diff options
Diffstat (limited to 'sys-utils/unshare.1')
-rw-r--r-- | sys-utils/unshare.1 | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/sys-utils/unshare.1 b/sys-utils/unshare.1 index 41ea2ecbf..93422625f 100644 --- a/sys-utils/unshare.1 +++ b/sys-utils/unshare.1 @@ -1,17 +1,17 @@ .\" Process this file with .\" groff -man -Tascii lscpu.1 .\" -.TH UNSHARE 1 "July 2013" "util-linux" "User Commands" +.TH UNSHARE 1 "July 2014" "util-linux" "User Commands" .SH NAME unshare \- run program with some namespaces unshared from parent .SH SYNOPSIS .B unshare -.RI [ options ] +[options] .I program .RI [ arguments ] .SH DESCRIPTION Unshares the indicated namespaces from the parent process and then executes -the specified program. The namespaces to be unshared are indicated via +the specified \fIprogram\fR. The namespaces to be unshared are indicated via options. Unshareable namespaces are: .TP .BR "mount namespace" @@ -19,10 +19,10 @@ Mounting and unmounting filesystems will not affect the rest of the system (\fBCLONE_NEWNS\fP flag), except for filesystems which are explicitly marked as shared (with \fBmount --make-shared\fP; see \fI/proc/self/mountinfo\fP for the \fBshared\fP flags). - +.sp It's recommended to use \fBmount --make-rprivate\fP or \fBmount --make-rslave\fP after \fBunshare --mount\fP to make sure that mountpoints in the new namespace -are really unshared from parental namespace. +are really unshared from the parental namespace. .TP .BR "UTS namespace" Setting hostname or domainname will not affect the rest of the system. @@ -75,18 +75,18 @@ Fork the specified \fIprogram\fR as a child process of \fBunshare\fR rather than running it directly. This is useful when creating a new pid namespace. .TP .BR \-\-mount-proc "[=\fImountpoint\fP]" -Just before running the program, mount the proc filesystem at the \fImountpoint\fP +Just before running the program, mount the proc filesystem at \fImountpoint\fP (default is /proc). This is useful when creating a new pid namespace. It also implies creating a new mount namespace since the /proc mount would otherwise -mess up existing programs on the system. The new proc filesystem is explicitly +mess up existing programs on the system. The new proc filesystem is explicitly mounted as private (by MS_PRIVATE|MS_REC). .TP .BR \-r , " \-\-map-root-user" -Run the program only after current effective user and group ID have been mapped to -superuser UID and GID in newly created user namespace. This makes it possible to -conveniently gain capabilities needed to manage various aspects of newly created -namespaces (such as configure interfaces in network namespace or mount filesystems in -mount) even when run unprivileged. As a convenience feature, it does not support +Run the program only after the current effective user and group IDs have been mapped to +the superuser UID and GID in the newly created user namespace. This makes it possible to +conveniently gain capabilities needed to manage various aspects of the newly created +namespaces (such as configuring interfaces in the network namespace or mounting filesystems in +the mount namespace) even when run unprivileged. As a mere convenience feature, it does not support more sophisticated use cases, such as mapping multiple ranges of UIDs and GIDs. .SH SEE ALSO .BR unshare (2), |