[thirdparty/util-linux.git] / sys-utils / unshare.1

.TH UNSHARE 1 "July 2014" "util-linux" "User Commands"
.SH NAME
unshare \- run program with some namespaces unshared from parent
.SH SYNOPSIS
.B unshare
[options]
.I program
.RI [ arguments ]
.SH DESCRIPTION
Unshares the indicated namespaces from the parent process and then executes
the specified \fIprogram\fR.  The namespaces to be unshared are indicated via
options.  Unshareable namespaces are:
.TP
.BR "mount namespace"
Mounting and unmounting filesystems will not affect the rest of the system
(\fBCLONE_NEWNS\fP flag), except for filesystems which are explicitly marked as
shared (with \fBmount --make-shared\fP; see \fI/proc/self/mountinfo\fP for the
\fBshared\fP flags).
.sp
It's recommended to use \fBmount --make-rprivate\fP or \fBmount --make-rslave\fP
after \fBunshare --mount\fP to make sure that mountpoints in the new namespace
are really unshared from the parental namespace.
.TP
.BR "UTS namespace"
Setting hostname or domainname will not affect the rest of the system.
(\fBCLONE_NEWUTS\fP flag)
.TP
.BR "IPC namespace"
The process will have an independent namespace for System V message queues,
semaphore sets and shared memory segments.  (\fBCLONE_NEWIPC\fP flag)
.TP
.BR "network namespace"
The process will have independent IPv4 and IPv6 stacks, IP routing tables,
firewall rules, the \fI/proc/net\fP and \fI/sys/class/net\fP directory trees,
sockets, etc.  (\fBCLONE_NEWNET\fP flag)
.TP
.BR "pid namespace"
Children will have a distinct set of PID to process mappings from their parent.
(\fBCLONE_NEWPID\fP flag)
.TP
.BR "user namespace"
The process will have a distinct set of UIDs, GIDs and capabilities.
(\fBCLONE_NEWUSER\fP flag)
.PP
See \fBclone\fR(2) for the exact semantics of the flags.
.SH OPTIONS
.TP
.BR \-i , " \-\-ipc"
Unshare the IPC namespace.
.TP
.BR \-m , " \-\-mount"
Unshare the mount namespace.
.TP
.BR \-n , " \-\-net"
Unshare the network namespace.
.TP
.BR \-p , " \-\-pid"
Unshare the pid namespace.
See also the \fB--fork\fP and \fB--mount-proc\fP options.
.TP
.BR \-u , " \-\-uts"
Unshare the UTS namespace.
.TP
.BR \-U , " \-\-user"
Unshare the user namespace.
.TP
.BR \-f , " \-\-fork"
Fork the specified \fIprogram\fR as a child process of \fBunshare\fR rather than
running it directly.  This is useful when creating a new pid namespace.
.TP
.BR \-\-mount-proc "[=\fImountpoint\fP]"
Just before running the program, mount the proc filesystem at \fImountpoint\fP
(default is /proc).  This is useful when creating a new pid namespace.  It also
implies creating a new mount namespace since the /proc mount would otherwise
mess up existing programs on the system.  The new proc filesystem is explicitly
mounted as private (by MS_PRIVATE|MS_REC).
.TP
.BR \-r , " \-\-map-root-user"
Run the program only after the current effective user and group IDs have been mapped to
the superuser UID and GID in the newly created user namespace.  This makes it possible to
conveniently gain capabilities needed to manage various aspects of the newly created
namespaces (such as configuring interfaces in the network namespace or mounting filesystems in
the mount namespace) even when run unprivileged.  As a mere convenience feature, it does not support
more sophisticated use cases, such as mapping multiple ranges of UIDs and GIDs.
This option implies --setgroups=deny.
.TP
.BR \-s , " \-\-setgroups \fIallow|deny\fP"
Allow or deny
.BR setgroups (2)
syscall in user namespaces.

.BR setgroups(2)
is only callable with CAP_SETGID and CAP_SETGID in a user
namespace (since Linux 3.19) does not give you permission to call setgroups(2)
until after GID map has been set. The GID map is writable by root when
.BR setgroups(2)
is enabled and GID map becomes writable by unprivileged processes when
.BR setgroups(2)
is permamently disabled.
.TP
.BR \-V , " \-\-version"
Display version information and exit.
.TP
.BR \-h , " \-\-help"
Display help text and exit.
.SH SEE ALSO
.BR unshare (2),
.BR clone (2),
.BR mount (8)
.SH BUGS
None known so far.
.SH AUTHOR
Mikhail Gusarov <dottedmag@dottedmag.net>
.SH AVAILABILITY
The unshare command is part of the util-linux package and is available from
ftp://ftp.kernel.org/pub/linux/utils/util-linux/.
