[thirdparty/util-linux.git] / sys-utils / unshare.1

.TH UNSHARE 1 "July 2014" "util-linux" "User Commands"
.SH NAME
unshare \- run program with some namespaces unshared from parent
.SH SYNOPSIS
.B unshare
[options]
.I program
.RI [ arguments ]
.SH DESCRIPTION
Unshares the indicated namespaces from the parent process and then executes
the specified \fIprogram\fR.
.PP
The namespaces can optionally be persisted by bind mounting /proc/[pid]/ns/[type] files
to a filesystem path and entered with
.BR nsenter (1)
even after \fIprogram\fR terminates.
Once a persistent namespace is no longer needed it can be unpersisted with
.BR umount (8).
See EXAMPLES section for more details.
.PP
The namespaces to be unshared are indicated via options.  Unshareable namespaces are:
.TP
.BR "mount namespace"
Mounting and unmounting filesystems will not affect the rest of the system
(\fBCLONE_NEWNS\fP flag), except for filesystems which are explicitly marked as
shared (with \fBmount --make-shared\fP; see \fI/proc/self/mountinfo\fP or
\fBfindmnt -o+PROPAGATION\fP for the \fBshared\fP flags).
.sp
.B unshare
since util-linux version 2.27 automatically sets propagation to \fBprivate\fP
in the new mount namespace to make sure that the new namespace is really
unshared. This feature is possible to disable by option \fB\-\-propagation unchanged\fP.
Note that \fBprivate\fP is the kernel default.
.TP
.BR "UTS namespace"
Setting hostname or domainname will not affect the rest of the system.
(\fBCLONE_NEWUTS\fP flag)
.TP
.BR "IPC namespace"
The process will have an independent namespace for System V message queues,
semaphore sets and shared memory segments.  (\fBCLONE_NEWIPC\fP flag)
.TP
.BR "network namespace"
The process will have independent IPv4 and IPv6 stacks, IP routing tables,
firewall rules, the \fI/proc/net\fP and \fI/sys/class/net\fP directory trees,
sockets, etc.  (\fBCLONE_NEWNET\fP flag)
.TP
.BR "pid namespace"
Children will have a distinct set of PID to process mappings from their parent.
(\fBCLONE_NEWPID\fP flag)
.TP
.BR "user namespace"
The process will have a distinct set of UIDs, GIDs and capabilities.
(\fBCLONE_NEWUSER\fP flag)
.PP
See \fBclone\fR(2) for the exact semantics of the flags.
.SH OPTIONS
.TP
.BR \-i , " \-\-ipc"[=\fIfile\fP]
Unshare the IPC namespace. If \fIfile\fP is specified then persistent namespace is created
by bind mount.
.TP
.BR \-m , " \-\-mount"[=\fIfile\fP]
Unshare the mount namespace. If \fIfile\fP is specified then persistent namespace is created
by bind mount.
.TP
.BR \-n , " \-\-net"[=\fIfile\fP]
Unshare the network namespace. If \fIfile\fP is specified then persistent namespace is created
by bind mount.
.TP
.BR \-p , " \-\-pid"[=\fIfile\fP]
Unshare the pid namespace. If \fIfile\fP is specified then persistent namespace is created
by bind mount. See also the \fB--fork\fP and \fB--mount-proc\fP options.
.TP
.BR \-u , " \-\-uts"[=\fIfile\fP]
Unshare the UTS namespace. If \fIfile\fP is specified then persistent namespace is created
by bind mount.
.TP
.BR \-U , " \-\-user"[=\fIfile\fP]
Unshare the user namespace. If \fIfile\fP is specified then persistent namespace is created
by bind mount.
.TP
.BR \-f , " \-\-fork"
Fork the specified \fIprogram\fR as a child process of \fBunshare\fR rather than
running it directly.  This is useful when creating a new pid namespace.
.TP
.BR \-\-mount\-proc "[=\fImountpoint\fP]"
Just before running the program, mount the proc filesystem at \fImountpoint\fP
(default is /proc).  This is useful when creating a new pid namespace.  It also
implies creating a new mount namespace since the /proc mount would otherwise
mess up existing programs on the system.  The new proc filesystem is explicitly
mounted as private (by MS_PRIVATE|MS_REC).
