diff options
Diffstat (limited to 'man2/unshare.2')
-rw-r--r-- | man2/unshare.2 | 77 |
1 files changed, 40 insertions, 37 deletions
diff --git a/man2/unshare.2 b/man2/unshare.2 index 98d92cf72..e891e49a4 100644 --- a/man2/unshare.2 +++ b/man2/unshare.2 @@ -34,12 +34,12 @@ allows a process (or thread) to disassociate parts of its execution context that are currently being shared with other processes (or threads). Part of the execution context, such as the mount namespace, is shared implicitly when a new process is created using -.BR fork (2) +.MR fork 2 or -.BR vfork (2), +.MR vfork 2 , while other parts, such as virtual memory, may be shared by explicit request when creating a process or thread using -.BR clone (2). +.MR clone 2 . .P The main use of .BR unshare () @@ -55,7 +55,7 @@ of the following constants: .TP .B CLONE_FILES Reverse the effect of the -.BR clone (2) +.MR clone 2 .B CLONE_FILES flag. Unshare the file descriptor table, so that the calling process @@ -63,21 +63,24 @@ no longer shares its file descriptors with any other process. .TP .B CLONE_FS Reverse the effect of the -.BR clone (2) +.MR clone 2 .B CLONE_FS flag. Unshare filesystem attributes, so that the calling process no longer shares its root directory -.RB ( chroot (2)), +\%(\c +.MR chroot 2 ), current directory -.RB ( chdir (2)), +\%(\c +.MR chdir 2 ), or umask -.RB ( umask (2)) +\%(\c +.MR umask 2 ) attributes with any other process. .TP .BR CLONE_NEWCGROUP " (since Linux 4.6)" This flag has the same effect as the -.BR clone (2) +.MR clone 2 .B CLONE_NEWCGROUP flag. Unshare the cgroup namespace. @@ -89,7 +92,7 @@ capability. .TP .BR CLONE_NEWIPC " (since Linux 2.6.19)" This flag has the same effect as the -.BR clone (2) +.MR clone 2 .B CLONE_NEWIPC flag. Unshare the IPC namespace, @@ -106,7 +109,7 @@ capability. .TP .BR CLONE_NEWNET " (since Linux 2.6.24)" This flag has the same effect as the -.BR clone (2) +.MR clone 2 .B CLONE_NEWNET flag. Unshare the network namespace, @@ -125,7 +128,7 @@ capability. .\" CLONE_FS, and CLONE_FILES reverse the action of the clone() .\" flags of the same name. This flag has the same effect as the -.BR clone (2) +.MR clone 2 .B CLONE_NEWNS flag. Unshare the mount namespace, @@ -140,11 +143,11 @@ requires the .B CAP_SYS_ADMIN capability. For further information, see -.BR mount_namespaces (7). +.MR mount_namespaces 7 . .TP .BR CLONE_NEWPID " (since Linux 3.8)" This flag has the same effect as the -.BR clone (2) +.MR clone 2 .B CLONE_NEWPID flag. Unshare the PID namespace, @@ -155,7 +158,7 @@ The calling process is moved into the new namespace. The first child created by the calling process will have the process ID 1 and will assume the role of -.BR init (1) +.MR init 1 in the new namespace. .B CLONE_NEWPID automatically implies @@ -167,7 +170,7 @@ requires the .B CAP_SYS_ADMIN capability. For further information, see -.BR pid_namespaces (7). +.MR pid_namespaces 7 . .TP .BR CLONE_NEWTIME " (since Linux 5.6)" Unshare the time namespace, @@ -182,18 +185,18 @@ requires the .B CAP_SYS_ADMIN capability. For further information, see -.BR time_namespaces (7). +.MR time_namespaces 7 . .TP .BR CLONE_NEWUSER " (since Linux 3.8)" This flag has the same effect as the -.BR clone (2) +.MR clone 2 .B CLONE_NEWUSER flag. Unshare the user namespace, so that the calling process is moved into a new user namespace which is not shared with any previously existing process. As with the child process created by -.BR clone (2) +.MR