Provided by: manpages-dev_3.35-0.1ubuntu1_all bug

NAME

       unshare - disassociate parts of the process execution context

SYNOPSIS

       #define _GNU_SOURCE             /* See feature_test_macros(7) */
       #include <sched.h>

       int unshare(int flags);

DESCRIPTION

       unshare()  allows  a  process  to  disassociate  parts of its execution
       context that are currently being shared with other processes.  Part  of
       the   execution  context,  such  as  the  mount  namespace,  is  shared
       implicitly when a new process is created  using  fork(2)  or  vfork(2),
       while  other  parts,  such as virtual memory, may be shared by explicit
       request when creating a process using clone(2).

       The main use of unshare() is to allow a process to control  its  shared
       execution context without creating a new process.

       The  flags  argument  is  a  bit mask that specifies which parts of the
       execution context should be unshared.  This argument  is  specified  by
       ORing together zero or more of the following constants:

       CLONE_FILES
              Reverse  the  effect  of the clone(2) CLONE_FILES flag.  Unshare
              the file descriptor table, so that the calling process no longer
              shares its file descriptors with any other process.

       CLONE_FS
              Reverse  the effect of the clone(2) CLONE_FS flag.  Unshare file
              system attributes, so that the calling process no longer  shares
              its  root directory, current directory, or umask attributes with
              any other process.  chroot(2), chdir(2), or umask(2)

       CLONE_NEWIPC (since Linux 2.6.19)
              This flag has the same effect as the clone(2) CLONE_NEWIPC flag.
              Unshare  the System V IPC namespace, so that the calling process
              has a private copy of the System V IPC namespace  which  is  not
              shared   with   any   other   process.    Specifying  this  flag
              automatically   implies   CLONE_SYSVSEM   as   well.    Use   of
              CLONE_NEWIPC requires the CAP_SYS_ADMIN capability.

       CLONE_NEWNET (since Linux 2.6.24)
              This flag has the same effect as the clone(2) CLONE_NEWNET flag.
              Unshare the network namespace, so that the  calling  process  is
              moved  into a new network namespace which is not shared with any
              previously  existing   process.    CLONE_NEWNET   requires   the
              CAP_SYS_ADMIN capability.

       CLONE_NEWNS
              This  flag has the same effect as the clone(2) CLONE_NEWNS flag.
              Unshare the mount namespace, so that the calling process  has  a
              private copy of its namespace which is not shared with any other
              process.  Specifying this flag automatically implies CLONE_FS as
              well.  Use of CLONE_NEWNS requires the CAP_SYS_ADMIN capability.

       CLONE_SYSVSEM (since Linux 2.6.26)
              This  flag  reverses  the  effect  of the clone(2) CLONE_SYSVSEM
              flag.  Unshare System V  semaphore  undo  values,  so  that  the
              calling  process has a private copy which is not shared with any
              other process.  Use of CLONE_SYSVSEM requires the  CAP_SYS_ADMIN
              capability.

       CLONE_NEWUTS (since Linux 2.6.19)
              This flag has the same effect as the clone(2) CLONE_NEWUTS flag.
              Unshare the UTS IPC namespace, so that the calling process has a
              private  copy  of the UTS namespace which is not shared with any
              other process.  Use of CLONE_NEWUTS requires  the  CAP_SYS_ADMIN
              capability.

       If  flags  is  specified as zero, then unshare() is a no-op; no changes
       are made to the calling process's execution context.

RETURN VALUE

       On success, zero returned.  On failure, -1 is returned and errno is set
       to indicate the error.

ERRORS

       EINVAL An invalid bit was specified in flags.

       ENOMEM Cannot  allocate  sufficient  memory  to  copy parts of caller's
              context that need to be unshared.

       EPERM  The calling process did not have  the  required  privileges  for
              this operation.

VERSIONS

       The unshare() system call was added to Linux in kernel 2.6.16.

CONFORMING TO

       The unshare() system call is Linux-specific.

NOTES

       Not all of the process attributes that can be shared when a new process
       is  created  using  clone(2)  can  be  unshared  using  unshare().   In
       particular,  as  at  kernel  2.6.16, unshare() does not implement flags
       that reverse the effects of CLONE_SIGHAND, CLONE_SYSVSEM, CLONE_THREAD,
       or  CLONE_VM.   Such  functionality  may  be  added  in  the future, if
       required.

SEE ALSO

       clone(2), fork(2), vfork(2), Documentation/unshare.txt

COLOPHON

       This page is part of release 3.35 of the Linux  man-pages  project.   A
       description  of  the project, and information about reporting bugs, can
       be found at http://man7.org/linux/man-pages/.