.TP
.BR \-r , " \-\-map\-root\-user"
Run the program only after the current effective user and group IDs have been mapped to
the superuser UID and GID in the newly created user namespace.  This makes it possible to
conveniently gain capabilities needed to manage various aspects of the newly created
namespaces (such as configuring interfaces in the network namespace or mounting filesystems in
the mount namespace) even when run unprivileged.  As a mere convenience feature, it does not support
more sophisticated use cases, such as mapping multiple ranges of UIDs and GIDs.
This option implies --setgroups=deny.
.TP
.BR "\-\-propagation \fIprivate|shared|slave|unchanged\fP"
Recursively sets mount propagation flag in the new mount namespace. The default
is to set the propagation to \fIprivate\fP, this feature is possible to disable
by \fIunchanged\fP argument. The options is silently ignored when mount namespace (\fB\-\-mount\fP)
is not requested.
.TP
.BR "\-\-setgroups \fIallow|deny\fP"
Allow or deny
.BR setgroups (2)
syscall in user namespaces.

.BR setgroups(2)
is only callable with CAP_SETGID and CAP_SETGID in a user
namespace (since Linux 3.19) does not give you permission to call setgroups(2)
until after GID map has been set. The GID map is writable by root when
.BR setgroups(2)
is enabled and GID map becomes writable by unprivileged processes when
.BR setgroups(2)
is permanently disabled.
.TP
.BR \-V , " \-\-version"
Display version information and exit.
.TP
.BR \-h , " \-\-help"
Display help text and exit.
.SH EXAMPLES
.TP
.B # unshare --fork --pid --mount-proc readlink /proc/self
.TQ
1
.br
Establish a PID namespace, ensure we're PID 1 in it against newly mounted
procfs instance.
.TP
.B $ unshare --map-root-user --user sh -c whoami
.TQ
root
.br
Establish a user namespace as an unprivileged user with a root user within it.
.TP
.TQ
.B # touch /root/uts-ns
.TQ
.B # unshare --uts=/root/uts-ns hostanme FOO
.TQ
.B # nsenter --uts=/root/uts-ns hostname
.TQ
FOO
.TQ
.B # umount /root/uts-ns
.br
Establish a persistent UTS namespace, modify hostname. The namespace maybe later entered
by nsenter. The namespace is destroyed by umount the bind reference.
.SH SEE ALSO
.BR unshare (2),
.BR clone (2),
.BR mount (8)
.SH AUTHORS
.UR dottedmag@dottedmag.net
Mikhail Gusarov
.UE
.br
.UR kzak@redhat.com
Karel Zak
.UE
.SH AVAILABILITY
The unshare command is part of the util-linux package and is available from
ftp://ftp.kernel.org/pub/linux/utils/util-linux/.
Commit	Line	Data
cf8e0bae	1	.TH UNSHARE 1 "July 2014" "util-linux" "User Commands"
4205f1fd	2	.SH NAME
ef6acdb8	3	unshare \- run program with some namespaces unshared from parent
4205f1fd MG	4	.SH SYNOPSIS
4205f1fd MG	5	.B unshare
cf8e0bae	6	[options]
dde08a87	7	.I program
4205f1fd MG	8	.RI [ arguments ]
4205f1fd MG	9	.SH DESCRIPTION
dde08a87	10	Unshares the indicated namespaces from the parent process and then executes
0490a6ca KZ	11	the specified \fIprogram\fR.
	12	.PP
	13	The namespaces can optionally be persisted by bind mounting /proc/[pid]/ns/[type] files
	14	to a filesystem path and entered with
	15	.BR nsenter (1)
	16	even after \fIprogram\fR terminates.
	17	Once a persistent namespace is no longer needed it can be unpersisted with
	18	.BR umount (8).
