sockets, etc. (\fBCLONE_NEWNET\fP flag)
.TP
.BR "pid namespace"
-Children will have a distinct set of PID to process mappings from their parent.
+Children will have a distinct set of PID-to-process mappings from their parent.
(\fBCLONE_NEWPID\fP flag)
.TP
+ .BR "cgroup namespace"
+ The process will have a virtualized view of \fI/proc\:/self\:/cgroup\fP, and new
+ cgroup mounts will be rooted at the namespace cgroup root.
+ (\fBCLONE_NEWCGROUP\fP flag)
+ .TP
.BR "user namespace"
The process will have a distinct set of UIDs, GIDs and capabilities.
(\fBCLONE_NEWUSER\fP flag)
See \fBclone\fR(2) for the exact semantics of the flags.
.SH OPTIONS
.TP
-.BR \-i , " \-\-ipc"[=\fIfile\fP]
-Unshare the IPC namespace. If \fIfile\fP is specified then persistent namespace is created
-by bind mount.
+.BR \-i , " \-\-ipc" [ =\fIfile ]
+Unshare the IPC namespace. If \fIfile\fP is specified, then a persistent
+namespace is created by a bind mount.
.TP
-.BR \-m , " \-\-mount"[=\fIfile\fP]
-Unshare the mount namespace. If \fIfile\fP is specified then persistent namespace is created
-by bind mount. Note that \fIfile\fP has to be located on filesystem with
-propagation flag set to \fBprivate\fP. Use command \fBfindmnt -o+PROPAGATION\fP
-if not sure about the current setting. See also examples below.
+.BR \-m , " \-\-mount" [ =\fIfile ]
+Unshare the mount namespace. If \fIfile\fP is specified, then a persistent
+namespace is created by a bind mount.
+Note that \fIfile\fP has to be located on a filesystem with the propagation
+flag set to \fBprivate\fP. Use the command \fBfindmnt -o+PROPAGATION\fP
+when not sure about the current setting. See also the examples below.
.TP
-.BR \-n , " \-\-net"[=\fIfile\fP]
-Unshare the network namespace. If \fIfile\fP is specified then persistent namespace is created
-by bind mount.
+.BR \-n , " \-\-net" [ =\fIfile ]
+Unshare the network namespace. If \fIfile\fP is specified, then a persistent
+namespace is created by a bind mount.
.TP
-.BR \-p , " \-\-pid"[=\fIfile\fP]
-Unshare the pid namespace. If \fIfile\fP is specified then persistent namespace is created
-by bind mount. See also the \fB--fork\fP and \fB--mount-proc\fP options.
+.BR \-p , " \-\-pid" [ =\fIfile ]
+Unshare the PID namespace. If \fIfile\fP is specified then persistent
+namespace is created by a bind mount. See also the \fB--fork\fP and
+\fB--mount-proc\fP options.
.TP
-.BR \-u , " \-\-uts"[=\fIfile\fP]
-Unshare the UTS namespace. If \fIfile\fP is specified then persistent namespace is created
-by bind mount.
+.BR \-u , " \-\-uts" [ =\fIfile ]
+Unshare the UTS namespace. If \fIfile\fP is specified, then a persistent
+namespace is created by a bind mount.
.TP
-.BR \-U , " \-\-user"[=\fIfile\fP]
-Unshare the user namespace. If \fIfile\fP is specified then persistent namespace is created
-by bind mount.
+.BR \-U , " \-\-user" [ =\fIfile ]
+Unshare the user namespace. If \fIfile\fP is specified, then a persistent
+namespace is created by a bind mount.
.TP
+ .BR \-C , " \-\-cgroup"[=\fIfile\fP]
+ Unshare the cgroup namespace. If \fIfile\fP is specified then persistent namespace is created
+ by bind mount.
+ .TP
.BR \-f , " \-\-fork"
Fork the specified \fIprogram\fR as a child process of \fBunshare\fR rather than
-running it directly. This is useful when creating a new pid namespace.
+running it directly. This is useful when creating a new PID namespace.
.TP
-.BR \-\-mount\-proc "[=\fImountpoint\fP]"
+.BR \-\-mount\-proc [ =\fImountpoint ]
Just before running the program, mount the proc filesystem at \fImountpoint\fP
-(default is /proc). This is useful when creating a new pid namespace. It also
+(default is /proc). This is useful when creating a new PID namespace. It also
implies creating a new mount namespace since the /proc mount would otherwise
mess up existing programs on the system. The new proc filesystem is explicitly
-mounted as private (by MS_PRIVATE|MS_REC).
+mounted as private (with MS_PRIVATE|MS_REC).
.TP
.BR \-r , " \-\-map\-root\-user"
Run the program only after the current effective user and group IDs have been mapped to
projects / thirdparty / util-linux.git / commitdiff
