unshare(2)

1unshare(2)                    System Calls Manual                   unshare(2)
2
3
4

NAME

6       unshare - disassociate parts of the process execution context
7

LIBRARY

9       Standard C library (libc, -lc)
10

SYNOPSIS

12       #define _GNU_SOURCE
13       #include <sched.h>
14
15       int unshare(int flags);
16

DESCRIPTION

18       unshare() allows a process (or thread) to disassociate parts of its ex‐
19       ecution context that are currently being shared  with  other  processes
20       (or  threads).   Part of the execution context, such as the mount name‐
21       space, is shared implicitly when a new process is created using fork(2)
22       or  vfork(2),  while other parts, such as virtual memory, may be shared
23       by explicit request when creating a process or thread using clone(2).
24
25       The main use of unshare() is to allow a process to control  its  shared
26       execution context without creating a new process.
27
28       The flags argument is a bit mask that specifies which parts of the exe‐
29       cution context should be unshared.  This argument is specified by ORing
30       together zero or more of the following constants:
31
32       CLONE_FILES
33              Reverse  the  effect  of the clone(2) CLONE_FILES flag.  Unshare
34              the file descriptor table, so that the calling process no longer
35              shares its file descriptors with any other process.
36
37       CLONE_FS
38              Reverse  the  effect  of  the  clone(2)  CLONE_FS flag.  Unshare
39              filesystem attributes, so that the  calling  process  no  longer
40              shares   its   root  directory  (chroot(2)),  current  directory
41              (chdir(2)),  or  umask  (umask(2))  attributes  with  any  other
42              process.
43
44       CLONE_NEWCGROUP (since Linux 4.6)
45              This  flag  has  the same effect as the clone(2) CLONE_NEWCGROUP
46              flag.  Unshare the cgroup namespace.  Use of CLONE_NEWCGROUP re‐
47              quires the CAP_SYS_ADMIN capability.
48
49       CLONE_NEWIPC (since Linux 2.6.19)
50              This flag has the same effect as the clone(2) CLONE_NEWIPC flag.
51              Unshare the IPC namespace, so that the  calling  process  has  a
52              private  copy  of the IPC namespace which is not shared with any
53              other  process.   Specifying  this  flag  automatically  implies
54              CLONE_SYSVSEM   as  well.   Use  of  CLONE_NEWIPC  requires  the
55              CAP_SYS_ADMIN capability.
56
57       CLONE_NEWNET (since Linux 2.6.24)
58              This flag has the same effect as the clone(2) CLONE_NEWNET flag.
59              Unshare  the  network  namespace, so that the calling process is
60              moved into a new network namespace which is not shared with  any
61              previously  existing  process.  Use of CLONE_NEWNET requires the
62              CAP_SYS_ADMIN capability.
63
64       CLONE_NEWNS
65              This flag has the same effect as the clone(2) CLONE_NEWNS  flag.
66              Unshare  the  mount namespace, so that the calling process has a
67              private copy of its namespace which is not shared with any other
68              process.  Specifying this flag automatically implies CLONE_FS as
69              well.  Use of CLONE_NEWNS requires the CAP_SYS_ADMIN capability.
70              For further information, see mount_namespaces(7).
71
72       CLONE_NEWPID (since Linux 3.8)
73              This flag has the same effect as the clone(2) CLONE_NEWPID flag.
74              Unshare the PID namespace, so that the calling process has a new
75              PID namespace for its children which is not shared with any pre‐
76              viously existing process.  The calling process is not moved into
77              the  new  namespace.   The  first  child  created by the calling
78              process will have the process ID 1