	19	See EXAMPLES section for more details.
	20	.PP
	21	The namespaces to be unshared are indicated via options. Unshareable namespaces are:
4205f1fd MG	22	.TP
4205f1fd MG	23	.BR "mount namespace"
dde08a87	24	Mounting and unmounting filesystems will not affect the rest of the system
bc87f885	25	(\fBCLONE_NEWNS\fP flag), except for filesystems which are explicitly marked as
f0f22e9c KZ	26	shared (with \fBmount --make-shared\fP; see \fI/proc/self/mountinfo\fP or
f0f22e9c KZ	27	\fBfindmnt -o+PROPAGATION\fP for the \fBshared\fP flags).
cf8e0bae	28	.sp
f0f22e9c KZ	29	.B unshare
	30	since util-linux version 2.27 automatically sets propagation to \fBprivate\fP
	31	in the new mount namespace to make sure that the new namespace is really
	32	unshared. This feature is possible to disable by option \fB\-\-propagation unchanged\fP.
	33	Note that \fBprivate\fP is the kernel default.
4205f1fd MG	34	.TP
4205f1fd MG	35	.BR "UTS namespace"
dde08a87 BS	36	Setting hostname or domainname will not affect the rest of the system.
dde08a87 BS	37	(\fBCLONE_NEWUTS\fP flag)
4205f1fd MG	38	.TP
4205f1fd MG	39	.BR "IPC namespace"
dde08a87 BS	40	The process will have an independent namespace for System V message queues,
dde08a87 BS	41	semaphore sets and shared memory segments. (\fBCLONE_NEWIPC\fP flag)
4205f1fd MG	42	.TP
4205f1fd MG	43	.BR "network namespace"
dde08a87 BS	44	The process will have independent IPv4 and IPv6 stacks, IP routing tables,
	45	firewall rules, the \fI/proc/net\fP and \fI/sys/class/net\fP directory trees,
	46	sockets, etc. (\fBCLONE_NEWNET\fP flag)
4205f1fd	47	.TP
bc7f9b95	48	.BR "pid namespace"
dde08a87 BS	49	Children will have a distinct set of PID to process mappings from their parent.
dde08a87 BS	50	(\fBCLONE_NEWPID\fP flag)
bc7f9b95 EB	51	.TP
bc7f9b95 EB	52	.BR "user namespace"
dde08a87 BS	53	The process will have a distinct set of UIDs, GIDs and capabilities.
dde08a87 BS	54	(\fBCLONE_NEWUSER\fP flag)
e41e0f95	55	.PP
dde08a87	56	See \fBclone\fR(2) for the exact semantics of the flags.
4205f1fd MG	57	.SH OPTIONS
4205f1fd MG	58	.TP
0490a6ca KZ	59	.BR \-i , " \-\-ipc"[=\fIfile\fP]
	60	Unshare the IPC namespace. If \fIfile\fP is specified then persistent namespace is created
	61	by bind mount.
dde08a87	62	.TP
0490a6ca KZ	63	.BR \-m , " \-\-mount"[=\fIfile\fP]
	64	Unshare the mount namespace. If \fIfile\fP is specified then persistent namespace is created
	65	by bind mount.
4205f1fd	66	.TP
0490a6ca KZ	67	.BR \-n , " \-\-net"[=\fIfile\fP]
	68	Unshare the network namespace. If \fIfile\fP is specified then persistent namespace is created
	69	by bind mount.
bc7f9b95	70	.TP
0490a6ca KZ	71	.BR \-p , " \-\-pid"[=\fIfile\fP]
	72	Unshare the pid namespace. If \fIfile\fP is specified then persistent namespace is created
	73	by bind mount. See also the \fB--fork\fP and \fB--mount-proc\fP options.
bc7f9b95	74	.TP
0490a6ca KZ	75	.BR \-u , " \-\-uts"[=\fIfile\fP]
	76	Unshare the UTS namespace. If \fIfile\fP is specified then persistent namespace is created
	77	by bind mount.
dde08a87	78	.TP
0490a6ca KZ	79	.BR \-U , " \-\-user"[=\fIfile\fP]
	80	Unshare the user namespace. If \fIfile\fP is specified then persistent namespace is created
	81	by bind mount.
5088ec33 MF	82	.TP
5088ec33 MF	83	.BR \-f , " \-\-fork"
87ec43b6 BS	84	Fork the specified \fIprogram\fR as a child process of \fBunshare\fR rather than
87ec43b6 BS	85	running it directly. This is useful when creating a new pid namespace.
