[thirdparty/util-linux.git] / sys-utils / unshare.1

.\" Process this file with
.\" groff -man -Tascii lscpu.1
.\"
.TH UNSHARE 1 "July 2013" "util-linux" "User Commands"
.SH NAME
unshare \- run program with some namespaces unshared from parent
.SH SYNOPSIS
.B unshare
.RI [ options ]
.I program
.RI [ arguments ]
.SH DESCRIPTION
Unshares the indicated namespaces from the parent process and then executes
the specified program.  The namespaces to be unshared are indicated via
options.  Unshareable namespaces are:
.TP
.BR "mount namespace"
Mounting and unmounting filesystems will not affect the rest of the system
(\fBCLONE_NEWNS\fP flag), except for filesystems which are explicitly marked as
shared (with \fBmount --make-shared\fP; see \fI/proc/self/mountinfo\fP for the
\fBshared\fP flags).
.TP
.BR "UTS namespace"
Setting hostname or domainname will not affect the rest of the system.
(\fBCLONE_NEWUTS\fP flag)
.TP
.BR "IPC namespace"
The process will have an independent namespace for System V message queues,
semaphore sets and shared memory segments.  (\fBCLONE_NEWIPC\fP flag)
.TP
.BR "network namespace"
The process will have independent IPv4 and IPv6 stacks, IP routing tables,
firewall rules, the \fI/proc/net\fP and \fI/sys/class/net\fP directory trees,
sockets, etc.  (\fBCLONE_NEWNET\fP flag)
.TP
.BR "pid namespace"
Children will have a distinct set of PID to process mappings from their parent.
(\fBCLONE_NEWPID\fP flag)
.TP
.BR "user namespace"
The process will have a distinct set of UIDs, GIDs and capabilities.
(\fBCLONE_NEWUSER\fP flag)
.PP
See \fBclone\fR(2) for the exact semantics of the flags.
.SH OPTIONS
.TP
.BR \-h , " \-\-help"
Display help text and exit.
.TP
.BR \-i , " \-\-ipc"
Unshare the IPC namespace.
.TP
.BR \-m , " \-\-mount"
Unshare the mount namespace.
.TP
.BR \-n , " \-\-net"
Unshare the network namespace.
.TP
.BR \-p , " \-\-pid"
Unshare the pid namespace.
See also the \fB--fork\fP and \fB--mount-proc\fP options.
.TP
.BR \-u , " \-\-uts"
Unshare the UTS namespace.
.TP
.BR \-U , " \-\-user"
Unshare the user namespace.
.TP
.BR \-f , " \-\-fork"
Fork the specified \fIprogram\fR as a child process of \fBunshare\fR rather than
running it directly.  This is useful when creating a new pid namespace.
.TP
.BR \-\-mount-proc "[=\fImountpoint\fP]"
Just before running the program, mount the proc filesystem at the \fImountpoint\fP
(default is /proc).  This is useful when creating a new pid namespace.  It also
implies creating a new mount namespace since the /proc mount would otherwise
mess up existing programs on the system.
.SH SEE ALSO
.BR unshare (2),
.BR clone (2)
.SH BUGS
None known so far.
.SH AUTHOR
Mikhail Gusarov <dottedmag@dottedmag.net>
.SH AVAILABILITY
The unshare command is part of the util-linux package and is available from
ftp://ftp.kernel.org/pub/linux/utils/util-linux/.
Commit	Line	Data
4205f1fd MG	1	.\" Process this file with
	2	.\" groff -man -Tascii lscpu.1
	3	.\"
87ec43b6	4	.TH UNSHARE 1 "July 2013" "util-linux" "User Commands"
4205f1fd	5	.SH NAME
ef6acdb8	6	unshare \- run program with some namespaces unshared from parent
4205f1fd MG	7	.SH SYNOPSIS
4205f1fd MG	8	.B unshare
87ec43b6	9	.RI [ options ]
dde08a87	10	.I program
4205f1fd MG	11	.RI [ arguments ]
4205f1fd MG	12	.SH DESCRIPTION
dde08a87	13	Unshares the indicated namespaces from the parent process and then executes
87ec43b6 BS	14	the specified program. The namespaces to be unshared are indicated via
87ec43b6 BS	15	options. Unshareable namespaces are:
4205f1fd MG	16	.TP
4205f1fd MG	17	.BR "mount namespace"
dde08a87	18	Mounting and unmounting filesystems will not affect the rest of the system
bc87f885	19	(\fBCLONE_NEWNS\fP flag), except for filesystems which are explicitly marked as
dde08a87 BS	20	shared (with \fBmount --make-shared\fP; see \fI/proc/self/mountinfo\fP for the
dde08a87 BS	21	\fBshared\fP flags).
