Provided by: manpages-dev_3.54-1ubuntu1_all bug

NAME
       unshare - disassociate parts of the process execution context


SYNOPSIS
       #include <sched.h>

       int unshare(int flags);

   Feature Test Macro Requirements for glibc (see feature_test_macros(7)):

       unshare():
           Since glibc 2.14:
               _GNU_SOURCE
           Before glibc 2.14:
               _BSD_SOURCE || _SVID_SOURCE
                   /* _GNU_SOURCE also suffices */


DESCRIPTION
       unshare() allows a process to disassociate parts of its execution context that are currently being shared
       with  other  processes.  Part of the execution context, such as the mount namespace, is shared implicitly
       when a new process is created using fork(2) or vfork(2), while other parts, such as virtual  memory,  may
       be shared by explicit request when creating a process using clone(2).

       The  main use of unshare() is to allow a process to control its shared execution context without creating
       a new process.

       The flags argument is a bit mask that specifies which parts of the execution context should be  unshared.
       This argument is specified by ORing together zero or more of the following constants:

       CLONE_FILES
              Reverse  the  effect of the clone(2) CLONE_FILES flag.  Unshare the file descriptor table, so that
              the calling process no longer shares its file descriptors with any other process.

       CLONE_FS
              Reverse the effect of the clone(2) CLONE_FS flag.  Unshare  filesystem  attributes,  so  that  the
              calling  process no longer shares its root directory (chroot(2)), current directory (chdir(2)), or
              umask (umask(2)) attributes with any other process.

       CLONE_NEWIPC (since Linux 2.6.19)
              This flag has the same effect as the  clone(2)  CLONE_NEWIPC  flag.   Unshare  the  System  V  IPC
              namespace,  so  that the calling process has a private copy of the System V IPC namespace which is
              not shared with any other process.  Specifying this flag automatically  implies  CLONE_SYSVSEM  as
              well.  Use of CLONE_NEWIPC requires the CAP_SYS_ADMIN capability.

       CLONE_NEWNET (since Linux 2.6.24)
              This  flag  has the same effect as the clone(2) CLONE_NEWNET flag.  Unshare the network namespace,
              so that the calling process is moved into a new network namespace which is  not  shared  with  any
              previously existing process.  Use of CLONE_NEWNET requires the CAP_SYS_ADMIN capability.

       CLONE_NEWNS
              This  flag  has the same effect as the clone(2) CLONE_NEWNS flag.  Unshare the mount namespace, so
              that the calling process has a private copy of its namespace which is not shared  with  any  other
              process.   Specifying  this  flag  automatically  implies  CLONE_FS  as  well.  Use of CLONE_NEWNS
              requires the CAP_SYS_ADMIN capability.

       CLONE_NEWUTS (since Linux 2.6.19)
              This flag has the same effect as the clone(2) CLONE_NEWUTS flag.  Unshare the UTS  IPC  namespace,
              so  that  the calling process has a private copy of the UTS namespace which is not shared with any
              other process.  Use of CLONE_NEWUTS requires the CAP_SYS_ADMIN capability.

       CLONE_SYSVSEM (since Linux 2.6.26)
              This flag reverses the effect of the clone(2) CLONE_SYSVSEM flag.  Unshare System V semaphore undo
              values, so that the calling process has a private copy which is not shared with any other process.
              Use of CLONE_SYSVSEM requires the CAP_SYS_ADMIN capability.

       If flags is specified as zero, then unshare() is a no-op; no changes are made to  the  calling  process's
       execution context.


RETURN VALUE
       On success, zero returned.  On failure, -1 is returned and errno is set to indicate the error.


ERRORS
       EINVAL An invalid bit was specified in flags.

       ENOMEM Cannot allocate sufficient memory to copy parts of caller's context that need to be unshared.

       EPERM  The calling process did not have the required privileges for this operation.


VERSIONS
       The unshare() system call was added to Linux in kernel 2.6.16.


CONFORMING TO
       The unshare() system call is Linux-specific.


NOTES
       Not  all of the process attributes that can be shared when a new process is created using clone(2) can be
       unshared using unshare().  In particular, as at kernel 3.8,  unshare()  does  not  implement  flags  that
       reverse  the effects of CLONE_SIGHAND, CLONE_THREAD, or CLONE_VM.  Such functionality may be added in the
       future, if required.


SEE ALSO
       clone(2), fork(2), kcmp(2), setns(2), vfork(2)

       Documentation/unshare.txt in the Linux kernel source tree


COLOPHON
       This page is part of release 3.54 of the Linux man-pages project.  A  description  of  the  project,  and
       information about reporting bugs, can be found at http://www.kernel.org/doc/man-pages/.

Linux                                              2013-04-17                                         UNSHARE(2)