unshare — disassociate parts of the process execution context
#define _GNU_SOURCE #include <sched.h>
int
unshare( |
int | flags) ; |
unshare
() allows a process
to disassociate parts of its execution context that are
currently being shared with other processes. Part of the
execution context, such as the namespace, is shared
implicitly when a new process is created using fork(2) or vfork(2), while other
parts, such as virtual memory, may be shared by explicit
request when creating a process using clone(2).
The main use of unshare
() is
to allow a process to control its shared execution context
without creating a new process.
The flags
argument
is a bit mask that specifies which parts of the execution
context should be unshared. This argument is specified by
ORing together zero or more of the following constants:
CLONE_FILES
Reverse the effect of the clone(2) CLONE_FILES
flag. Unshare the file
descriptor table, so that the calling process no longer
shares its file descriptors with any other process.
CLONE_FS
Reverse the effect of the clone(2) CLONE_FS
flag. Unshare file system
attributes, so that the calling process no longer
shares its root directory, current directory, or umask
attributes with any other process. chroot(2), chdir(2), or
umask(2)
CLONE_NEWNS
This flag has the same
effect as the
clone(2) CLONE_NEWNS
flag. Unshare the
namespace, so that the calling process has a private
copy of its namespace which is not shared with any
other process. Specifying this flag automatically
implies CLONE_FS
as
well.
If flags
is
specified as zero, then unshare
() is a no-op; no changes are made
to the calling process's execution context.
On success, zero returned. On failure, −1 is
returned and errno
is set to
indicate the error.
An invalid bit was specified in flags
.
Cannot allocate sufficient memory to copy parts of caller's context that need to be unshared.
flags
specified CLONE_NEWNS
but
the calling process was not privileged (did not have
the CAP_SYS_ADMIN
capability).
Not all of the process attributes that can be shared when
a new process is created using clone(2) can be unshared
using unshare
(). In particular,
as at kernel 2.6.16, unshare
()
does not implement flags that reverse the effects of
CLONE_SIGHAND
, CLONE_SYSVSEM
, CLONE_THREAD
, or CLONE_VM
. Such functionality may be added
in the future, if required.
This page is part of release 2.79 of the Linux man-pages
project. A
description of the project, and information about reporting
bugs, can be found at
http://www.kernel.org/doc/man-pages/.
Copyright (C) 2006, Janak Desai <janakus.ibm.com> and Copyright (C) 2006, Michael Kerrisk <mtk.manpagesgmail.com> Licensed under the GPL Patch Justification: unshare system call is needed to implement, using PAM, per-security_context and/or per-user namespace to provide polyinstantiated directories. Using unshare and bind mounts, a PAM module can create private namespace with appropriate directories(based on user's security context) bind mounted on public directories such as /tmp, thus providing an instance of /tmp that is based on user's security context. Without the unshare system call, namespace separation can only be achieved by clone, which would require porting and maintaining all commands such as login, and su, that establish a user session. FIXME Document CLONE_NEWIPC, which is new in 2.6.18 FIXME Document CLONE_NEWUTS, which is new in 2.6.19 |