unshare(2)

1UNSHARE(2)                 Linux Programmer's Manual                UNSHARE(2)
2
3
4

NAME

6       unshare - disassociate parts of the process execution context
7

SYNOPSIS

9       #define _GNU_SOURCE
10       #include <sched.h>
11
12       int unshare(int flags);
13

DESCRIPTION

15       unshare()  allows  a  process  (or thread) to disassociate parts of its
16       execution context that are currently being shared with other  processes
17       (or  threads).  Part of the execution context, such as the mount names‐
18       pace, is shared implicitly when a new process is created using  fork(2)
19       or  vfork(2),  while other parts, such as virtual memory, may be shared
20       by explicit request when creating a process or thread using clone(2).
21
22       The main use of unshare() is to allow a process to control  its  shared
23       execution context without creating a new process.
24
25       The flags argument is a bit mask that specifies which parts of the exe‐
26       cution context should be unshared.  This argument is specified by ORing
27       together zero or more of the following constants:
28
29       CLONE_FILES
30              Reverse  the  effect  of the clone(2) CLONE_FILES flag.  Unshare
31              the file descriptor table, so that the calling process no longer
32              shares its file descriptors with any other process.
33
34       CLONE_FS
35              Reverse  the  effect  of  the  clone(2)  CLONE_FS flag.  Unshare
36              filesystem attributes, so that the  calling  process  no  longer
37              shares   its   root  directory  (chroot(2)),  current  directory
38              (chdir(2)),  or  umask  (umask(2))  attributes  with  any  other
39              process.
40
41       CLONE_NEWCGROUP (since Linux 4.6)
42              This  flag  has  the same effect as the clone(2) CLONE_NEWCGROUP
43              flag.  Unshare the cgroup  namespace.   Use  of  CLONE_NEWCGROUP
44              requires the CAP_SYS_ADMIN capability.
45
46       CLONE_NEWIPC (since Linux 2.6.19)
47              This flag has the same effect as the clone(2) CLONE_NEWIPC flag.
48              Unshare the IPC namespace, so that the  calling  process  has  a
49              private  copy  of the IPC namespace which is not shared with any
50              other  process.   Specifying  this  flag  automatically  implies
51              CLONE_SYSVSEM   as  well.   Use  of  CLONE_NEWIPC  requires  the
52              CAP_SYS_ADMIN capability.
53
54       CLONE_NEWNET (since Linux 2.6.24)
55              This flag has the same effect as the clone(2) CLONE_NEWNET flag.
56              Unshare  the  network  namespace, so that the calling process is
57              moved into a new network namespace which is not shared with  any
58              previously  existing  process.  Use of CLONE_NEWNET requires the
59              CAP_SYS_ADMIN capability.
60
61       CLONE_NEWNS
62              This flag has the same effect as the clone(2) CLONE_NEWNS  flag.
63              Unshare  the  mount namespace, so that the calling process has a
64              private copy of its namespace which is not shared with any other
65              process.  Specifying this flag automatically implies CLONE_FS as
66              well.  Use of CLONE_NEWNS requires the CAP_SYS_ADMIN capability.
67              For further information, see mount_namespaces(7).
68
69       CLONE_NEWPID (since Linux 3.8)
70              This flag has the same effect as the clone(2) CLONE_NEWPID flag.
71              Unshare the PID namespace, so that the calling process has a new
72              PID namespace for its children which is not shared with any pre‐
73              viously existing process.  The calling process is not moved into
74              the  new  namespace.   The  first  child  created by the calling
75              process will have the process ID 1 and will assume the  role  of
76              init(1)   in  the  new  namespace.   CLONE_NEWPID  automatically
77