UNSHARE(1) User Commands UNSHARE(1)NAMEunshare - run program with some namespaces unshared from parent
SYNOPSISunshare [options] program [arguments]
DESCRIPTION
Unshares specified namespaces from parent process and then executes
specified program. Unshareable namespaces are:
mount namespace
mounting and unmounting filesystems will not affect rest of the
system (CLONE_NEWNS flag), except for filesystems which are
explicitly marked as shared (by mount --make-shared). See
/proc/self/mountinfo for the shared flags.
UTS namespace
setting hostname, domainname will not affect rest of the system
(CLONE_NEWUTS flag).
IPC namespace
process will have independent namespace for System V message
queues, semaphore sets and shared memory segments (CLONE_NEWIPC
flag).
network namespace
process will have independent IPv4 and IPv6 stacks, IP routing
tables, firewall rules, the /proc/net and /sys/class/net direcā
tory trees, sockets etc. (CLONE_NEWNET flag).
See the clone(2) for exact semantics of the flags.
OPTIONS-h, --help
Print a help message,
-m, --mount
Unshare the mount namespace,
-u, --uts
Unshare the UTC namespace,
-i, --ipc
Unshare the IPC namespace,
-n, --net
Unshare the network namespace.
NOTES
The unshare command drops potential privileges before executing the
target program. This allows to setuid unshare.
SEE ALSOunshare(2), clone(2)BUGS
None known so far.
AUTHOR
Mikhail Gusarov <dottedmag@dottedmag.net>
AVAILABILITY
The unshare command is part of the util-linux package and is available
from ftp://ftp.kernel.org/pub/linux/utils/util-linux/.
util-linux October 2008 UNSHARE(1)