Scroll to navigation

UNSHARE(2) Linux Programmer's Manual UNSHARE(2)

NAME

unshare - disassociate parts of the process execution context

SYNOPSIS

#include <sched.h>

int unshare(int flags);


Feature Test Macro Requirements for glibc (see feature_test_macros(7)):

unshare():

_GNU_SOURCE
_BSD_SOURCE || _SVID_SOURCE
/* _GNU_SOURCE also suffices */

DESCRIPTION

unshare() allows a process to disassociate parts of its execution context that are currently being shared with other processes. Part of the execution context, such as the mount namespace, is shared implicitly when a new process is created using fork(2) or vfork(2), while other parts, such as virtual memory, may be shared by explicit request when creating a process using clone(2).

The main use of unshare() is to allow a process to control its shared execution context without creating a new process.

The flags argument is a bit mask that specifies which parts of the execution context should be unshared. This argument is specified by ORing together zero or more of the following constants:

Reverse the effect of the clone(2) CLONE_FILES flag. Unshare the file descriptor table, so that the calling process no longer shares its file descriptors with any other process.
Reverse the effect of the clone(2) CLONE_FS flag. Unshare file system attributes, so that the calling process no longer shares its root directory (chroot(2)), current directory (chdir(2)), or umask (umask(2)) attributes with any other process.
This flag has the same effect as the clone(2) CLONE_NEWIPC flag. Unshare the System V IPC namespace, so that the calling process has a private copy of the System V IPC namespace which is not shared with any other process. Specifying this flag automatically implies CLONE_SYSVSEM as well. Use of CLONE_NEWIPC requires the CAP_SYS_ADMIN capability.
This flag has the same effect as the clone(2) CLONE_NEWNET flag. Unshare the network namespace, so that the calling process is moved into a new network namespace which is not shared with any previously existing process. Use of CLONE_NEWNET requires the CAP_SYS_ADMIN capability.
This flag has the same effect as the clone(2) CLONE_NEWNS flag. Unshare the mount namespace, so that the calling process has a private copy of its namespace which is not shared with any other process. Specifying this flag automatically implies CLONE_FS as well. Use of CLONE_NEWNS requires the CAP_SYS_ADMIN capability.
This flag has the same effect as the clone(2) CLONE_NEWUTS flag. Unshare the UTS IPC namespace, so that the calling process has a private copy of the UTS namespace which is not shared with any other process. Use of CLONE_NEWUTS requires the CAP_SYS_ADMIN capability.
This flag reverses the effect of the clone(2) CLONE_SYSVSEM flag. Unshare System V semaphore undo values, so that the calling process has a private copy which is not shared with any other process. Use of CLONE_SYSVSEM requires the CAP_SYS_ADMIN capability.

If flags is specified as zero, then unshare() is a no-op; no changes are made to the calling process's execution context.

RETURN VALUE

On success, zero returned. On failure, -1 is returned and errno is set to indicate the error.

ERRORS

An invalid bit was specified in flags.
Cannot allocate sufficient memory to copy parts of caller's context that need to be unshared.
The calling process did not have the required privileges for this operation.

VERSIONS

The unshare() system call was added to Linux in kernel 2.6.16.

CONFORMING TO

The unshare() system call is Linux-specific.

NOTES

Not all of the process attributes that can be shared when a new process is created using clone(2) can be unshared using unshare(). In particular, as at kernel 3.8, unshare() does not implement flags that reverse the effects of CLONE_SIGHAND, CLONE_THREAD, or CLONE_VM. Such functionality may be added in the future, if required.

SEE ALSO

clone(2), fork(2), kcmp(2), setns(2), vfork(2)

Documentation/unshare.txt in the Linux kernel source tree

COLOPHON

This page is part of release 3.53 of the Linux man-pages project. A description of the project, and information about reporting bugs, can be found at http://www.kernel.org/doc/man-pages/.

2013-04-17 Linux