified by | |
183 | .IR file . | |
08e86f4c | 184 | .TP |
dde08a87 BS |
185 | \fB\-U\fR, \fB\-\-user\fR[=\fIfile\fR] |
186 | Enter the user namespace. If no file is specified, enter the user namespace of | |
ff88fc3b MK |
187 | the target process. |
188 | If | |
189 | .I file | |
190 | is specified, enter the user namespace specified by | |
191 | .IR file . | |
91f20582 | 192 | See also the \fB\-\-setuid\fR and \fB\-\-setgid\fR options. |
6b9e5bf6 | 193 | .TP |
f9e7b66d SH |
194 | \fB\-C\fR, \fB\-\-cgroup\fR[=\fIfile\fR] |
195 | Enter the cgroup namespace. If no file is specified, enter the cgroup namespace of | |
ff88fc3b MK |
196 | the target process. |
197 | If | |
198 | .I file | |
199 | is specified, enter the cgroup namespace specified by | |
200 | .IR file . | |
f9e7b66d | 201 | .TP |
6b9e5bf6 | 202 | \fB\-G\fR, \fB\-\-setgid\fR \fIgid\fR |
47f42c1d KZ |
203 | Set the group ID which will be used in the entered namespace and drop |
204 | supplementary groups. | |
205 | .BR nsenter (1) | |
206 | always sets GID for user namespaces, the default is 0. | |
6b9e5bf6 RW |
207 | .TP |
208 | \fB\-S\fR, \fB\-\-setuid\fR \fIuid\fR | |
47f42c1d KZ |
209 | Set the user ID which will be used in the entered namespace. |
210 | .BR nsenter (1) | |
211 | always sets UID for user namespaces, the default is 0. | |
08e86f4c | 212 | .TP |
b06c1ca6 | 213 | \fB\-\-preserve\-credentials\fR |
e99a6626 KZ |
214 | Don't modify UID and GID when enter user namespace. The default is to |
215 | drops supplementary groups and sets GID and UID to 0. | |
216 | .TP | |
dde08a87 BS |
217 | \fB\-r\fR, \fB\-\-root\fR[=\fIdirectory\fR] |
218 | Set the root directory. If no directory is specified, set the root directory to | |
219 | the root directory of the target process. If directory is specified, set the | |
08e86f4c SK |
220 | root directory to the specified directory. |
221 | .TP | |
dde08a87 BS |
222 | \fB\-w\fR, \fB\-\-wd\fR[=\fIdirectory\fR] |
223 | Set the working directory. If no directory is specified, set the working | |
08e86f4c | 224 | directory to the working directory of the target process. If directory is |
dde08a87 | 225 | specified, set the working directory to the specified directory. |
08e86f4c | 226 | .TP |
b06c1ca6 | 227 | \fB\-F\fR, \fB\-\-no\-fork\fR |
dde08a87 BS |
228 | Do not fork before exec'ing the specified program. By default, when entering a |
229 | PID namespace, \fBnsenter\fP calls \fBfork\fP before calling \fBexec\fP so that | |
230 | any children will also be in the newly entered PID namespace. | |
08e86f4c | 231 | .TP |
355ee3b8 KZ |
232 | \fB\-Z\fR, \fB\-\-follow\-context\fR |
233 | Set the SELinux security context used for executing a new process according to | |
234 | already running process specified by \fB\-\-target\fR PID. (The util-linux has | |
235 | to be compiled with SELinux support otherwise the option is unavailable.) | |
236 | .TP | |
08e86f4c SK |
237 | \fB\-V\fR, \fB\-\-version\fR |
238 | Display version information and exit. | |
239 | .TP | |
240 | \fB\-h\fR, \fB\-\-help\fR | |
b4362b6f | 241 | Display help text and exit. |
f8aa8e94 | 242 | .SH SEE ALSO |
f053ff1e | 243 | .BR clone (2), |
4a3f0735 MK |
244 | .BR setns (2), |
245 | .BR namespaces (7) | |
355ee3b8 KZ |
246 | .SH AUTHORS |
247 | .UR biederm@xmission.com | |
08e86f4c | 248 | Eric Biederman |
355ee3b8 KZ |
249 | .UE |
250 | .br | |
251 | .UR kzak@redhat.com | |
252 | Karel Zak | |
253 | .UE | |
f8aa8e94 EB |
254 | .SH AVAILABILITY |
255 | The nsenter command is part of the util-linux package and is available from | |
08e86f4c SK |
256 | .UR ftp://\:ftp.kernel.org\:/pub\:/linux\:/utils\:/util-linux/ |
257 | Linux Kernel Archive | |
258 | .UE . |