6728ca10	86	.TP
b06c1ca6	87	.BR \-\-mount\-proc "[=\fImountpoint\fP]"
cf8e0bae	88	Just before running the program, mount the proc filesystem at \fImountpoint\fP
6728ca10 KZ	89	(default is /proc). This is useful when creating a new pid namespace. It also
6728ca10 KZ	90	implies creating a new mount namespace since the /proc mount would otherwise
cf8e0bae	91	mess up existing programs on the system. The new proc filesystem is explicitly
c07f86e7	92	mounted as private (by MS_PRIVATE\|MS_REC).
4da21e37	93	.TP
b06c1ca6	94	.BR \-r , " \-\-map\-root\-user"
cf8e0bae BS	95	Run the program only after the current effective user and group IDs have been mapped to
	96	the superuser UID and GID in the newly created user namespace. This makes it possible to
	97	conveniently gain capabilities needed to manage various aspects of the newly created
	98	namespaces (such as configuring interfaces in the network namespace or mounting filesystems in
	99	the mount namespace) even when run unprivileged. As a mere convenience feature, it does not support
4da21e37	100	more sophisticated use cases, such as mapping multiple ranges of UIDs and GIDs.
fbceefde KZ	101	This option implies --setgroups=deny.
fbceefde KZ	102	.TP
f0f22e9c KZ	103	.BR "\-\-propagation \fIprivate\|shared\|slave\|unchanged\fP"
	104	Recursively sets mount propagation flag in the new mount namespace. The default
	105	is to set the propagation to \fIprivate\fP, this feature is possible to disable
	106	by \fIunchanged\fP argument. The options is silently ignored when mount namespace (\fB\-\-mount\fP)
	107	is not requested.
	108	.TP
	109	.BR "\-\-setgroups \fIallow\|deny\fP"
fbceefde KZ	110	Allow or deny
	111	.BR setgroups (2)
	112	syscall in user namespaces.
	113
	114	.BR setgroups(2)
	115	is only callable with CAP_SETGID and CAP_SETGID in a user
	116	namespace (since Linux 3.19) does not give you permission to call setgroups(2)
	117	until after GID map has been set. The GID map is writable by root when
	118	.BR setgroups(2)
	119	is enabled and GID map becomes writable by unprivileged processes when
	120	.BR setgroups(2)
a55f60a1	121	is permanently disabled.
5e43af7e BS	122	.TP
	123	.BR \-V , " \-\-version"
	124	Display version information and exit.
	125	.TP
	126	.BR \-h , " \-\-help"
	127	Display help text and exit.
69a7761b LR	128	.SH EXAMPLES
	129	.TP
	130	.B # unshare --fork --pid --mount-proc readlink /proc/self
	131	.TQ
	132	1
	133	.br
	134	Establish a PID namespace, ensure we're PID 1 in it against newly mounted
	135	procfs instance.
	136	.TP
	137	.B $ unshare --map-root-user --user sh -c whoami
	138	.TQ
	139	root
	140	.br
	141	Establish a user namespace as an unprivileged user with a root user within it.
0490a6ca KZ	142	.TP
	143	.TQ
	144	.B # touch /root/uts-ns
	145	.TQ
	146	.B # unshare --uts=/root/uts-ns hostanme FOO
	147	.TQ
	148	.B # nsenter --uts=/root/uts-ns hostname
	149	.TQ
	150	FOO
	151	.TQ
	152	.B # umount /root/uts-ns
	153	.br
	154	Establish a persistent UTS namespace, modify hostname. The namespace maybe later entered
	155	by nsenter. The namespace is destroyed by umount the bind reference.
4205f1fd	156	.SH SEE ALSO
8323d9fd	157	.BR unshare (2),
c07f86e7 KZ	158	.BR clone (2),
c07f86e7 KZ	159	.BR mount (8)
0490a6ca KZ	160	.SH AUTHORS
	161	.UR dottedmag@dottedmag.net
	162	Mikhail Gusarov
	163	.UE
	164	.br
	165	.UR kzak@redhat.com
	166	Karel Zak
	167	.UE
4205f1fd	168	.SH AVAILABILITY
601d12fb KZ	169	The unshare command is part of the util-linux package and is available from
601d12fb KZ	170	ftp://ftp.kernel.org/pub/linux/utils/util-linux/.