4205f1fd MG	22	.TP
4205f1fd MG	23	.BR "UTS namespace"
dde08a87 BS	24	Setting hostname or domainname will not affect the rest of the system.
dde08a87 BS	25	(\fBCLONE_NEWUTS\fP flag)
4205f1fd MG	26	.TP
4205f1fd MG	27	.BR "IPC namespace"
dde08a87 BS	28	The process will have an independent namespace for System V message queues,
dde08a87 BS	29	semaphore sets and shared memory segments. (\fBCLONE_NEWIPC\fP flag)
4205f1fd MG	30	.TP
4205f1fd MG	31	.BR "network namespace"
dde08a87 BS	32	The process will have independent IPv4 and IPv6 stacks, IP routing tables,
	33	firewall rules, the \fI/proc/net\fP and \fI/sys/class/net\fP directory trees,
	34	sockets, etc. (\fBCLONE_NEWNET\fP flag)
4205f1fd	35	.TP
bc7f9b95	36	.BR "pid namespace"
dde08a87 BS	37	Children will have a distinct set of PID to process mappings from their parent.
dde08a87 BS	38	(\fBCLONE_NEWPID\fP flag)
bc7f9b95 EB	39	.TP
bc7f9b95 EB	40	.BR "user namespace"
dde08a87 BS	41	The process will have a distinct set of UIDs, GIDs and capabilities.
dde08a87 BS	42	(\fBCLONE_NEWUSER\fP flag)
e41e0f95	43	.PP
dde08a87	44	See \fBclone\fR(2) for the exact semantics of the flags.
4205f1fd MG	45	.SH OPTIONS
	46	.TP
	47	.BR \-h , " \-\-help"
b4362b6f	48	Display help text and exit.
4205f1fd	49	.TP
ef6acdb8	50	.BR \-i , " \-\-ipc"
dde08a87 BS	51	Unshare the IPC namespace.
	52	.TP
	53	.BR \-m , " \-\-mount"
	54	Unshare the mount namespace.
4205f1fd	55	.TP
ef6acdb8 KZ	56	.BR \-n , " \-\-net"
ef6acdb8 KZ	57	Unshare the network namespace.
bc7f9b95 EB	58	.TP
bc7f9b95 EB	59	.BR \-p , " \-\-pid"
87ec43b6 BS	60	Unshare the pid namespace.
87ec43b6 BS	61	See also the \fB--fork\fP and \fB--mount-proc\fP options.
bc7f9b95	62	.TP
dde08a87 BS	63	.BR \-u , " \-\-uts"
	64	Unshare the UTS namespace.
	65	.TP
bc7f9b95 EB	66	.BR \-U , " \-\-user"
bc7f9b95 EB	67	Unshare the user namespace.
5088ec33 MF	68	.TP
5088ec33 MF	69	.BR \-f , " \-\-fork"
87ec43b6 BS	70	Fork the specified \fIprogram\fR as a child process of \fBunshare\fR rather than
87ec43b6 BS	71	running it directly. This is useful when creating a new pid namespace.
6728ca10	72	.TP
87ec43b6	73	.BR \-\-mount-proc "[=\fImountpoint\fP]"
6728ca10 KZ	74	Just before running the program, mount the proc filesystem at the \fImountpoint\fP
	75	(default is /proc). This is useful when creating a new pid namespace. It also
	76	implies creating a new mount namespace since the /proc mount would otherwise
	77	mess up existing programs on the system.
4205f1fd	78	.SH SEE ALSO
8323d9fd MF	79	.BR unshare (2),
8323d9fd MF	80	.BR clone (2)
4205f1fd MG	81	.SH BUGS
4205f1fd MG	82	None known so far.
ef6acdb8	83	.SH AUTHOR
4205f1fd MG	84	Mikhail Gusarov <dottedmag@dottedmag.net>
4205f1fd MG	85	.SH AVAILABILITY
601d12fb KZ	86	The unshare command is part of the util-linux package and is available from
601d12fb KZ	87	ftp://ftp.kernel.org/pub/linux/utils/util-linux/.