Commit	Line	Data
	1	.TH UNSHARE 1 "July 2014" "util-linux" "User Commands"
	2	.SH NAME
	3	unshare \- run program with some namespaces unshared from parent
	4	.SH SYNOPSIS
	5	.B unshare
	6	[options]
	7	.I program
	8	.RI [ arguments ]
	9	.SH DESCRIPTION
	10	Unshares the indicated namespaces from the parent process and then executes
	11	the specified \fIprogram\fR. The namespaces to be unshared are indicated via
	12	options. Unshareable namespaces are:
	13	.TP
	14	.BR "mount namespace"
	15	Mounting and unmounting filesystems will not affect the rest of the system
	16	(\fBCLONE_NEWNS\fP flag), except for filesystems which are explicitly marked as
	17	shared (with \fBmount --make-shared\fP; see \fI/proc/self/mountinfo\fP for the
	18	\fBshared\fP flags).
	19	.sp
	20	It's recommended to use \fBmount --make-rprivate\fP or \fBmount --make-rslave\fP
	21	after \fBunshare --mount\fP to make sure that mountpoints in the new namespace
	22	are really unshared from the parental namespace.
	23	.TP
	24	.BR "UTS namespace"
	25	Setting hostname or domainname will not affect the rest of the system.
	26	(\fBCLONE_NEWUTS\fP flag)
	27	.TP
	28	.BR "IPC namespace"
	29	The process will have an independent namespace for System V message queues,
	30	semaphore sets and shared memory segments. (\fBCLONE_NEWIPC\fP flag)
	31	.TP
	32	.BR "network namespace"
	33	The process will have independent IPv4 and IPv6 stacks, IP routing tables,
	34	firewall rules, the \fI/proc/net\fP and \fI/sys/class/net\fP directory trees,
	35	sockets, etc. (\fBCLONE_NEWNET\fP flag)
	36	.TP
	37	.BR "pid namespace"
	38	Children will have a distinct set of PID to process mappings from their parent.
	39	(\fBCLONE_NEWPID\fP flag)
	40	.TP
	41	.BR "user namespace"
	42	The process will have a distinct set of UIDs, GIDs and capabilities.
	43	(\fBCLONE_NEWUSER\fP flag)
	44	.PP
	45	See \fBclone\fR(2) for the exact semantics of the flags.
	46	.SH OPTIONS
	47	.TP
	48	.BR \-i , " \-\-ipc"
	49	Unshare the IPC namespace.
	50	.TP
	51	.BR \-m , " \-\-mount"
	52	Unshare the mount namespace.
	53	.TP
	54	.BR \-n , " \-\-net"
	55	Unshare the network namespace.
	56	.TP
	57	.BR \-p , " \-\-pid"
	58	Unshare the pid namespace.
	59	See also the \fB--fork\fP and \fB--mount-proc\fP options.
	60	.TP
	61	.BR \-u , " \-\-uts"
	62	Unshare the UTS namespace.
	63	.TP
	64	.BR \-U , " \-\-user"
	65	Unshare the user namespace.
	66	.TP
	67	.BR \-f , " \-\-fork"
	68	Fork the specified \fIprogram\fR as a child process of \fBunshare\fR rather than
	69	running it directly. This is useful when creating a new pid namespace.
	70	.TP
	71	.BR \-\-mount-proc "[=\fImountpoint\fP]"
	72	Just before running the program, mount the proc filesystem at \fImountpoint\fP
	73	(default is /proc). This is useful when creating a new pid namespace. It also
	74	implies creating a new mount namespace since the /proc mount would otherwise
	75	mess up existing programs on the system. The new proc filesystem is explicitly
	76	mounted as private (by MS_PRIVATE\|MS_REC).
	77	.TP
	78	.BR \-r , " \-\-map-root-user"
	79	Run the program only after the current effective user and group IDs have been mapped to
	80	the superuser UID and GID in the newly created user namespace. This makes it possible to
	81	conveniently gain capabilities needed to manage various aspects of the newly created
	82	namespaces (such as configuring interfaces in the network namespace or mounting filesystems in
	83	the mount namespace) even when run unprivileged. As a mere convenience feature, it does not support
	84	more sophisticated use cases, such as mapping multiple ranges of UIDs and GIDs.
	85	This option implies --setgroups=deny.
	86	.TP
	87	.BR \-s , " \-\-setgroups \fIallow\|deny\fP"
	88	Allow or deny
	89	.BR setgroups (2)
	90	syscall in user namespaces.
	91
	92	.BR setgroups(2)
	93	is only callable with CAP_SETGID and CAP_SETGID in a user
	94	namespace (since Linux 3.19) does not give you permission to call setgroups(2)
	95	until after GID map has been set. The GID map is writable by root when
	96	.BR setgroups(2)
	97	is enabled and GID map becomes writable by unprivileged processes when
	98	.BR setgroups(2)
	99	is permamently disabled.
	100	.TP
	101	.BR \-V , " \-\-version"
	102	Display version information and exit.
	103	.TP
	104	.BR \-h , " \-\-help"
	105	Display help text and exit.
	106	.SH SEE ALSO
	107	.BR unshare (2),
	108	.BR clone (2),
	109	.BR mount (8)
	110	.SH BUGS
	111	None known so far.
	112	.SH AUTHOR
	113	Mikhail Gusarov <dottedmag@dottedmag.net>
	114	.SH AVAILABILITY
	115	The unshare command is part of the util-linux package and is available from
	116	ftp://ftp.kernel.org/pub/linux/utils/util-linux/.