Ubuntu Manpage: unshare - disassociate parts of the process execution context

name
synopsis
description
return value
errors
versions
conforming to
notes
see also
colophon

Provided by: manpages-dev_3.54-1ubuntu1_all

NAME

       unshare - disassociate parts of the process execution context

SYNOPSIS

       #include <sched.h>

       int unshare(int flags);

   Feature Test Macro Requirements for glibc (see feature_test_macros(7)):

       unshare():
           Since glibc 2.14:
               _GNU_SOURCE
           Before glibc 2.14:
               _BSD_SOURCE || _SVID_SOURCE
                   /* _GNU_SOURCE also suffices */

DESCRIPTION

       unshare() allows a process to disassociate parts of its execution context that are currently being shared
       with other processes.  Part of the execution context, such as the mount namespace, is  shared  implicitly
       when  a  new process is created using fork(2) or vfork(2), while other parts, such as virtual memory, may
       be shared by explicit request when creating a process using clone(2).

       The main use of unshare() is to allow a process to control its shared execution context without  creating
       a new process.

       The  flags argument is a bit mask that specifies which parts of the execution context should be unshared.
       This argument is specified by ORing together zero or more of the following constants:

       CLONE_FILES
              Reverse the effect of the clone(2) CLONE_FILES flag.  Unshare the file descriptor table,  so  that
              the calling process no longer shares its file descriptors with any other process.

       CLONE_FS
              Reverse  the  effect  of  the  clone(2) CLONE_FS flag.  Unshare filesystem attributes, so that the
              calling process no longer shares its root directory (chroot(2)), current directory (chdir(2)),  or
              umask (umask(2)) attributes with any other process.

       CLONE_NEWIPC (since Linux 2.6.19)
              This  flag  has  the  same  effect  as  the  clone(2) CLONE_NEWIPC flag.  Unshare the System V IPC
              namespace, so that the calling process has a private copy of the System V IPC namespace  which  is
              not  shared  with  any other process.  Specifying this flag automatically implies CLONE_SYSVSEM as
              well.  Use of CLONE_NEWIPC requires the CAP_SYS_ADMIN capability.

       CLONE_NEWNET (since Linux 2.6.24)
              This flag has the same effect as the clone(2) CLONE_NEWNET flag.  Unshare the  network  namespace,
              so  that  the  calling  process is moved into a new network namespace which is not shared with any
              previously existing process.  Use of CLONE_NEWNET requires the CAP_SYS_ADMIN capability.

       CLONE_NEWNS
              This flag has the same effect as the clone(2) CLONE_NEWNS flag.  Unshare the mount  namespace,  so
              that  the  calling  process has a private copy of its namespace which is not shared with any other
              process.  Specifying this flag  automatically  implies  CLONE_FS  as  well.   Use  of  CLONE_NEWNS
              requires the CAP_SYS_ADMIN capability.

       CLONE_NEWUTS (since Linux 2.6.19)
              This  flag  has the same effect as the clone(2) CLONE_NEWUTS flag.  Unshare the UTS IPC namespace,
              so that the calling process has a private copy of the UTS namespace which is not shared  with  any
              other process.  Use of CLONE_NEWUTS requires the CAP_SYS_ADMIN capability.

       CLONE_SYSVSEM (since Linux 2.6.26)
              This flag reverses the effect of the clone(2) CLONE_SYSVSEM flag.  Unshare System V semaphore undo
              values, so that the calling process has a private copy which is not shared with any other process.
              Use of CLONE_SYSVSEM requires the CAP_SYS_ADMIN capability.

       If  flags  is  specified as zero, then unshare() is a no-op; no changes are made to the calling process's
       execution context.

RETURN VALUE

       On success, zero returned.  On failure, -1 is returned and errno is set to indicate the error.

ERRORS

       EINVAL An invalid bit was specified in flags.

       ENOMEM Cannot allocate sufficient memory to copy parts of caller's context that need to be unshared.

       EPERM  The calling process did not have the required privileges for this operation.

VERSIONS

       The unshare() system call was added to Linux in kernel 2.6.16.

CONFORMING TO

       The unshare() system call is Linux-specific.

NOTES

       Not all of the process attributes that can be shared when a new process is created using clone(2) can  be
       unshared  using  unshare().   In  particular,  as  at kernel 3.8, unshare() does not implement flags that
       reverse the effects of CLONE_SIGHAND, CLONE_THREAD, or CLONE_VM.  Such functionality may be added in  the
       future, if required.

COLOPHON

       This  page  is  part  of  release 3.54 of the Linux man-pages project.  A description of the project, and
       information about reporting bugs, can be found at http://www.kernel.org/doc/man-pages/.

NAME

SYNOPSIS

DESCRIPTION

RETURN VALUE

ERRORS

VERSIONS

CONFORMING TO

NOTES

SEE ALSO

COLOPHON