table of contents
UNSHARE(2) | Linux Programmer's Manual | UNSHARE(2) |
NAME¶
unshare - disassociate parts of the process execution context
SYNOPSIS¶
#include <sched.h> int unshare(int flags);
Feature Test Macro Requirements for glibc (see feature_test_macros(7)):
unshare():
- Since glibc 2.14:
- _GNU_SOURCE
- Before glibc 2.14:
- _BSD_SOURCE || _SVID_SOURCE
/* _GNU_SOURCE also suffices */
DESCRIPTION¶
unshare() allows a process to disassociate parts of its execution context that are currently being shared with other processes. Part of the execution context, such as the mount namespace, is shared implicitly when a new process is created using fork(2) or vfork(2), while other parts, such as virtual memory, may be shared by explicit request when creating a process using clone(2).
The main use of unshare() is to allow a process to control its shared execution context without creating a new process.
The flags argument is a bit mask that specifies which parts of the execution context should be unshared. This argument is specified by ORing together zero or more of the following constants:
- CLONE_FILES
- Reverse the effect of the clone(2) CLONE_FILES flag. Unshare the file descriptor table, so that the calling process no longer shares its file descriptors with any other process.
- CLONE_FS
- Reverse the effect of the clone(2) CLONE_FS flag. Unshare file system attributes, so that the calling process no longer shares its root directory (chroot(2)), current directory (chdir(2)), or umask (umask(2)) attributes with any other process.
- CLONE_NEWIPC (since Linux 2.6.19)
- This flag has the same effect as the clone(2) CLONE_NEWIPC flag. Unshare the System V IPC namespace, so that the calling process has a private copy of the System V IPC namespace which is not shared with any other process. Specifying this flag automatically implies CLONE_SYSVSEM as well. Use of CLONE_NEWIPC requires the CAP_SYS_ADMIN capability.
- CLONE_NEWNET (since Linux 2.6.24)
- This flag has the same effect as the clone(2) CLONE_NEWNET flag. Unshare the network namespace, so that the calling process is moved into a new network namespace which is not shared with any previously existing process. Use of CLONE_NEWNET requires the CAP_SYS_ADMIN capability.
- CLONE_NEWNS
- This flag has the same effect as the clone(2) CLONE_NEWNS flag. Unshare the mount namespace, so that the calling process has a private copy of its namespace which is not shared with any other process. Specifying this flag automatically implies CLONE_FS as well. Use of CLONE_NEWNS requires the CAP_SYS_ADMIN capability.
- CLONE_NEWUTS (since Linux 2.6.19)
- This flag has the same effect as the clone(2) CLONE_NEWUTS flag. Unshare the UTS IPC namespace, so that the calling process has a private copy of the UTS namespace which is not shared with any other process. Use of CLONE_NEWUTS requires the CAP_SYS_ADMIN capability.
- CLONE_SYSVSEM (since Linux 2.6.26)
- This flag reverses the effect of the clone(2) CLONE_SYSVSEM flag. Unshare System V semaphore undo values, so that the calling process has a private copy which is not shared with any other process. Use of CLONE_SYSVSEM requires the CAP_SYS_ADMIN capability.
If flags is specified as zero, then unshare() is a no-op; no changes are made to the calling process's execution context.
RETURN VALUE¶
On success, zero returned. On failure, -1 is returned and errno is set to indicate the error.
ERRORS¶
VERSIONS¶
The unshare() system call was added to Linux in kernel 2.6.16.
CONFORMING TO¶
The unshare() system call is Linux-specific.
NOTES¶
Not all of the process attributes that can be shared when a new process is created using clone(2) can be unshared using unshare(). In particular, as at kernel 3.8, unshare() does not implement flags that reverse the effects of CLONE_SIGHAND, CLONE_THREAD, or CLONE_VM. Such functionality may be added in the future, if required.
SEE ALSO¶
clone(2), fork(2), kcmp(2), setns(2), vfork(2)
Documentation/unshare.txt in the Linux kernel source tree
COLOPHON¶
This page is part of release 3.53 of the Linux man-pages project. A description of the project, and information about reporting bugs, can be found at http://www.kernel.org/doc/man-pages/.
2013-04-17 | Linux |