1UNSHARE(2) Linux Programmer's Manual UNSHARE(2)
2
3
4
6 unshare - disassociate parts of the process execution context
7
9 #include <sched.h>
10
11 int unshare(int flags);
12
13 Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
14
15 unshare():
16 Since glibc 2.14:
17 _GNU_SOURCE
18 Before glibc 2.14:
19 _BSD_SOURCE || _SVID_SOURCE
20 /* _GNU_SOURCE also suffices */
21
23 unshare() allows a process to disassociate parts of its execution con‐
24 text that are currently being shared with other processes. Part of the
25 execution context, such as the mount namespace, is shared implicitly
26 when a new process is created using fork(2) or vfork(2), while other
27 parts, such as virtual memory, may be shared by explicit request when
28 creating a process using clone(2).
29
30 The main use of unshare() is to allow a process to control its shared
31 execution context without creating a new process.
32
33 The flags argument is a bit mask that specifies which parts of the exe‐
34 cution context should be unshared. This argument is specified by ORing
35 together zero or more of the following constants:
36
37 CLONE_FILES
38 Reverse the effect of the clone(2) CLONE_FILES flag. Unshare
39 the file descriptor table, so that the calling process no longer
40 shares its file descriptors with any other process.
41
42 CLONE_FS
43 Reverse the effect of the clone(2) CLONE_FS flag. Unshare file
44 system attributes, so that the calling process no longer shares
45 its root directory (chroot(2)), current directory (chdir(2)), or
46 umask (umask(2)) attributes with any other process.
47
48 CLONE_NEWIPC (since Linux 2.6.19)
49 This flag has the same effect as the clone(2) CLONE_NEWIPC flag.
50 Unshare the System V IPC namespace, so that the calling process
51 has a private copy of the System V IPC namespace which is not
52 shared with any other process. Specifying this flag automati‐
53 cally implies CLONE_SYSVSEM as well. Use of CLONE_NEWIPC
54 requires the CAP_SYS_ADMIN capability.
55
56 CLONE_NEWNET (since Linux 2.6.24)
57 This flag has the same effect as the clone(2) CLONE_NEWNET flag.
58 Unshare the network namespace, so that the calling process is
59 moved into a new network namespace which is not shared with any
60 previously existing process. Use of CLONE_NEWNET requires the
61 CAP_SYS_ADMIN capability.
62
63 CLONE_NEWNS
64 This flag has the same effect as the clone(2) CLONE_NEWNS flag.
65 Unshare the mount namespace, so that the calling process has a
66 private copy of its namespace which is not shared with any other
67 process. Specifying this flag automatically implies CLONE_FS as
68 well. Use of CLONE_NEWNS requires the CAP_SYS_ADMIN capability.
69
70 CLONE_NEWUTS (since Linux 2.6.19)
71 This flag has the same effect as the clone(2) CLONE_NEWUTS flag.
72 Unshare the UTS IPC namespace, so that the calling process has a
73 private copy of the UTS namespace which is not shared with any
74 other process. Use of CLONE_NEWUTS requires the CAP_SYS_ADMIN
75 capability.
76
77 CLONE_SYSVSEM (since Linux 2.6.26)
78 This flag reverses the effect of the clone(2) CLONE_SYSVSEM
79 flag. Unshare System V semaphore undo values, so that the call‐
80 ing process has a private copy which is not shared with any
81 other process. Use of CLONE_SYSVSEM requires the CAP_SYS_ADMIN
82 capability.
83
84 If flags is specified as zero, then unshare() is a no-op; no changes
85 are made to the calling process's execution context.
86
88 On success, zero returned. On failure, -1 is returned and errno is set
89 to indicate the error.
90
92 EINVAL An invalid bit was specified in flags.
93
94 ENOMEM Cannot allocate sufficient memory to copy parts of caller's con‐
95 text that need to be unshared.
96
97 EPERM The calling process did not have the required privileges for
98 this operation.
99
101 The unshare() system call was added to Linux in kernel 2.6.16.
102
104 The unshare() system call is Linux-specific.
105
107 Not all of the process attributes that can be shared when a new process
108 is created using clone(2) can be unshared using unshare(). In particu‐
109 lar, as at kernel 3.8, unshare() does not implement flags that reverse
110 the effects of CLONE_SIGHAND, CLONE_THREAD, or CLONE_VM. Such func‐
111 tionality may be added in the future, if required.
112
114 clone(2), fork(2), kcmp(2), setns(2), vfork(2)
115
116 Documentation/unshare.txt in the Linux kernel source tree
117
119 This page is part of release 3.53 of the Linux man-pages project. A
120 description of the project, and information about reporting bugs, can
121 be found at http://www.kernel.org/doc/man-pages/.
122
123
124
125Linux 2013-04-17 UNSHARE(2)