1UNSHARE(2)                 Linux Programmer's Manual                UNSHARE(2)
2
3
4

NAME

6       unshare - disassociate parts of the process execution context
7

SYNOPSIS

9       #include <sched.h>
10
11       int unshare(int flags);
12
13   Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
14
15       unshare():
16           Since glibc 2.14:
17               _GNU_SOURCE
18           Before glibc 2.14:
19               _BSD_SOURCE || _SVID_SOURCE
20                   /* _GNU_SOURCE also suffices */
21

DESCRIPTION

23       unshare()  allows a process to disassociate parts of its execution con‐
24       text that are currently being shared with other processes.  Part of the
25       execution  context,  such  as the mount namespace, is shared implicitly
26       when a new process is created using fork(2) or  vfork(2),  while  other
27       parts,  such  as virtual memory, may be shared by explicit request when
28       creating a process using clone(2).
29
30       The main use of unshare() is to allow a process to control  its  shared
31       execution context without creating a new process.
32
33       The flags argument is a bit mask that specifies which parts of the exe‐
34       cution context should be unshared.  This argument is specified by ORing
35       together zero or more of the following constants:
36
37       CLONE_FILES
38              Reverse  the  effect  of the clone(2) CLONE_FILES flag.  Unshare
39              the file descriptor table, so that the calling process no longer
40              shares its file descriptors with any other process.
41
42       CLONE_FS
43              Reverse  the effect of the clone(2) CLONE_FS flag.  Unshare file
44              system attributes, so that the calling process no longer  shares
45              its root directory (chroot(2)), current directory (chdir(2)), or
46              umask (umask(2)) attributes with any other process.
47
48       CLONE_NEWIPC (since Linux 2.6.19)
49              This flag has the same effect as the clone(2) CLONE_NEWIPC flag.
50              Unshare  the System V IPC namespace, so that the calling process
51              has a private copy of the System V IPC namespace  which  is  not
52              shared  with  any other process.  Specifying this flag automati‐
53              cally  implies  CLONE_SYSVSEM  as  well.   Use  of  CLONE_NEWIPC
54              requires the CAP_SYS_ADMIN capability.
55
56       CLONE_NEWNET (since Linux 2.6.24)
57              This flag has the same effect as the clone(2) CLONE_NEWNET flag.
58              Unshare the network namespace, so that the  calling  process  is
59              moved  into a new network namespace which is not shared with any
60              previously existing process.  Use of CLONE_NEWNET  requires  the
61              CAP_SYS_ADMIN capability.
62
63       CLONE_NEWNS
64              This  flag has the same effect as the clone(2) CLONE_NEWNS flag.
65              Unshare the mount namespace, so that the calling process  has  a
66              private copy of its namespace which is not shared with any other
67              process.  Specifying this flag automatically implies CLONE_FS as
68              well.  Use of CLONE_NEWNS requires the CAP_SYS_ADMIN capability.
69
70       CLONE_NEWUTS (since Linux 2.6.19)
71              This flag has the same effect as the clone(2) CLONE_NEWUTS flag.
72              Unshare the UTS IPC namespace, so that the calling process has a
73              private  copy  of the UTS namespace which is not shared with any
74              other process.  Use of CLONE_NEWUTS requires  the  CAP_SYS_ADMIN
75              capability.
76
77       CLONE_SYSVSEM (since Linux 2.6.26)
78              This  flag  reverses  the  effect  of the clone(2) CLONE_SYSVSEM
79              flag.  Unshare System V semaphore undo values, so that the call‐
80              ing  process  has  a  private  copy which is not shared with any
81              other process.  Use of CLONE_SYSVSEM requires the  CAP_SYS_ADMIN
82              capability.
83
84       If  flags  is  specified as zero, then unshare() is a no-op; no changes
85       are made to the calling process's execution context.
86

RETURN VALUE

88       On success, zero returned.  On failure, -1 is returned and errno is set
89       to indicate the error.
90

ERRORS

92       EINVAL An invalid bit was specified in flags.
93
94       ENOMEM Cannot allocate sufficient memory to copy parts of caller's con‐
95              text that need to be unshared.
96
97       EPERM  The calling process did not have  the  required  privileges  for
98              this operation.
99

VERSIONS

101       The unshare() system call was added to Linux in kernel 2.6.16.
102

CONFORMING TO

104       The unshare() system call is Linux-specific.
105

NOTES

107       Not all of the process attributes that can be shared when a new process
108       is created using clone(2) can be unshared using unshare().  In particu‐
109       lar,  as at kernel 3.8, unshare() does not implement flags that reverse
110       the effects of CLONE_SIGHAND, CLONE_THREAD, or  CLONE_VM.   Such  func‐
111       tionality may be added in the future, if required.
112

SEE ALSO

114       clone(2), fork(2), kcmp(2), setns(2), vfork(2)
115
116       Documentation/unshare.txt in the Linux kernel source tree
117

COLOPHON

119       This  page  is  part of release 3.53 of the Linux man-pages project.  A
120       description of the project, and information about reporting  bugs,  can
121       be found at http://www.kernel.org/doc/man-pages/.
122
123
124
125Linux                             2013-04-17                        UNSHARE(2)
Impressum