diff options
| author | Karel Zak | 2015-04-09 11:34:02 +0200 |
|---|---|---|
| committer | Karel Zak | 2015-04-14 11:39:15 +0200 |
| commit | 0490a6ca26f6e7bf9eed5521d240661adb302ba2 (patch) | |
| tree | 0788a179e43144219d9226badd190b1a77f6e713 /sys-utils/unshare.1 | |
| parent | lib/sysfs.c: use fcntl(..F_DUPFD_CLOEXEC) instead of dup(2) (diff) | |
| download | kernel-qcow2-util-linux-0490a6ca26f6e7bf9eed5521d240661adb302ba2.tar.gz kernel-qcow2-util-linux-0490a6ca26f6e7bf9eed5521d240661adb302ba2.tar.xz kernel-qcow2-util-linux-0490a6ca26f6e7bf9eed5521d240661adb302ba2.zip | |
unshare: allow persisting namespaces
For nsenter(1) we already support namespace specification by file
(e.g. bind mount to namespace /proc/[pid]/ns/[type] file). For
example:
# nsenter --uts=/some/path
This patch extends unshare(1) to setup the bind mount for specified
namespace, for example
# touch /some/path
# unshare --uts=/some/path hostname FOO
# nsenter --uts=/some/path hostname
FOO
Note that the problem is mount namespace, because create bind mount
to ns/mount file within unshared namespace does not make sense.
Based on patch from Lubomir Rintel <lkundrak@v3.sk>.
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'sys-utils/unshare.1')
| -rw-r--r-- | sys-utils/unshare.1 | 70 |
1 files changed, 51 insertions, 19 deletions
diff --git a/sys-utils/unshare.1 b/sys-utils/unshare.1 index 6fc71f4f7..14755e728 100644 --- a/sys-utils/unshare.1 +++ b/sys-utils/unshare.1 @@ -8,8 +8,17 @@ unshare \- run program with some namespaces unshared from parent .RI [ arguments ] .SH DESCRIPTION Unshares the indicated namespaces from the parent process and then executes -the specified \fIprogram\fR. The namespaces to be unshared are indicated via -options. Unshareable namespaces are: +the specified \fIprogram\fR. +.PP +The namespaces can optionally be persisted by bind mounting /proc/[pid]/ns/[type] files +to a filesystem path and entered with +.BR nsenter (1) +even after \fIprogram\fR terminates. +Once a persistent namespace is no longer needed it can be unpersisted with +.BR umount (8). +See EXAMPLES section for more details. +.PP +The namespaces to be unshared are indicated via options. Unshareable namespaces are: .TP .BR "mount namespace" Mounting and unmounting filesystems will not affect the rest of the system @@ -47,24 +56,29 @@ The process will have a distinct set of UIDs, GIDs and capabilities. See \fBclone\fR(2) for the exact semantics of the flags. .SH OPTIONS .TP -.BR \-i , " \-\-ipc" -Unshare the IPC namespace. +.BR \-i , " \-\-ipc"[=\fIfile\fP] +Unshare the IPC namespace. If \fIfile\fP is specified then persistent namespace is created +by bind mount. .TP -.BR \-m , " \-\-mount" -Unshare the mount namespace. +.BR \-m , " \-\-mount"[=\fIfile\fP] +Unshare the mount namespace. If \fIfile\fP is specified then persistent namespace is created +by bind mount. .TP -.BR \-n , " \-\-net" -Unshare the network namespace. +.BR \-n , " \-\-net"[=\fIfile\fP] +Unshare the network namespace. If \fIfile\fP is specified then persistent namespace is created +by bind mount. .TP -.BR \-p , " \-\-pid" -Unshare the pid namespace. -See also the \fB--fork\fP and \fB--mount-proc\fP options. +.BR \-p , " \-\-pid"[=\fIfile\fP] +Unshare the pid namespace. If \fIfile\fP is specified then persistent namespace is created +by bind mount. See also the \fB--fork\fP and \fB--mount-proc\fP options. .TP -.BR \-u , " \-\-uts" -Unshare the UTS namespace. +.BR \-u , " \-\-uts"[=\fIfile\fP] +Unshare the UTS namespace. If \fIfile\fP is specified then persistent namespace is created +by bind mount. .TP -.BR \-U , " \-\-user" -Unshare the user namespace. +.BR \-U , " \-\-user"[=\fIfile\fP] +Unshare the user namespace. If \fIfile\fP is specified then persistent namespace is created +by bind mount. .TP .BR \-f , " \-\-fork" Fork the specified \fIprogram\fR as a child process of \fBunshare\fR rather than @@ -125,14 +139,32 @@ procfs instance. root .br Establish a user namespace as an unprivileged user with a root user within it. +.TP +.TQ +.B # touch /root/uts-ns +.TQ +.B # unshare --uts=/root/uts-ns hostanme FOO +.TQ +.B # nsenter --uts=/root/uts-ns hostname +.TQ +FOO +.TQ +.B # umount /root/uts-ns +.br +Establish a persistent UTS namespace, modify hostname. The namespace maybe later entered +by nsenter. The namespace is destroyed by umount the bind reference. .SH SEE ALSO .BR unshare (2), .BR clone (2), .BR mount (8) -.SH BUGS -None known so far. -.SH AUTHOR -Mikhail Gusarov <dottedmag@dottedmag.net> +.SH AUTHORS +.UR dottedmag@dottedmag.net +Mikhail Gusarov +.UE +.br +.UR kzak@redhat.com +Karel Zak +.UE .SH AVAILABILITY The unshare command is part of the util-linux package and is available from ftp://ftp.kernel.org/pub/linux/utils/util-linux/. |