clone 2 with the .B CLONE_NEWUSER flag, the caller obtains a full set of capabilities in the new namespace. @@ -215,11 +218,11 @@ of the calling process are mapped to user IDs and group IDs in the user namespace of the calling process at the time of the call. .IP For further information on user namespaces, see -.BR user_namespaces (7). +.MR user_namespaces 7 . .TP .BR CLONE_NEWUTS " (since Linux 2.6.19)" This flag has the same effect as the -.BR clone (2) +.MR clone 2 .B CLONE_NEWUTS flag. Unshare the UTS IPC namespace, @@ -234,7 +237,7 @@ capability. .BR CLONE_SYSVSEM " (since Linux 2.6.26)" .\" commit 9edff4ab1f8d82675277a04e359d0ed8bf14a7b7 This flag reverses the effect of the -.BR clone (2) +.MR clone 2 .B CLONE_SYSVSEM flag. Unshare System\ V semaphore adjustment @@ -247,7 +250,7 @@ If this is the last process that has a reference to the process's current .I semadj list, then the adjustments in that list are applied to the corresponding semaphores, as described in -.BR semop (2). +.MR semop 2 . .\" CLONE_NEWNS If CLONE_SIGHAND is set and signals are also being shared .\" (i.e., current->signal->count > 1), force CLONE_THREAD. .P @@ -366,7 +369,7 @@ context that need to be unshared. was specified in flags, but the limit on the nesting depth of PID namespaces would have been exceeded; see -.BR pid_namespaces (7). +.MR pid_namespaces 7 . .TP .BR ENOSPC " (since Linux 4.9; beforehand " EUSERS ) .B CLONE_NEWUSER @@ -375,7 +378,7 @@ was specified in and the call would cause the limit on the number of nested user namespaces to be exceeded. See -.BR user_namespaces (7). +.MR user_namespaces 7 . .IP From Linux 3.11 to Linux 4.8, the error diagnosed in this case was .BR EUSERS . @@ -388,7 +391,7 @@ but doing so would have caused the limit defined by the corresponding file in .I /proc/sys/user to be exceeded. For further details, see -.BR namespaces (7). +.MR namespaces 7 . .TP .B EPERM The calling process did not have the required privileges for this operation. @@ -399,7 +402,7 @@ was specified in .IR flags , but either the effective user ID or the effective group ID of the caller does not have a mapping in the parent namespace (see -.BR user_namespaces (7)). +.MR user_namespaces 7 ). .TP .BR EPERM " (since Linux 3.9)" .\" commit 3151527ee007b73a0ebd296010f1c0454a919c7d @@ -426,7 +429,7 @@ Linux 2.6.16. .SH NOTES Not all of the process attributes that can be shared when a new process is created using -.BR clone (2) +.MR clone 2 can be unshared using .BR unshare (). In particular, as at kernel 3.8, @@ -470,7 +473,7 @@ call does not require the capability in the original namespace. .SH EXAMPLES The program below provides a simple implementation of the -.BR unshare (1) +.MR unshare 1 command, which unshares one or more namespaces and executes the command supplied in its command-line arguments. Here's an example of the use of this program, @@ -489,7 +492,7 @@ mnt:[4026532325] .in .P The differing output of the two -.BR readlink (1) +.MR readlink 1 commands shows that the two shells are in different mount namespaces. .SS Program source \& @@ -556,13 +559,13 @@ main(int argc, char *argv[]) .EE .\" SRC END .SH SEE ALSO -.BR unshare (1), -.BR clone (2), -.BR fork (2), -.BR kcmp (2), -.BR setns (2), -.BR vfork (2), -.BR namespaces (7) +.MR unshare 1 , +.MR clone 2 , +.MR fork 2 , +.MR kcmp 2 , +.MR setns 2 , +.MR vfork 2 , +.MR namespaces 7 .P .I Documentation/userspace\-api/unshare.rst in the Linux kernel source tree |