NAME¶
unshare - run program with some namespaces unshared from parent
SYNOPSIS¶
unshare [
options] program [
arguments]
DESCRIPTION¶
Unshares specified namespaces from parent process and then executes specified
program. Unshareable namespaces are:
- mount namespace
- mounting and unmounting filesystems will not affect rest of
the system ( CLONE_NEWNS flag),
- UTS namespace
- setting hostname, domainname will not affect rest of the
system ( CLONE_NEWUTS flag),
- IPC namespace
- process will have independent namespace for System V
message queues, semaphore sets and shared memory segments (
CLONE_NEWIPC flag),
- network namespace
- process will have independent IPv4 and IPv6 stacks, IP
routing tables, firewall rules, the /proc/net and
/sys/class/net directory trees, sockets etc. ( CLONE_NEWNET
flag).
- See the clone(2) for exact semantics of the flags.
OPTIONS¶
- -h, --help
- Print a help message,
- -m, --mount
- Unshare the mount namespace,
- -u, --uts
- Unshare the UTS namespace,
- -i, --ipc
- Unshare the IPC namespace,
- -n, --net
- Unshare the network namespace.
NOTES¶
The unshare command drops potential privileges before executing the target
program. This allows to setuid unshare.
SEE ALSO¶
unshare(2),
clone(2)
BUGS¶
None known so far.
AUTHOR¶
Mikhail Gusarov <dottedmag@dottedmag.net>
AVAILABILITY¶
The unshare command is part of the util-linux package and is available from
ftp://ftp.kernel.org/pub/linux/utils/util-linux/.
