UNSHARE(1) User Commands UNSHARE(1)NAMEunshare - run program with some namespaces unshared from parent
SYNOPSISunshare [options] program [arguments]
DESCRIPTION
Unshares the indicated namespaces from the parent process and then exe‐
cutes the specified program. The namespaces to be unshared are indi‐
cated via options. Unshareable namespaces are:
mount namespace
Mounting and unmounting filesystems will not affect the rest of
the system (CLONE_NEWNS flag), except for filesystems which are
explicitly marked as shared (with mount --make-shared; see
/proc/self/mountinfo for the shared flags).
UTS namespace
Setting hostname or domainname will not affect the rest of the
system. (CLONE_NEWUTS flag)
IPC namespace
The process will have an independent namespace for System V mes‐
sage queues, semaphore sets and shared memory segments.
(CLONE_NEWIPC flag)
network namespace
The process will have independent IPv4 and IPv6 stacks, IP rout‐
ing tables, firewall rules, the /proc/net and /sys/class/net
directory trees, sockets, etc. (CLONE_NEWNET flag)
pid namespace
Children will have a distinct set of PID to process mappings
from their parent. (CLONE_NEWPID flag)
user namespace
The process will have a distinct set of UIDs, GIDs and capabili‐
ties. (CLONE_NEWUSER flag)
See clone(2) for the exact semantics of the flags.
OPTIONS-h, --help
Display help text and exit.
-i, --ipc
Unshare the IPC namespace.
-m, --mount
Unshare the mount namespace.
-n, --net
Unshare the network namespace.
-p, --pid
Unshare the pid namespace. See also the --fork and --mount-proc
options.
-u, --uts
Unshare the UTS namespace.
-U, --user
Unshare the user namespace.
-f, --fork
Fork the specified program as a child process of unshare rather
than running it directly. This is useful when creating a new
pid namespace.
--mount-proc[=mountpoint]
Just before running the program, mount the proc filesystem at
the mountpoint (default is /proc). This is useful when creating
a new pid namespace. It also implies creating a new mount
namespace since the /proc mount would otherwise mess up existing
programs on the system.
SEE ALSOunshare(2), clone(2)BUGS
None known so far.
AUTHOR
Mikhail Gusarov <dottedmag@dottedmag.net>
AVAILABILITY
The unshare command is part of the util-linux package and is available
from ftp://ftp.kernel.org/pub/linux/utils/util-linux/.
util-linux July 2013 UNSHARE(1)