1SEUNSHARE(8) User Commands SEUNSHARE(8)
2
3
4
6 seunshare - Run cmd with alternate homedir, tmpdir and/or SELinux con‐
7 text
8
10 seunshare [ -v ] [ -C ] [ -k ] [ -t tmpdir ] [ -h homedir ] [ -Z con‐
11 text ] -- executable [args]
12
14 Run the executable within the specified context, using custom home di‐
15 rectory and /tmp directory. The seunshare command unshares from the de‐
16 fault namespace, then mounts the specified homedir and tmpdir over the
17 default homedir and /tmp. Finally it tells the kernel to execute the
18 application under the specified SELinux context.
19
20
21 -h homedir
22 Alternate homedir to be used by the application. Homedir must be
23 owned by the user
24
25 -t tmpdir
26 Use alternate temporary directory to mount on /tmp. tmpdir must
27 be owned by the user
28
29 -r runuserdir
30 Use alternate temporary directory to mount on XDG_RUNTIME_DIR
31 (/run/user/$UID). runuserdir must be owned by the user
32
33 -C --capabilities
34 Allow apps executed within the namespace to use capabilities.
35 Default is no capabilities
36
37 -k --kill
38 Kill all processes with matching MCS level
39
40 -Z context
41 Use alternate SELinux context while running the executable
42
43 -v Verbose output
44
45
47 Run bash with temporary /home and /tmp directory
48 # USERHOMEDIR=`mktemp -d /tmp/home.XXXXXX`; USERTEMPDIR=`mktemp -d /tmp/temp.XXXXXX`
49 # seunshare -v -h ${USERHOMEDIR} -t ${USERTEMPDIR} -- /bin/bash
50
51
53 runcon(1), sandbox(8), selinux(8)
54
56 This manual page was written by Dan Walsh <dwalsh@redhat.com> and
57 Thomas Liu <tliu@fedoraproject.org>
58
59
60
61seunshare May 2010 SEUNSHARE(8)